EU digital and data statutes in a nutshell

The Data Governance Act regulates the transfer and use of data between organisations. The objective is to promote the freedom of movement and practical use of data. The DGA lays down the prerequisites for the reuse of protected data possessed by the public sector, the provision of data intermediation services, and the operations of ‘data altruism organisations.’ In addition, the DGA launches the operations of the European Data Innovation Board. 

The Data Governance Act is in force and its application began on 24 September 2023.

The Digital Services Act promotes the reliability and security of online services. The aim of the DSA is to e.g. intervene in illegal content, facilitate the identification of online retailers and increase the transparency of the moderation of advertising and content. 

The regulation targets various online service providers from data traffic infrastructure providers to platform services and online marketplaces. These services include hosting services, social media services and search engines.

The DSA lays down obligations for operators related to their terms of service, prevention of illegal content and the transparency of their operations. The DSA does not take a position on whether specific online content or services are illegal. The application of the DSA begun on 17 February 2024.

The aim of the Digital Markets Act is to ensure competitive and fair markets in the digital sector and protect companies and consumers from unfair practices observed to be engaged in by ‘gatekeepers’ of the EU single market, in other words large platform companies. The Act helps ensure the fair operation of large platform companies. Large platform companies are set with various obligations concerning e.g. the installation of competing applications or access to competing applications as well as prohibitions to e.g. favour the operator’s own services. The Act entered into force in early November 2022. Its application began on 2 May 2023. 

The Data Act promotes higher data availability and use. The Data Act concerns data generated by using devices connected to the internet. Such devices include various sensors, smartwatches or even paper machines or airplanes. 

The Data Act obliges manufacturers to design devices in a way that ensures that the user has access to the data generated. If the user cannot access data e.g. directly from the device due to technical reasons, the manufacturer shall disclose the data to the user on request. The manufacturer shall also disclose device data to a third party, e.g. a provider of maintenance or additional services, on the user’s request. In exceptional situations, the manufacturer shall disclose data on the request of a public sector entity. 

The Data Act also aims to make switching data processing services, such as cloud services, easier. 

The Data Act entered into force on 11 January 2024. Its application will begin in September 2025.

The objective of the European Artificial Intelligence Act is to ensure the secure and ethical use of artificial intelligence (AI) and that it promotes human and social well-being. The AIA concerns all AI systems designed or used in the EU. It contains requirements concerning the development, introduction and use of AI systems.

The Act lays down general requirements for all AI systems. These include requirements for system security, reliability and simplicity. The Act prohibits certain AI systems that can cause serious risks, such as social scoring systems, and the use of AI in decision-making affecting the fundamental rights of individuals. In addition, the AIA provides tighter regulation of high-risk AI systems. These are systems that can have a significant impact on the life or safety of individuals.

The Act also establishes a system which the European Commission and Member States authorities use to control the use of AI.

The Act entered into force on 1 August 2024 and its application will begin gradually. The Act will be applied for the most part starting from 1 August 2026.

The objective of the Regulation is to prevent the use of the online environment for terrorist purposes. The Regulation aims to remove illegal content containing terrorist propaganda as soon as possible or prevent access to such content. This also prevents the spread of such content on other online platforms.

The Regulation is based on the idea that terrorist online content is most harmful during the first hours after publication. Under the Regulation, terrorist content must be removed as soon as possible but no later than within one hour. The Regulation provides that competent authorities of EU Member States may order the removal of terrorist online content.

The Regulation also determines special measures that storage service providers used for spreading terrorist online content must take. The Regulation is in force and has been applied since 7 June 2022.