Digital law in the EU

The European Union is breaking new ground in digital law, setting global standards for technology’s fast-growing role in society and the economy. As digital technology becomes an integral part of our daily lives, the EU is updating its laws and is laying down new rules to ensure that digital innovation aligns with sustainability, security, ethics and inclusivity standards. This article serves as a snapshot of the most recent changes.

The EU’s AI Act is the world’s first attempt to regulate AI on a regional scale, aiming to promote the safety of European citizens and businesses as well as transparency, whilst promoting a human-centered approach. The Act categorizes AI systems into different risk levels, such as unacceptable, high-risk, limited risk and minimal risk. AI systems that are categorized as high risk, for example those used in law enforcement, are facing stringent requirements and will undergo evaluation before being released to the market and the monitoring continues throughout their lifecycle. By protecting fundamental rights, the AI Act reflects the EU’s drive for responsible innovation and provides a blueprint for other regions to follow for the global regulation of AI. 

The DSA and DMA are considered to be game changers for the digital economy. The two Acts constitute a unified set of regulations across the EU with two primary objectives: 

1. To ensure a safer digital environment that safeguards the rights of all digital users 
2. To promote fair competition by fostering innovation, growth and competitiveness within the European Single Market and on a global scale. 

The DSA requires online platforms to moderate content responsibly and enhances transparency between the public users and the platforms, helping users understand how they are targeted and why. The DMA tackles tech giants, or “gatekeepers,” like Google and Amazon, banning them from practices that stifle competition. By promoting fairness and transparency, the EU wants to make the internet a safer place where consumer rights are protected.

DORA that will be applicable as of January 2025 and NIS2 are two pivotal pieces of legislation that aim to strengthen cybersecurity and operational resilience across the EU. DORA, which specifically targets the financial sector, establishes a comprehensive regulatory framework that requires financial entities to ensure they can withstand, respond to, and recover from all types of ICT-related disruptions and threats. By setting these standards, DORA enhances the security and stability of the EU’s financial system in an increasingly digitalized world and constitutes a revolutionary addition to the regulatory landscape. NIS2, on the other hand, expands the EU’s cybersecurity regulations to cover a broad range of sectors such as banking, financial services, energy, health, water and transportation. Both DORA and NIS2 reflect the EU’s commitment in addressing the increasing risks posed by cyberattacks.

The EU’s regulatory updates highlight a vision where technology respects and supports individuals, fosters fair competition, operates transparently, and promotes responsible innovation. The evolution of the General Data Protection Regulation (GDPR) is a key part of this vision. Already a global standard for privacy since its establishment in 2018, the GDPR continues to evolve to tackle new digital challenges. These updates emphasize user control, accountability, privacy-by-design, and secure cross-border and international data transfers. The EU aims to establish agreements that ensure personal data sent outside the EU is handled with the same level of protection as it would receive within its borders. A great example is the EU-Japan cross-border data flows agreement, which lays down the foundation for a common approach between two of the world’s largest digital economies. The agreement aims to promote data privacy in an interconnected world where cross-border data flows are essential to businesses.

By setting clear rules, the EU aims to create a digital space that serves the public good and inspires trust. As the EU leads the way in digital law, it’s clear that responsible innovation is not just possible but essential. From AI to data privacy, these updates inspire a future where technology enhances lives without compromising rights.