EU Digital Decade

Subscribe to EU Digital Decade via RSS

Navigating Simplification Without Sacrificing Safeguards: Key Takeaways

As the EU begins the complex task of making the European Artificial Intelligence Act[1] (the “AI Act”) workable in real life, the European Commission’s Proposal for a Regulation amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules

Continue Reading EU: EDPB and EDPS publish joint opinion on the European Commission’s Proposal for the Digital Omnibus on AI

On 20 January 2026, the European Commission proposed a new cybersecurity package, aimed at strengthening the EU’s cybersecurity resilience and capabilities. The package includes a revised Cybersecurity Act (“CSA“) and targeted amendments to the NIS2 Directive (see our blog post for further information on the amendments to the NIS2 Directive). The revised

Continue Reading EU Commission looks to strengthen EU Cybersecurity Resilience and Capabilities

The NIS2 Directive continues to evolve – and organisations must keep pace. On 20 January 2026, the Commission unveiled a set of targeted amendments to the NIS2 Directive (“the Proposal“), signalling the next phase of its push to modernise and streamline the EU’s cybersecurity legal framework.

Positioned within a broader legislative package, also

Continue Reading EU: NIS2 Update – EU Moves to Harmonise Cyber Controls, Refine Scope, and Add New In-Scope Entities

Over the last decade, the EU has launched an unprecedented constellation of laws: GDPR, the AI Act, the Data Act, NIS2, the Cyber Resilience Act, DORA, DSA, DMA, eIDAS 2.0 and more. Together – under the ‘Digital Decade’ banner – they aim to form a powerful framework to protect fundamental rights, promote trustworthy technology and

Continue Reading EU: Digital Autofocus – Will Europe’s Digital Omnibus bring clarity to Regulation? 

On June 26, 2025, the European Union Agency for Cybersecurity (ENISA) published two sets of guidelines to help businesses ensure their organizational compliance with the NIS2 Directive.

The aim of the guidelines is to support companies in understanding how legal requirements translate into operational activities, particularly regarding (i) roles and skills for professionals within essential

Continue Reading EU: ENISA Guidelines on Compliance with NIS 2 Directive Published

The NIS2 Directive has significantly reshaped the cybersecurity landscape across the EU. Since the implementation deadline in October 2024, EU Member States have been working to incorporate new standards into their national laws, fostering a dynamic and rapidly evolving regulatory environment. Recently, Ireland’s National Cyber Security Centre (NCSC) published the draft NIS2 Risk Management Measures

Continue Reading Ireland: NIS2 revamps Ireland’s cybersecurity landscape: Old regulators, new powers

The Spanish Data Protection Authority (“AEPD“) has published its 2024 annual report, which includes the AEPD’s awareness-raising activities; the collaboration and inspection activities of the Spanish authorities; relevant reports and procedures published during 2024; and an analysis of regulatory trends and key privacy challenges for the coming months. The annual report’s key elements

Continue Reading Spain: Spanish Data Protection Authority Publishes Annual Report