digital economy regulation

The Commission indicated that it may increase sanctions against companies that breach EU consumer law under the future enforcement framework. It also confirmed that it will present the Digital Fairness Act as a regulation by the end of 2026.

This report gathers policy and regulatory developments at EU level covered by Cullen International’s Digital Economy and Media services during the last week. It also lists events taking place this week.

A representative of the European Commission told the European Parliament that the draft Cybersecurity Act 2 (CSA2) would avoid that a security vulnerability in one EU country spreads to others. The draft CSA2 contains a framework to restrict high-risk ICT suppliers in EU critical sectors, including telecoms.

This report gathers policy and regulatory developments at EU level covered by Cullen International’s Digital Economy and Media services during the last week. It also lists events taking place this week.

The information and communications technology (ICT) supply chain security toolbox (non-binding) recommends EU member states restrict the use of high-risk suppliers (HRS) in priority sectors. HRS restrictions are also extended to ICT components and hardware used in connected and automated vehicles through an EU coordinated risk assessment that analyses cybersecurity risks affecting these systems and their supply chain. While the recommended measures in the toolbox and risk assessment are voluntary, similar obligations are included in the proposal for a revised Cybersecurity Act (CSA2) which would be legally binding.

In a joint opinion, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) highlighted concerns about the proposed amendments to the definition of personal data and the Commission’s power to clarify when pseudonymised data no longer constitutes personal data.