We just updated our Benchmark on national competent authorities that were or could be empowered to enforce the Data Governance Act (DGA), the Data Act, the Artificial Intelligence Act (AIA) and the directive on measures for a high common level of cybersecurity across the EU (NIS2) in 17 EU countries.
National authorities will oversee the application of these new EU rules. An exception is the supervision of general-purpose AI models, which was entrusted to the newly created AI Office in the European Commission.
The research shows that in general member states are still at an early stage of the designation of competent authorities for the Data Act and the AI Act, while they are moving forward with the implementation of the DGA and the transposition of the NIS2 Directive.
The research shows that:
- On the DGA, most of the surveyed member states have not yet designated competent authorities to enforce different aspects of the act, while the regulation applies since September 2023.
- On the Data Act, France was the only surveyed country which designated a competent authority (the telecoms regulator, ARCEP is responsible for enforcing the provisions related to cloud services).
- For the AI Act, only Denmark and Spain appointed their competent authorities, government agencies in both cases.
- On NIS2, Belgium and Croatia, the only surveyed countries that transposed the directive, designated a national or central cybersecurity authority. Howeever, telecoms regulators (BIPT and HAKOM respectively) will be competent for providers of electronic communications services (ECS).
For more information and to access the full benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy service.
more news
08 July 25
Copper decommissioning emerges as critical challenge in global transition to gigabit networks
Our latest Global Trends report examines how 15 major markets are approaching the transition from legacy copper infrastructure to future-proof gigabit networks.
04 July 25
Online intermediaries in the Americas are protected against liability for third-party copyright infringements
Cullen International’s latest benchmark shows that most countries in the Americas limit the liability of online intermediaries for third-party copyright infringements, reflecting digital-era updates to copyright laws. The research also examines liability rules for defamation and other IP violations, as well as varying takedown obligations across jurisdictions. Some countries have introduced specific measures to address the unconsented sharing of intimate content.
30 June 25
LTE and 5G in the 410–430 MHz and 450–470 MHz bands in Europe
Our latest European benchmark shows the countries where the 410–430 MHz or 450–470 MHz bands can be used for LTE or 5G.