Digital Regulation and Cybersecurity – Seismic Shifts in Motion

All companies supplying goods and services into, or operating in, the European Union are in the midst of a seismic regulatory shift.

European laws relating to digital regulation and cybersecurity are being overhauled because of the EU’s Digital Reforms Package. This package builds on the EU’s key privacy law, the GDPR; it marks a new phase of digital regulation and cybersecurity laws which focus on data, cyber, content, platforms and artificial intelligence. The new laws aim to drive innovation for companies and increase protections for EU citizens. As with the EU’s flagship legislation, the GDPR, these laws are expected to lead the way in influencing new global standards.

Companies need to be aware that the EU’s Digital Reforms Package is already in motion. Some laws are already in effect and others, such as the AI Act, will require initial compliance in just over 6 months’ time. The new laws (such as the AI Act, NIS2 and the Digital Services Act) will demand management and board direction and oversight, investment in adequate resources, planning and allocation of legal budget, and a multi-disciplinary approach, in order to meet compliance standards. Companies affected by the package are dealing with not just one new law, but multiple laws affecting their processes, procedures, revenue and compliance risks.

Given the multitude of new and evolving laws, businesses will need to work with their legal advisers in taking a first-principles based approach to compliance. Fundamentally, they will need to understand the impact that the EU Digital Reform Package will have on their businesses and then develop a solutions-orientated roadmap. Accordingly, many companies are, and have been, triaging how this package will affect their business and are proactively benchmarking their readiness projects early, learning and leveraging from their experience with the GDPR.

The William Fry Technology Regulation team is enabling businesses to navigate the legal impacts presented by the EU Digital Reforms Package and to help them thrive in the digital era. Utilising proprietary technology built to assist in rapidly reviewing business legal obligations, we guide clients (boards and in-house legal teams) through our three-stage approach to digital reform readiness: using our online tool, clients can triage what laws apply to them and assess the obligations that apply; we then assist in preparing and implementing compliance readiness plans; and finally we help in implementing change, legal processes and compliance.

While the EU’s Digital Reforms Package will require investment, our approach to regulatory compliance is to ensure that companies apply an agile, cost effective and efficient method so as to flourish in the age of digital regulation reforms and cybersecurity.