TDL's objective is to formulate a strategy in the area of European policy and legislation for the coming year and, where possible, beyond.

Given that the next Commission will be established in late 2024, TDL is focussed on both addressing the regulations and directives coming to maturity in 2023/24 as well as considering what should be on the European strategic agenda for the subsequent two-three years, not least in the shaping of the Horizon Europe programme for 2025-27.

To that end, TDL organises a series of roundtables / workshops to bring together subject matter experts, policy makers and other stakeholders - more information can be found here.

In support of the above objectives, TDL provides a regular update report on the progress of EU legislation and consultations, primarily but not exclusively in the areas of identity, data, privacy and security, as well as access to a resource library containing original documents.

European Proposals,Regulations and Initiatives 2023

From a distance, the plethora of regulations, directives and supranational organisations in Europe focussed on identity, cybersecurity and privacy often appears confusing. Over the last ten years the EU has been driving a digital transformation strategy that will work for people and businesses.

In the context of data alone, there is a bewildering array of inter-related regulatory initiatives starting with the Data Act, but embracing the Data Governance Act, the Digital Services Act, the Digital Marketing Act and the European Health Data Space.

In addition, on top of the 2018 eIDAS regulations providing EU wide electronic identification, authentication and trust services, in 2021 the European Commission proposed a framework for a European Digital Identity which will be available to all EU citizens, residents and businesses in the EU.

In parallel the EU is adopting a wide range of cybersecurity, trust and privacy-related measures to protect infrastructure, governments, businesses and citizens.

  • The revised directive on security of network and information systems (NIS 2.0)
  • The EU Cybersecurity Act, including the strengthened role of ENISA (the European Union Agency for Cybersecurity) and the introduction of the European Cybersecurity Certification Framework
  • The Cyber Resilience Act (CRA) on horizontal cybersecurity requirements for products with digital elements
  • The EU blueprint for coordinated responses to large scale cyber incidents
  • The European Cybersecurity Competence Centre (ECCC) in Bucharest, together with the network of national (cybersecurity) competence centres (NCCs)


Last but not least, the General Data Protection Regulation (GDPR) introduced in 2018 has spawned similar regulations in many other jurisdictions worldwide and sits alongside the newer proposed ePrivacy regulation.

During this last period of the current European Commission, TDL will provide a regular update on the progress of the proposals, initiatives and amendments to existing regulations.  The baseline for the scope of regulations can be found here:

The regular updates to the information contained in this document can be found here:

In conjunction with the regular update reports on European legislation and legislative activities, TDL also maintains a library of the accompanying documentation