EU Digital Regulation

Key Takeaways:

• Applies to financial institutions in the EU (e.g. banks, insurance undertakings) and their third-party ICT service providers
• Strict regulations for IT risk management
• Reporting obligations for IT incidents

Legal texts:

• Legal act: Regulation - 2022/2554 - EN - DORA - EUR-Lex
• Consolidated text: EUR-Lex - 02022R2554-20221227 - EN - EUR-Lex (German version)

Key Takeaways:

• Applies to products with digital elements (hardware/software, components) that can connect to devices or networks.
• Security requirements for the entire product lifecycle
• Risk-based categories: critical, important, non-critical
• Obligations for manufacturers, importers and distributors
• Reporting obligations similar to GDPR in the event of incidents
• Enforcement by national market surveillance authorities, including through severe fines

Legal texts:

• Legal act: Regulation - 2024/2847 - EN - EUR-Lex
• Consolidated text: EUR-Lex - 02024R2847-20241120 - EN - EUR-Lex

Article:

• The Cyber Resilience Act: What You Should Know Now | ADVANT Beiten

Key Takeaways:

• Requirements for cyber risk management, reporting obligations and supply chain security
• Expansion to more sectors, such as energy, transport, health, administration and digital services
• Inclusion of small, critical companies

Legal texts:

• Legal act: Directive - 2022/2555 - EN - EUR-Lex
• Consolidated text: EUR-Lex - 02022L2555-20221227 - EN - EUR-Lex

Key Takeaways:

• Applies to connected products, related services and cloud computing
• Obligations and restrictions for data controllers for non-personal data
• Regulation of cloud services

Legal text:

• Legal act: Regulation - EU - 2023/2854 - EN - EUR-Lex

Articles:

• EU Data Act: Action required for Connected Products, Related Services and Cloud Computing | ADVANT Beiten
• Cloud, SaaS and edge business models under fire | ADVANT Beiten

Key Takeaways:

• Promoting the reuse of public/protected data
• Relevant for data intermediation service, data altruistic organisations and public bodies

Legal texts:

• Legal act: Regulation - 2022/868 - EN - EUR-Lex
• Consolidated text: EUR-Lex - 02022R0868-20220603 - EN - EUR-Lex (German version)

Key Takeaways:

• Protection of natural persons with regard to the processing of personal data
• Monitoring and enforcement by data protection supervisory authorities, including severe fines

Legal texts:

• Legal act: Regulation - 2016/679 - EN - gdpr - EUR-Lex
• Consolidated text: EUR-Lex - 02016R0679-20160504 - EN - EUR-Lex

Article:

• Privacy Ticker January 2025

Key Takeaways:

• Applies to AI systems in the EU, regardless of the country of origin
• Categorisation as "minimal", "limited", "high" risk and "prohibited"
• Implementation by national authorities, coordinated by the EU AI Office

Legal text:

• Legal act: Regulation - EU - 2024/1689 - EN - EUR-Lex

Articles:

• Artificial intelligence: what is more important than the AI Act? | ADVANT Beiten
• The AI Act - The Agreement and What It Means | ADVANT Beiten
• Update AI Act - the ten most important questions for users of AI systems | ADVANT Beiten

Key Takeaways:

• Applies to almost all (consumer) products, including used and reconditioned products
• Extensive obligations for manufacturers, authorised representatives, importers, distributors, fulfilment service providers and online marketplaces
• New labelling, information and safety requirements
• Introduction of an EU rapid alert system

Legal texts:

• Legal act: Regulation - 2023/988 - EN - EUR-Lex
• Consolidated text: EUR-Lex - 02023R0988-20230523 - EN - EUR-Lex (German version)

Key Takeaways:

• Regulates intermediary services in the EU, especially hosting and online platforms
• Due diligence obligations vary depending on the type of the service
• Monitoring and enforcement by the EU Commission and member states, including through severe fines

Legal texts:

• Legal act: Regulation - 2022/2065 - EN - DSA - EUR-Lex
• Consolidated text: EUR-Lex - 02022R2065-20221027 - EN - EUR-Lex (German version)

Key Takeaways:

