The EU is working hard on a package of laws all focused on the market for technology or technology itself. Some of this is already nearing completion and some is still being negotiated. In this article, we give an overview of some of the laws that are currently being drafted or are almost ready.

Artificial Intelligence Act (AIA)

The AIA is aimed at regulating AI systems that pose a particular risk. The AIA is most focused on a specific technology. For more information on the AIA, check out our overview page.

Data Act

The Data Act is aimed at making the data generated by devices more accessible so that users can work with it themselves and new services can be built based on this data. For more information, read our article on the Data Act.

Data Governance Act (DGA)

The DGA aims to improve trust when parties share data with each other and aims to encourage data sharing across industries and states. To this end, the DGA contains rules aimed at improving data availability and solving technical obstacles.

Digital Markets Act (DMA)

The DMA targets online platforms that are so large that they play the role of a gatekeeper. If a company is classified as a gatekeeper, then that company must give certain capabilities to third parties and users, such as giving access to the data that commercial users generate on the platform. There are also some things that a gatekeeper may not do, such as treat their own services better than those offered by third parties on the platform.

Digital Services Act (DSA)

The DSA has a number of goals. The act is to provide better protection for citizens online. It should give digital service providers greater clarity and make it easier to establish themselves in the EU. For commercial users of digital services, the DSA should allow more choice of platforms and better access to the entire EU market.

Cyber Resilience Act (CRA)

The CRA aims to protect consumers from unsafe products through standard digital security rules that producers and sellers of digital products and services must comply with. The CRA is intended to be complementary to the Cybersecurity Act and the 2016 NIS Directive.

NIS2 Directive

The NIS2 Directive represents an expansion of its predecessor, the NIS Directive. This expansion adds new sectors to the scope of the Directive based on their critical role in the economy and society. A minimum size is added to determine the companies to which the Directive applies. Security requirements are increased for those businesses to which the directive applies, and reliability of suppliers and logistics chains are now included.


These seven laws are now in the EU legislative process and the European Commission wants to make sure they are all in force by 2024.

  • Created 18-07-2023
  • Last Edited 18-07-2023
  • Subject Legislation
More questions?

If you were not able to find an answer to your question, contact us via our member-only helpdesk or our contact page.

Recent Articles