digital economy regulation

This report gathers policy and regulatory developments at EU level covered by Cullen International’s Digital Economy and Media services during the last week. It also lists events taking place this week.

The European Parliament proposed to restrict voluntary detection to previously identified child sexual abuse material, unknown material flagged by other users, and targeting of suspects. It also clarified that the derogation of the e-Privacy Directive should not apply to end-to-end encrypted communications. Trilogue negotiations can now start.

The Commission aims to provide operators with timely guidance to support compliance with the EU Cyber Resilience Act (CRA). While the CRA will apply from 11 December 2027, incident reporting obligations will become applicable in September 2026. The consultation will be open for feedback until 31 March 2026.

This report gathers policy and regulatory developments at EU level covered by Cullen International’s Digital Economy and Media services during the last week. It also lists events taking place this week.

Only three member states adopted legislation to implement a new regulation easing access by law enforcement authorities to electronic evidence stored in other EU countries. While the regulation will apply from 18 August 2026, an accompanying directive should have been transposed by 18 February 2026. However, only three member states adopted legislation to transpose the directive.

In his opinion, advocate general said that streaming platforms cannot force consumers to waive their 14-day withdrawal right when subscribing online. However, if the withdrawal right is used then the service provider may claim compensation reflecting both the time the service was used and the economic value of the content viewed.