EU – DGA, Data Act, NISD2, DSA… confused? Our Handbook will help
The EU is currently pushing through a transformational digital regulation package. However, that package is made up of a number of different laws, such as the Data Governance Act, the AI Act, NISD2, the Digital Services Act and ten other related instruments.
Keeping track of all these new laws is a challenge. Our EU Digital Regulation Handbook provides a short, accessible summary of the status of each law, together with an assessment of comparable developments in the UK. The handbook is available here.
The new digital package and the von der Leyen Commission
For many years, the EU’s digital regulatory framework focused on cybersecurity and the protection of personal data. However, this changed with the arrival of the new European Commission under the leadership of Ursula von der Leyen who has unleashed a range of new initiatives focused on:
- Ensuring technology works for the people.
- Enabling a fair and competitive digital economy.
- Achieving an open, democratic and sustainable society.
These objectives have been translated into practice through a broad range of instruments, some of which have already been adopted. Broadly speaking, those laws relate to:
- Creating a data driven economy. Relevant instruments creating a framework for the safe exploitation of data include the Data Governance Act, the Data Act and the Health Data Spaces Regulation.
- Ratcheting up cyber security obligations. In particular, the Network and Information Systems Directive (NISD) will be replaced by NISD2 and the financial sector will face strict new digital operational resilience rules under DORA. Further obligations apply to electronic products under the Cyber Resilience Act.
- Creating fair and contestable digital markets and platforms. This will be achieved through the Digital Markets Act and the Platform Workers Directive.
- Protecting against online harms. The main instrument is the Digital Services Act, which will transform the approach to intermediary liability, but this is flanked by a range of other proposed new laws such as the CSAM Regulation, the Political Advertising Regulation and the European Media Freedom Act.
- Ensuring the safe use of AI. The AI Act will create an entirely new regulatory framework for artificial intelligence and will be supported by the AI Liability Directive.
Our EU Digital Regulation Handbook does not attempt to provide a detailed overview of these new laws.
Instead, it provides a high-level overview summary of what the new laws do, who it applies to, and when it is likely to come into force. The intention is to provide an initial orientation to this exciting new digital landscape.
The UK digital landscape post-Brexit
None of these new laws will apply in the UK post-Brexit. Given the current political environment, the UK is also unlikely to adopt copycat legislation to mirror changes in the EU.
However, the UK is taking a range of measures that replicate some aspect of the EU’s new digital package. For example, the UK is looking to pass the Online Safety Bill which contains content regulation obligations similar to those in the EU Digital Services Act, and wants to pass a Product Security Bill which is similar to the proposed EU Cyber Resilience Act.
In other areas, the UK is taking a markedly different approach, relying on policy initiatives instead of legislation. For example, rather than specifically regulate AI, the UK has issued a pro-innovation AI policy that is intended to help co-ordinate the application of existing regulatory principles to artificial intelligence. Similarly, the UK will not implement new laws similar to the EU Health Data Spaces Regulation but has launched a “Data saves lives” initiative to make better use of health data.
Regardless of any wider efforts by the UK to separate its legal system from that of the EU (including under the Retained EU Law (Revocation and Reform) Bill), the UK is slowing drifting apart simply by standing still.Our EU Digital Regulation Handbook is here.