The BCLP Data Privacy & Security team monitors critical legislative measures in the EU aimed at ensuring online safety and market fairness as the digital economy evolves.
As the regulatory landscape for digital services evolves, various legislative measures are being implemented across the European Union, which encompass critical areas such as online safety, market fairness, data governance, and cybersecurity. The BCLP Data Privacy & Security team is meticulously monitoring developments in these areas as they shape the future of business operations within the EU.
The Digital Services Act (DSA) is a key legislative initiative that aims to create a safer online environment while establishing a level playing field for companies. The DSA, which entered into force on 16 November 2022, comes with a range of obligations tailored to different types of online service providers. Providers of information society intermediary services, including social networks, cloud services, and marketplaces, are impacted by this regulation. Notably, “very large online platforms” (VLOPs) and “very large online search engines” (VLOSEs), identified based on their user base, face the most stringent requirements, including obligations to identify and remove illegal content and enhance transparency in online advertising.
Under the DSA, online platforms with a user base exceeding 45 million in the EU must comply with specific obligations by 25 August 2023 if designated as VLOPs or VLOSEs. Enforcement falls primarily to the European Commission, which retains authority to impose significant fines for non-compliance.
In parallel to the DSA, the Digital Markets Act (DMA) seeks to address competitive fairness in the digital sector, targeting platforms referred to as “gatekeepers.” These platforms, which play a crucial role in connecting businesses and consumers, are prohibited from employing unfair practices such as self-preferencing their services. The DMA commenced its application on 2 May 2023, and potential gatekeepers were required to notify their core services to the Commission by 3 July 2023. Following assessment, designated gatekeepers must comply with the DMA’s requirements by 6 March 2024.
Concurrently, the Data Governance Act (DGA) aims to foster the data economy by encouraging public sector data sharing and promoting “data altruism.” Implemented from 24 September 2023, the DGA provides a framework for public sector bodies and data intermediaries while establishing conditions for data reuse.
In a significant move towards unifying data access, the Data Act has been proposed, which aims to clarify who can derive value from data and under what conditions. This regulation targets manufacturers of connected devices, ensuring that users have access to the data generated by these devices, thereby fostering innovation and competitive services in an increasingly data-centric marketplace.
The NIS2 Directive, an evolution of the original NIS Directive, is projected to come into effect on 18 October 2024, widening its scope to cover more industries critical to the economy and society. Under NIS2, businesses operating in certain sectors, such as healthcare, energy, and digital infrastructure, must implement stringent cybersecurity measures.
Complementing these regulations, the Cybersecurity Act (CSA) establishes a European cybersecurity certification framework aimed at ensuring that ICT products, services, and processes meet the necessary security standards. This framework supports the overarching goal of enhancing cybersecurity infrastructure across EU member states.
Finally, in 2024, the Cyber Resilience Act (CRA) is set to introduce new cybersecurity requirements for products with digital elements, mandating manufacturers to ensure that cybersecurity considerations are integrated throughout the product lifecycle.
These initiatives form a comprehensive strategy designed to adapt to the rapid technological advancements and challenges posed by an increasingly digital economy. The BCLP Data Privacy & Security team continues to keep stakeholders informed about these critical developments in EU legislation, allowing businesses to navigate the complex landscape of digital compliance.
Source: Noah Wire Services
- https://www.europarl.europa.eu/RegData/etudes/ATAG/2022/739227/EPRS-AaG-739227-DSA-Application-timeline-FINAL.pdf – Corroborates the entry into force of the Digital Services Act (DSA) on 16 November 2022 and the specific obligations for very large online platforms (VLOPs) and very large online search engines (VLOSEs).
- https://www.europarl.europa.eu/RegData/etudes/ATAG/2022/739227/EPRS-AaG-739227-DSA-Application-timeline-FINAL.pdf – Details the compliance timeline for VLOPs and VLOSEs, including the requirement to comply with specific obligations by summer 2023.
- https://en.wikipedia.org/wiki/Very_Large_Online_Platform – Provides information on the Digital Services Act, including its legislative history, the designation of VLOPs and VLOSEs, and their compliance deadlines.
- https://en.wikipedia.org/wiki/Digital_Markets_Act – Explains the Digital Markets Act (DMA), its application commencement on 2 May 2023, and the requirements for designated gatekeepers.
- https://www.mofo.com/resources/insights/240723-european-digital-compliance-key-digital-regulation – Although primarily about the AI Act, this source contextually supports the broader regulatory landscape in the EU, including the timing and implementation of various digital regulations.
- https://ec.europa.eu/digital-single-market/en/data-act – Details the Data Act, its aim to clarify data access, and its impact on manufacturers of connected devices.
- https://ec.europa.eu/digital-single-market/en/data-governance-act – Explains the Data Governance Act (DGA), its implementation from 24 September 2023, and its framework for public sector data sharing and data altruism.
- https://ec.europa.eu/digital-single-market/en/nis2-directive – Provides information on the NIS2 Directive, its projected effective date of 18 October 2024, and the cybersecurity measures it mandates for critical sectors.
- https://ec.europa.eu/digital-single-market/en/cybersecurity-act – Details the Cybersecurity Act (CSA) and its establishment of a European cybersecurity certification framework.
- https://ec.europa.eu/digital-single-market/en/cyber-resilience-act – Explains the Cyber Resilience Act (CRA), its introduction of new cybersecurity requirements for products with digital elements, and the integration of cybersecurity throughout the product lifecycle.
- https://www.europarl.europa.eu/news/en/press-room/20220705IPR33002/digital-services-act-and-digital-markets-act-final-agreement – Provides a press release from the European Parliament on the final agreement of the DSA and DMA, supporting the legislative timeline and key provisions.
