Latest EU regulations that will impact tech organizations
Written by Alejandra Guerrero
Legal Manager at Telecoming
Among the matters that have aroused greater interest in recent years in the European legislator, due to their relevance and implications in society, are: artificial intelligence (AI), cybersecurity, use of digital platforms, and data protection.
01. Regarding AI, Europe is working on legislation (AI Act) that will be a pioneer in regulating this matter worldwide and that will affect any company whose use of AI impacts European citizens.
This regulation will address the specific risks of this technology and will classify them into four risk levels: minimal, limited, high, and unacceptable. In this way, the use of AI that poses an unacceptable classification will be forbidden to avoid the violation of fundamental rights.
02. In terms of cybersecurity, the NIS Directive 2 is already in force, an update of the NIS Directive that established cybersecurity obligations for EU countries, and which aims to eliminate the divergences that arose from the application of the previous law.
As a novelty, it should be noted that the NIS 2 Directive broadens its scope of application, contemplates security in the supply chain and relations with suppliers, and introduces the responsibility of senior management for breach of cybersecurity obligations.
On the other hand, in September 2022 the Cyber Resilience Act proposal was published to strengthen the cybersecurity of smart and connected products. This regulation will impose security requirements on manufacturers of products with digital elements marketed in the EU throughout their life cycle.
03. Regarding the use of digital platforms, the European Union has approved two regulations in order to protect the internal market against the actions of platforms that have a competitive advantage due to their dominant position and to establish a safer online environment.
On one hand, the Digital Markets Act will define what the large internet platforms, called “Access Guardians”, will be able to do in the EU. In other words, this regulation will only apply to those designated companies that exceed the requirements of business volume, number of active users in the EU, and have a deep-rooted and lasting position.
Among other obligations, they must make it easier for users to unsubscribe from services, in addition, they may not classify their own services or products more favorably than those of third parties, or prevent users from uninstalling pre-installed programs or applications. Likewise, it is intended to reinforce the interoperability between the different messaging platforms.
In another line, the Digital Services Act is applicable to all online intermediaries that offer their services in the European market. Companies will have different obligations in proportion to their capacity and size.
The regulation focuses on demanding greater transparency when using algorithms, strengthening control mechanisms against product counterfeiting, the possibility of reporting illegal content, and limiting personalized advertising by granting users control over their personal data.
04. Finally, on February 20, Law 2/2023 regulating the protection of people who report on regulatory violations and the fight against corruption came into force, as an application of the European “whistleblower” Directive. This law will help the implementation of internals whistleblowing channels for employees, customers, and suppliers to report acts constituting a crime under European law without suffering reprisals.
We hope these lines can help you to better navigate the European tech scene. If you want to stay up to date with the latest developments, sign up for our newsletter!