Europe’s digital compliance landscape is undergoing far-reaching changes as new and proposed regulatory frameworks reshape governance for network infrastructure, artificial intelligence, cybersecurity, e-commerce, data protection, and online safety across the European Union, the United Kingdom, and Germany. The European Commission’s upcoming Digital Networks Act aims to overhaul and harmonize the outdated electronic communications regulatory framework, addressing investment needs, market fragmentation, and cybersecurity concerns. The period for stakeholder input closed in July 2025, with a legislative proposal expected before the end of the year and adoption likely in 2026.
In e-commerce, revisions to the Union Customs Code target rampant undervaluation schemes and fraud by abolishing the under-EUR 150 customs duty exemption for imported goods, shifting legal responsibility to online platforms, and introducing a centralized customs data hub. These reforms, already endorsed for negotiation by the EU Council, are projected to take effect in 2028 pending legislative approval. Meanwhile, the EU AI Act’s regime for general-purpose artificial intelligence models continues to take shape: the European Commission has published a voluntary but influential Code of Practice outlining clear transparency, copyright, and systemic safety obligations, complemented by new guidelines and an implementation grace period through 2027.
Financial and ICT service providers face new operational resilience challenges under the Digital Operational Resilience Act (DORA), enforced by a detailed set of technical standards for ICT outsourcing, critical function support, and risk assessment. The delayed rollout of the NIS2 Directive on network and information security, along with ENISA’s technical implementation guidance, underscores uneven adoption across member states—prompting the Commission to initiate proceedings against 19 laggards and warning of possible referrals to the EU court.
Turning to the UK, the Online Safety Act’s codes of practice entered into force, but ongoing consultations pursue further measures for child protection, illegal content containment, proactive detection technologies, and heightened platform accountability. The Data (Use and Access) Act 2025, now law, introduces stricter complaint processes, expands legitimate cookie use, increases potential ICO fines, and refines the rules on automated decision-making—though hot-button issues of artificial intelligence and copyright remain under parliamentary scrutiny, with impact reports due by March 2026. UK regulatory focus has also expanded into automated vehicle safety and marketing through the Automated Vehicles Act 2024, now seeking industry input to define enforceable safety principles and correct marketplace language.
Within Germany, progress on the NIS2 Directive has been delayed due to internal political upheaval, but a new draft law forecasts stricter incident notification rules, fines, and sector expansion, especially into critical digital infrastructure. Separately, the draft Digital Media State Treaty brings national regulations into alignment with recent European media legislation and the artificial intelligence act, mandating open media ownership databases and providing a legal framework for technical internet monitoring tools. Collectively, these developments illustrate an accelerating convergence of European regulatory regimes designed to enforce digital trust, technological resilience, and responsible artificial intelligence development while maintaining space for innovation and competitive markets.
