The EU's “Digital Decade” is the European Union's central strategy for making Europe digitally competitive by 2030 and driving forward the digital transformation in a targeted manner. It focuses on four key areas: promoting digital skills and skilled workers, expanding secure and sustainable digital infrastructures, supporting the digital transformation in companies and digitizing the public sector.
In order to achieve these ambitious goals, the EU has adopted a series of far-reaching legislative initiatives. We have set up a landing page for the “Digital Decade” on our website, where you can find an overview of the individual legislative initiatives and we provide regular updates on their practical impact. The following overview article summarizes the current status of the most important initiatives.
Data Act
What is it about?
The Data Act (DA) regulates access to and the use of data generated when using networked products and associated services. The aim is to ensure fair access to usage data, break up data monopolies and promote innovation in the internal market. The regulation particularly affects manufacturers of connected devices, providers of digital services and users of these products. Other aims of the Data Act are to simplify the switching of cloud services and improve the interoperability of data.
What is the current status and what is next on the agenda?
- The regulation came into force on January 11, 2024 and will be fully applicable from September 12, 2025.
Sector-specific implementation guidelines (by the Commission or standardization organizations) are currently being developed.
Data Governance Act
What is it about?
The Data Governance Act (DGA) regulates access to and use of personal and non-personal public sector data. In addition, the DGA contains regulations on the activities of data sharing services (so-called “data intermediaries”) and provisions to promote “data altruism”, i.e. the voluntary sharing of data by third parties.
What is the current status and what is next on the agenda?
The regulation came into force on January 11, 2024 and will be fully applicable from September 12, 2025
Regulation on Artificial Intelligence
What is it about?
The Artificial Intelligence Regulation (AI Act) is intended to create comprehensive rules for artificial intelligence systems in Europe. The use of certain AI systems will be completely banned, while others may be used subject to strict compliance requirements and safety measures (high-risk AI systems). The AI Act establishes transparency and information obligations for certain low-risk AI systems. Through ethical and technical standards, the AI Act is intended to create a legal basis for the responsible use of AI in the EU.
What is the current status and what is next on the agenda?
- The regulation came into force on August 1, 2024 and will be fully applicable from August 2, 2026. Certain parts will already be applicable before this date:
- The regulations on prohibited practices (prohibited AI systems) provided for in the AI Act and the AI competence requirements for providers and operators of AI systems will already apply from February 2, 2025.
- The regulations on general purpose AI models (GPAI) will apply from August 2, 2025.
- Various guidelines are to be issued by the Commission, in particular on the implementation and interpretation of the regulation. The guidelines on prohibited practices (Art. 5 AI Act) and the guideline on the definition of an AI system pursuant to Art. 3(1) AI Act have already been available since February 2, 2025.
Accessibility Strengthening Act
What is it about?
The Barrierefreiheitsstärkungsgesetz (BFSG) brings far-reaching changes for the accessibility of products and services. It obliges a large number of economic actors, including manufacturers, importers, retailers and service providers, to meet specific accessibility requirements. The regulations on e-commerce services in particular will affect numerous website and online store operators.
What is the current status and what is next on the agenda?
The BFSG comes into force on June 28, 2025 and is fully applicable from this date.
Digital Services Act
What is it about?
The Digital Services Act (DSA) modernizes the foundations of the E-Commerce Directive, which was issued in 2000, and creates new rules for the Internet, which particularly affect online platforms. The aim is to promote greater transparency, security and European values on the Internet.
What is the current status and what is next on the agenda?
The Digital Services Act came into force on November 16, 2022 and has been fully applicable since February 17, 2024
Markets in Crypto-Assets Regulation
What is it about?
The Markets in Crypto-Assets Regulation (MiCAR) is intended to create a uniform and harmonized regulatory framework for crypto-assets in the European Union. The aim is to make the market for crypto-assets more transparent, secure and efficient. The regulation includes rules for value-referenced tokens, e-money tokens and utility tokens.
What is the current status and what is next on the agenda?
The regulation was adopted in April 2023 and came into force in June 2023. All parts of the regulation have been fully applicable since December 30, 2024.
Digital Operations Resilience Act
What is it about?
The Digital Operations Resilience Act (DORA) places comprehensive requirements on IT security in the financial sector. The aim is to strengthen the digital resilience of the affected companies and thus increase the overall security of the financial sector.
What is the current status and what is next on the agenda?
The DORA came into force on January 17, 2023 and has been fully applicable since January 17, 2025
NIS 2 Directive
What is it about?
The second EU Network and Information Security Directive (NIS-2 Directive) provides for comprehensive cybersecurity requirements for companies in various sectors such as energy, transport, health and digital infrastructure.
SKW Schwarz's NIS 2 tool allows companies to check the extent to which they are affected by the directive.
What is the current status and what is next on the agenda?
- The directive has been in force since the beginning of 2023. The transposition deadline expired on October 17, 2024. The government bill passed last year (NIS2 Implementation and Cybersecurity Strengthening Act) must be passed again by the new government and submitted to the Bundestag (“discontinuity principle”).
The law is currently not expected to be passed again until summer 2025 at the earliest. It can also be assumed that changes will be made to the previous draft bill.
Cyber Resilience Act
What is it about?
The Cyber Resilience Act (CRA) contains requirements for the cyber security of products with digital elements. These include networked hardware and software products as well as essential remote data processing solutions. The requirements of the CRA affect product manufacturers in particular, while importers and retailers must fulfill certain control obligations.
What is the current status and what is next on the agenda?
- The CRA came into force on December 10, 2024. From June 11, 2026, conformity assessment bodies will be able to verify compliance with the safety requirements.
- From September 11, 2026, manufacturers must report actively exploited vulnerabilities of affected products From December 11, 2027, the CRA will be fully applicable.
---
We are familiar with the legal issues, risks and opportunities associated with the new EU legislative initiatives. Please contact us if we can support you with the implementation.