POLICY

European Proposals, Regulations and Initiatives 2023

From a distance, the plethora of regulations, directives and supranational organisations in Europe focussed on identity, cybersecurity and privacy often appears confusing. Over the last ten years the European Union (EU) has been driving a digital transformation strategy that will work for people and businesses.

In the context of data alone, there is a bewildering array of inter-related regulatory initiatives starting with the Data Act, but embracing the Data Governance Act, the Digital Services Act, the Digital Marketing Act and the European Health Data Space. In addition, on top of the 2018 eIDAS regulation providing EU-wide electronic identification, authentication and trust services, in 2021 the European Commission (EC) proposed a framework for a European Digital Identity which will be available to all EU citizens, residents and businesses in the EU.

In parallel the EU is adopting a wide range of cybersecurity, trust and privacy-related measures to protect infrastructure, governments, businesses and citizens.

• The revised directive on security of network and information systems (NIS)
• The EU Cybersecurity Act, including the strengthened role of ENISA (the European Union Agency for Cybersecurity) and the introduction of the European Cybersecurity Certification Framework
• The Cyber Resilience Act On horizontal cybersecurity requirements for products with digital elements
• The EU blueprint for coordinated responses to large scale cyber incidents
• The European Cybersecurity industrial, technology and research competence centre (in Bucharest), together with the network of national cybersecurity centres

Last but not least, the General Data Protection Regulation (GDPR) introduced in 2018 has spawned similar regulations in many other jurisdictions worldwide and sits alongside the newer proposed ePrivacy regulation.

During this last period of the current European Commission, TDL will provide a regular update on the progress of the proposals, initiatives and amendments to existing regulations.  The baseline for the scope of regulations can be found here:

• European Proposals, Regulations and Initiatives 2023

The regular updates to the information contained in this document can be found here:

• Update #1 - 16 May 2023

In conjunction with the regular update reports on European legislation and legislative activities, TDL also maintains a library of the accompanying documentation

Resource Library

In conjunction with the regular update reports on European legislation and legislative activities, TDL also maintains a resource  library of some of the relevant accompanying documentation

Proposals

• AI Act
• Cryptocurrencies
• Cyber Resilience Act (CRA)
• Data Act
• Data Governance Act
• Data Protection Law Enforcement Directive
• eIDAS 2.0
• e-Privacy
• EU Interoperability Framework
• Open Finance Framework

Regulations

• Digital Operational Resilience for Financial Sector (DORA)
• Digital Markets Act (DMA)
• Digital Services Act (DSA)
• General Data Protection Regulation (GDPR)
• NIS Directive (Review)

Initiatives

• European Health Data Space
• Virtual Worlds (Metaverse)

Other Mechanisms

• Enhanced EU-US Privacy Shield