EU Digital and Data Legislation Tracker
Below you’ll find the overview of the most important EU laws that regulate the digital realm. Such as the AI Act, Cybersecurity Act and Data Act. A handy legislation tracker for each modern-day legal data & AI professional.
We have more laws in scope, so stay tuned for updates!
PS: spotted an error? Please let Joost know via LinkedIn‘s private message system. Thanks!
EU Digital and Data Legislation Tracker (Updated)
Last update: 3 October 2024
Powered by
Abbreviation | Title | Stage | Type | Object(s) | Addressees | Entry into force | Application/transposition |
---|---|---|---|---|---|---|---|
AI Act | Artificial Intelligence Act |
1 Published |
Product | AI systems, General-Purpose AI models, General-Purpose AI systems, | Providers, downstream providers, deployers, importers, distributors, affected persons | 2024-8-1 | 2024-8-2 |
EHDSR | European Health Data Space Regulation |
2 Adopted |
Data | Personal data, data, health data | Patients, data holders | 0Unknown | 0Unknown |
AILD | AI Liability Directive |
6 Commission proposal |
Product, liability | AI systems | Providers, users, claimants, defendants | 0Unknown | 0Unknown |
PWD | Platform Work Directive |
2 Adopted |
Data | Platform workers’ data | Platforms, platform workers | 0Unknown | 0Unknown |
Combating Gender-Based Violence Directive | Directive on Combating Violence Against Women and Domestic Violence |
1 Published |
Anti-cyber violence | Online cybercrimes, cyber stalking, cyber harassment, deepfakes, non-consensual sharing of materials | Member States, victims | 2024-6-13 | 2027-6-14 |
GDPREPR | GDPR Enforcement Procedural Rules Regulation |
3 Trilogue / Negotations |
Enforcement | GDPR enforcement | Supervisory authorities, EDPB | 0Unknown | 0Unknown |
CRA | Cyber Resilience Act |
1 Published |
Cybersecurity | Products with digital elements | Economic operators, manufacturers, importers, distributors, consumers | 0Unknown | 0Unknown |
TTPAR | Transparency and Targeting of Political Advertising Regulation |
1 Published |
Advertising | Political advertising | Providers, sponsors, controllers, voters | 2024-4-9 | 2024-4-9 |
GDPR | General Data Protection Regulation |
1 Published |
Data | Personal data | Controllers, processors, data subjects | 2016-5-24 | 2018-5-25 |
CSoldA | Cyber Solidarity Act |
5 EP stage |
Cybersecurity | Cyber threats | Cross-border SOC, public bodies, entities operating in critical or highly critical sectors, trusted providers | 0Unknown | 0Unknown |
EUDPR | Data Protection Regulation for EU institutions |
1 Published |
Data | Personal data, operational personal data | EU institutions | 2018-12-11 | 2018-12-11 |
LED | Law Enforcement Directive |
1 Published |
Data | Personal data | Law enforcement authorities | 2016-5-5 | 2018-5-6 |
DGA | Data Governance Act |
1 Published |
Fair digital market, data | Data, non-personal data | Data subjects, data holders, data users, data intermediation services, data altruism organisations, public sector bodies | 2022-6-23 | 2023-9-24 |
Data Act | Data Act |
1 Published |
Fair digital market, data | Data, metadata, personal data, non-personal data | Users, data holders, data recipients | 2024-1-11 | 2025-9-12 |
DSA | Digital Services Act |
1 Published |
Online services | Information society services, illegal content, advertisements, recommender systems | Consumers, traders, intermediary services, online platforms, online search engines, VLOPs, VLOSEs | 2022-11-16 | 2024-2-17 |
DMA | Digital Markets Act |
1 Published |
Fair digital market | Core platform services | Gatekeepers, business users, end users | 2022-11-1 | 2023-5-2 |
IEA | Interoperable Europe Act |
1 Published |
Cross-border interoperability | Trans-European digital public services, data | EU entities and bodies regulating or manging trans-European digital public services | 2024-4-11 | 2024-7-11 |
NIS2 | NIS2 Directive |
1 Published |
Cybersecurity | Cyber threat, ICT products, ICT services, ICT processes | Member States, (critical) entities | 2023-1-16 | 2024-10-17 |
CSA | Cybersecurity Act |
1 Published |
Cybersecurity | ENISA, ICT products, ICT services, ICT processes, European cybersecurity certification schemes | ENISA, operators of essential services, digital service providers | 2019-6-27 | 2021-6-28 |
DORA | Digital Operational Resilience Act |
1 Published |
Cybersecurity, finance | Network and Information Systems | Financial entities, ICT third-party service providers | 2023-1-16 | 2025-1-25 |
ePR | ePrivacy Regulation |
7 Dormant |
Telecom | Electronic communications services, electronic communications data, emails, direct marketing communications | End-users, electronic communications services providers | 0Unknown | 0Unknown |
MSR | Market Surveillance and Compliance of Products Regulation |
1 Published |
Enforcement | Products | Market surveillance authorities, manufacturers, importers, distributors, fulfilment service providers, economic operators, information society service providers, end users | 2019-7-15 | 2021-1-1 |
* indicates an estimated date