• Regulates digital gatekeeper platforms in the European Union
• Obligations and prohibitions to prevent abusive practices
• Criteria to be considered as gatekeeper: Turnover, number of users, market power
• Rules on data access, interoperability and restrictions on preferential treatment
• Enforcement by the EU Commission with severe fines

Legal texts:

• Legal act: Regulation - 2022/1925 - EN - EUR-Lex
• Consolidated text: EUR-Lex - 02022R1925-20221012 - EN - EUR-Lex

Key Takeaways:

• Regulates the relationship between online platforms and business users
• Clear terms of use and transparency in rankings
• Internal complaint procedures and out-of-court dispute resolution
• No direct intervention in prices or business models

Legal text:

• Legal act: Regulation - 2019/1150 - EN - p2b regulation - EUR-Lex

Key Takeaways:

• Applies to almost all (consumer) products, including used and reconditioned products
• Extensive obligations for manufacturers, authorised representatives, importers, distributors and fulfilment service providers and online marketplaces
• New labelling, information and safety requirements
• Introduction of an EU rapid alert system

Legal texts:

• Legal act: Regulation - 2019/1150 - EN - p2b regulation - EUR-Lex
• Consolidated text:  EUR-Lex - 02023R0988-20230523 - EN - EUR-Lex (German Version)

Key Takeaways:

• Applies to almost all products
• Specifications for durability, reparability and recyclability
• Digital product passport and information obligations
• Restrictions on the destruction of unsold products

Legal text:

• Legal act: Regulation - EU - 2024/1781 - EN - EUR-Lex

Key Takeaways:

• Product term includes software, AI and related services
• Exception for non-commercial open source software
• Defects include non-compliance with cyber security requirements
• Liability also for fulfilment service providers and authorised representatives
• No cap on liability
• New presumptions in favour of the injured party in case of litigation

Legal text:

• Legal act: Directive - 2024/2853 - EN - EUR-Lex

Key Takeaways:

• Obligation to offer repairs beyond the warranty period
• Manufacturers must offer repairs promptly and inexpensively
• Obligation to provide spare parts and information to third parties

Legal text:

• Legal act: Directive - EU - 2024/1799 - EN - EUR-Lex

Key Takeaways:

• Accessibility for products (e.g. personal computers, smartphones) and services (e-commerce, financial services, transport)
• Obligations for manufacturers, importers and service providers: Accessibility, conformity assessment, accessible information
• Monitoring, technical standards and sanctions by the EU and member states

Legal text:

• Legal act: Directive - 2019/882 - EN - EUR-Lex

Key Takeaways:

• Further information obligations, including on social and ecological aspects
• Prohibition of certain commercial statements with ecologic claims

Legal text:

• Legal act: Directive - EU - 2024/825 - EN - EUR-Lex

Key Takeaways:

• Introduction of collective redress measures
• Qualified consumer organisations are entitled to litigate in the case of several similar claims
• Limitation of applicable court or administrative fees
• Consumers can join the proceedings up to three weeks after the hearing

Legal texts:

• Legal act: Directive - 2020/1828 - EN - EUR-Lex
• Consolidated text: EUR-Lex - 02020L1828-20241213 - EN - EUR-Lex

Key Takeaways:

• Strengthening EU consumer law
• Consumer rights now also apply to free contracts where consumers "pay with personal data"
• Stricter transparency on advertising discounts and user ratings
• Severe fines for non-compliance with EU consumer law

Legal text:

• Legal act: Directive - 2019/2161 - EN - omnibus directive - EUR-Lex

Key Takeaways:

• Update to statutory warranty rights for consumers, new rules for digital products
• Statutory warranty rights for digital products now also apply to free contracts where consumers "pay with personal data"

Legal texts on the sale of goods:

• Legal act: Directive - 2019/771 - EN - EUR-Lex
• Consolidated text: EUR-Lex - 02019L0771-20190522 - EN - EUR-Lex (German version)

Legal texts Digital Content Directive:

• Legal act: Directive - 2019/770 - EN - EUR-Lex
• Consolidated text: EUR-Lex - 02019L0770-20190522 - EN - EUR-Lex (German version)