digital economy regulation

The Commission is seeking input on whether “non-technical factors such as undue influence by a third country” on a supplier, currently not addressed under the Cybersecurity Act, should be considered in the context of the European cybersecurity certification framework. The consultation also addresses the simplification of requirements in cybersecurity rules, including those set out in the directive on measures for a high common level of cybersecurity across the EU (NIS2).

This report gathers policy and regulatory developments at EU level covered by Cullen International’s Digital Economy and Media services during the last week. No relevant events were identified this week.

The AI Continent Action plan entails a series of initiatives to increase the adoption of AI in EU strategic sectors, as well as stimulate private sector investment in cloud capacity and data centres. As part of this plan, the Commission is consulting on a Cloud and AI Development Act to tackle the lack of a competitive EU-based offer of cloud computing services.

This timeline outlines the milestones in the implementation of the AI Act until August 2027. It includes application dates as well as obligations for the European Commission, EU member states and providers of AI systems.

The strategy aims to strengthen the EU’s resilience against evolving threats. It indicates that the revision of the Cybersecurity Act will look more broadly at the security and resilience of ICT supply chains.

The European Commission will be hosting webinars on 10 and 11 April 2025 to discuss with stakeholders the expert group’s final report on data sharing and cloud computing contracts, prepared to support the implementation of the Data Act provisions. This report will form the basis for the forthcoming Commission recommendation on model contractual terms for data sharing and standard contractual clauses for cloud switching.