EU Data Economy & Digitalization
In response to the era of technological advancement and data-driven societies, the EU has taken an ambitious and proactive step to create a comprehensive regulatory framework that fosters data economy and cybersecurity while preserving and strengthening the core values of the EU. On this page, we provide an overview and more detailed insight into the new Regulations and Directives that are a part of the EU’s Digital Decade Strategy to help you navigate this complex landscape and understand its impact on your business.
European Rules for the Data Economy
The new European rules for the data economy comprising of legislation, known together as the “Big Five” legislative initiative, includes rules for platforms and digital services, use and sharing of personal and non-personal data, and use of artificial intelligence technologies. Below you will find an overview of the scope and main content of each of the Regulations and Directives that are part of these initiatives.
Use and Governance of Data
- The EU has outlined its aim to create a “single market” and identified several issues in the prevailing state of affairs, regarding availability of data, imbalances in market powers, data interoperability and quality, data governance, and individuals’ access to their data.
- As part of EU’s data strategy, the Data Governance Act and Data Act both address these issues by creating a framework for data governance, making more data available, and facilitating data sharing and access across sectors.
A European Approach to Artificial Intelligence
- The legislative initiative of the AI package comprises two notable instruments, the Artificial Intelligence Act (AI Act) and the Artificial Intelligence Liability Directive (AI Liability Directive).
- By establishing new rules for artificial intelligence, both the AI Act and the AI Liability Directive will have a significant impact on AI technology industries across all sectors in and beyond the European continent.
- The initiatives aim to increase trust in AI technologies by addressing their adverse impacts on individuals’ safety, health and fundamental rights whilst safeguarding the continuous global development and growth of successful innovations in the AI market.
Digital Services Package
- The package includes two regulations, the Digital Services Act (DSA) and the Digital Markets Act (DMA).
- By establishing new rules for digital commerce, both DSA and DMA will have a significant impact on the digital platform industry.
- Provides legal certainty and transparency for SMEs and individual users in a rapidly growing digital environment.
- The initiatives aim to safeguard the fundamental rights of individual users of digital services while creating a more competitive environment for innovation and growth both in the European single market and globally.
European Rules for Cybersecurity
With the rise of digitalization, cybersecurity incidents have increased and new cyberthreats have emerged. In response, the EU is working to enhance cybersecurity and resilience within the Union, especially in critical sectors. This effort impacts various entities, systems, and products.
Below you will find an overview of the scope and main content of Regulations and Directives that are part of the EU’s cybersecurity initiative. In addition, Roschier has created a high-level overview of certain recommended preparatory and response measures for cybersecurity incident situations.
Unified EU Approach for Cybersecurity
- EU is strengthening the Union’s cybersecurity preparedness and capabilities to ensure that organizations across Europe are well equipped to detect and respond to cybersecurity threats and incidents.
- As part of the unified EU cybersecurity approach, the EU has adopted the Cybersecurity Act to give permanent mandate to the EU Agency for Cybersecurity and to establish an EU-wide cybersecurity certification framework for ICT products, services, and processes. In addition, the European Commission has adopted a proposal for the Cyber Solidarity Act, a regulation introducing improved mechanisms for preparing and responding to cybersecurity incidents and a European cybersecurity alerting system.
Resilience of Critical and Essential Entities
- The continuation of essential services in the event of emergencies and crises is fundamental for modern societies. Disruptions in such services could have significant, cross-border effects.
- The EU is aiming to develop the resilience of essential services and has introduced two new Directives, the Network and Information Systems (NIS II) Directive and the Critical Entities Resilience (CER) Directive, stipulating resilience, risk assessment, and notification obligations for entities providing essential services.
Cybersecurity Requirements for Products With Digital Elements
- More products with digital elements are placed on the EU market year after year, and the cyber threat landscape for such products is expanding.
- To address the recent development, the EU has proposed a Cyber Resilience Act which would require that products with digital elements made available on the EU market meet specific cybersecurity requirements. The new Act would also require that manufacturers factor cybersecurity into the design and development of their products with digital elements as well as introduce cybersecurity obligations for each stage of a product’s value chain.
Cybersecurity in the Financial Sector
- Financial entities, such as banks and insurance companies, use complex ICT systems for daily operations. At the same time, digitalization and interconnectedness increase the risks associated with these systems, making the financial industry more vulnerable to cybersecurity incidents.
- The Digital Operational Resilience Act (DORA) is a sector-specific Regulation that strives for enhancing digital operational resilience of financial entities by integrating ICT risk management into their operational frameworks and by ensuring their resistance to and recovery from disruptions.
Preparatory and Response Measures for Cybersecurity Incidents
Cybersecurity incidents, such as cyberattacks and security breaches, adversely affect businesses by damaging, disrupting or otherwise negatively impacting network and information systems, the users of such systems, and other persons.
Malicious actors actively find new ways to exploit cyber vulnerabilities, setting a high standard for the cybersecurity preparedness and response capabilities required from businesses to avoid and mitigate the potential adverse effects of cybersecurity incidents.
See below Roschier’s cybersecurity incident guide including a high-level overview of certain recommended preparatory and response measures for cybersecurity incident situations.
