digital economy regulation

Through amendments to the Cybersecurity Act, Poland transposes the NIS2 Directive and introduces procedures for phasing out products, services and processes from high-risk suppliers (HRS). The law overlaps with the draft Cybersecurity Act 2, which would empower the European Commission to restrict HRS in critical sectors at EU level.

Policy makers, academia, industry stakeholders and civil society reflected on whether the EU data protection framework should be “reset” or “refined” following the recent Court of Justice of the EU judgment on the relative nature of personal data, technological changes and the European Commission’s Digital Omnibus proposal. The conference, co-organised by the European Data Protection Supervisor and the Council of Europe provided a forum for in-depth discussion on the evolving definition of personal data and the future regulation of cookies and online tracking technologies.

This report gathers policy and regulatory developments at EU level covered by Cullen International’s Digital Economy and Media services over the past week. It also lists events taking place this week.

The European Commission executive vice-president for Tech Sovereignty, Security and Democracy, Henna Virkkunen, said that the availability of alternatives and the economic impact of potential mitigating measures will be considered when de-risking ICT supply chains.

The Argentinian government created the national Centre of cybersecurity, operating under the Secretariat of Innovation, Science and Technology. The Centre will act as the national authority on cybersecurity and as the enforcement authority for all current and applicable regulations in this field.

The European Commission gathered input from a broad range of stakeholders on certain definitions in the Data Act that could benefit from further clarification, such as those of data holder, related service, readily available data, and connected product. The guidelines are expected in 1Q 2026.