European Strategy for Data – Overview of New Regulations
This is a multipart series intended to provide an overview of new EU legislation adopted since May 2022 under the EU's Strategy for Data.
Published: 25 July 2022
Last updated: 5 Dec. 2024
This is a multipart series intended to provide privacy professionals with an overview of new EU legislation adopted since May 2022 under the European Union’s Strategy for Data. Each brief will depict a legislation’s objective, material and territorial scope, main requirements, enforcement, and oversight structure.
European Strategy for Data: 101 Charts
AI Act
The AI Act lays down a comprehensive legal framework for the development, marketing and use of AI in the EU in conformity with EU values. It promotes the uptake of human-centric and trustworthy AI while ensuring a high level of protection of health, safety and fundamental rights, including democracy, the rule of law and environmental protections.
Click to View
Cyber Resilience Act
The Cyber Resilience Act establishes uniform cybersecurity requirements for products with digital elements across the EU. It seeks to enhance the internal market's functioning and ensure a high level of cybersecurity through secure products by harmonizing requirements and complementing the NIS2 cybersecurity framework.
Click to View
Data Act
The Data Act creates new rules on who can access and use data generated in the EU across all economic sectors. It aims to ensure fairness in the allocation of value from data, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible to all users.
Click to View
Data Governance Act
The DGA seeks to foster public sector information reuse; to create a supervisory framework for the provision of data sharing services; and to establish a framework for voluntary registration of entities which collect and process data made available for altruistic purposes.
Click to View
Digital Markets Act
The DMA creates new obligations for big technology platforms acting as “gatekeepers providing core platform services” to create a fairer environment for business users that rely on gatekeepers, and to ensure consumers have access to better services and can easily switch providers.
Click to View
Digital Services Act
The DSA aims to harmonize conditions for the provision of intermediary services and increases transparency requirements for online intermediaries.
Click to View
NIS2 Directive
This chart explores the NIS2 Directive on measures for a high common level of cybersecurity across the EU, which further improves the resilience and incident response capacities of the public and private sectors, and the EU as a whole.
Click to View
Product Liability Directive
The EU Product Liability Directive reform sets rules that govern compensation for damage suffered due to a product defect by establishing a strict liability regime.
Click to View
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Contributors:
Anokhy Desai
Privacy Counsel
CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP
Ana Bruder
Partner, Mayer Brown LLP
Andrew Folks
Privacy & Data Attorney, Frankfurt, Kurnit, Klein & Selz
CIPP/E, CIPP/US, CIPM, FIP
Isabelle Roccia
Managing Director, Europe, IAPP
CIPP/E
Samuel Adams
Staff Attorney, Bradley Arant Boult Cummings
Laura Pliauškaitė
European Operations Coordinator, IAPP
Joe Jones
Research and Insights Director, IAPP
Cheryl Saniuk-Heinig
Former research and insights analyst, IAPP
CIPP/E, CIPP/US
Tags:
European Strategy for Data – Overview of New Regulations
This is a multipart series intended to provide an overview of new EU legislation adopted since May 2022 under the EU's Strategy for Data.
Published: 25 July 2022
Last updated: 5 Dec. 2024
Contributors:
Anokhy Desai
Privacy Counsel
CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP
Ana Bruder
Partner, Mayer Brown LLP
Andrew Folks
Privacy & Data Attorney, Frankfurt, Kurnit, Klein & Selz
CIPP/E, CIPP/US, CIPM, FIP
Isabelle Roccia
Managing Director, Europe, IAPP
CIPP/E
Samuel Adams
Staff Attorney, Bradley Arant Boult Cummings
Laura Pliauškaitė
European Operations Coordinator, IAPP
Joe Jones
Research and Insights Director, IAPP
Cheryl Saniuk-Heinig
Former research and insights analyst, IAPP
CIPP/E, CIPP/US
This is a multipart series intended to provide privacy professionals with an overview of new EU legislation adopted since May 2022 under the European Union’s Strategy for Data. Each brief will depict a legislation’s objective, material and territorial scope, main requirements, enforcement, and oversight structure.
European Strategy for Data: 101 Charts
AI Act
The AI Act lays down a comprehensive legal framework for the development, marketing and use of AI in the EU in conformity with EU values. It promotes the uptake of human-centric and trustworthy AI while ensuring a high level of protection of health, safety and fundamental rights, including democracy, the rule of law and environmental protections.
Click to View
Cyber Resilience Act
The Cyber Resilience Act establishes uniform cybersecurity requirements for products with digital elements across the EU. It seeks to enhance the internal market's functioning and ensure a high level of cybersecurity through secure products by harmonizing requirements and complementing the NIS2 cybersecurity framework.
Click to View
Data Act
The Data Act creates new rules on who can access and use data generated in the EU across all economic sectors. It aims to ensure fairness in the allocation of value from data, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible to all users.
Click to View
Data Governance Act
The DGA seeks to foster public sector information reuse; to create a supervisory framework for the provision of data sharing services; and to establish a framework for voluntary registration of entities which collect and process data made available for altruistic purposes.
Click to View
Digital Markets Act
The DMA creates new obligations for big technology platforms acting as “gatekeepers providing core platform services” to create a fairer environment for business users that rely on gatekeepers, and to ensure consumers have access to better services and can easily switch providers.
Click to View
Digital Services Act
The DSA aims to harmonize conditions for the provision of intermediary services and increases transparency requirements for online intermediaries.
Click to View
NIS2 Directive
This chart explores the NIS2 Directive on measures for a high common level of cybersecurity across the EU, which further improves the resilience and incident response capacities of the public and private sectors, and the EU as a whole.
Click to View
Product Liability Directive
The EU Product Liability Directive reform sets rules that govern compensation for damage suffered due to a product defect by establishing a strict liability regime.
Click to View
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Tags:
Related resources
Global AI Governance Law and Policy: Jurisdiction Overviews
US State Privacy Legislation Tracker
Organizational Digital Governance Report 2025
US State Comprehensive Privacy Laws Report
