A view from Brussels: A European view from IAPP Global Summit 2026

There is something special about being a European at the IAPP Global Summit in Washington, D.C. This year's conference was perfectly timed for cherry blossom lovers and there is nothing like a stroll down around the Washington Monument and across the National Mall in the early evening to process two full days of inspirational keynotes, insightful panels and hallway discussions with old friends and new acquaintances. 

During the two days, attendees heard reassuring messages from both EU and U.S. officials about the robustness of the EU-U.S. Data Privacy Framework architecture. Two complaints from European citizens are currently moving through redress mechanisms; one is being processed and the other is still under review. According to officials on both sides of the agreement, this shows the redress mechanism is functioning as intended.  

Attendees also heard about digital rules and EU General Data Protection Regulation simplification plans. In contrast, or perhaps as a staggering illustration of the complexity Brussels is precisely attempting to solve, one panel dove into the cybersecurity law framework spanning the NIS2 Directive, the Cyber Resilience Act, the Critical Entities Resilience Directive and the Digital Operational Resilience Act. Several instruments still await national implementation laws and organizations are left guessing to some extent. 

The panelists' advice could apply beyond these cybersecurity instruments as it feels like we are experiencing constant change: determine, update, manage obligations, maintain — the virtuous cycle of compliance and governance. 

And then NOYB's honorary chairman Max Schrems said the following during a fireside chat with IAPP Editorial Director Jedidiah Bracy: "Laws are not made for when we all get along, and everything works. Laws are made for when things go bad."

I agree in part with Schrems' statement. Laws are essential when things go bad. They are an integral component of a legal system and are foundational to its legitimacy. They enable redress, enforcement, sanctions and mitigation when needed. They anchor the ability to make things right when something defaults. 

But the statement came across as a restrictive way to view regulation, ignoring the essential positive value it bears: indicating what good looks like; ensuring a society, group of businesses or people operate on a commonly defined field, by the same rules; and building confidence in a collective system. The value of law also rests in its mission to be a compass, a guide to the north pole of good behavior, progress and accountability.