The year 2026 will be a pivotal year for telecommunications law in the European Union and Germany. Several European regulatory initiatives will reach the stage of practical application or political decision-making. For companies, authorities, and consumers, this means that existing regulatory obligations must be reviewed, new requirements implemented, and strategic decisions prepared for the coming years.
1. Evaluation of the European Electronic Communications Code (EECC)
Since 2018, the European Electronic Communications Code (EECC) has been the central legal framework for electronic communications networks and services in the EU. Its aim is to ensure competition, promote investment in high-performance networks, and guarantee a high level of consumer protection.
A comprehensive evaluation of the EECC is planned for 2026. This goes beyond a mere routine review and should be seen as a starting point for a possible structural reform of European telecommunications regulation. Political discussions on the future of the regulatory model have been ongoing at European level since 2025, including in connection with the planned Digital Networks Act (DNA, see section 3 below).
The Body of European Regulators for Electronic Communications (BEREC) will play a central role in this process. BEREC has decided on several work packages for 2026 to analyze the application of the EECC and will support the European Commission with empirical findings and regulatory assessments.
In terms of content, the focus is particularly on the question of the future of traditional ex-ante regulation in cases of market dominance and its impact on investment incentives. There will also be discussions on how digital communication services and OTT providers should be more systematically integrated into the regulatory framework. In addition, there will be an analysis of interactions with other EU digital legislation, such as the NIS 2 Directive and the Data Act. The EECC evaluation will thus have a significant impact on the regulatory discourse in 2026.
2. Innovations brought about by the Gigabit Infrastructure Act (GIA)
The Gigabit Infrastructure Act (GIA) is an immediately applicable EU regulation that aims to accelerate the rollout of gigabit-capable networks and make it more cost-effective. It entered into force on May 11, 2024, and has been largely applicable since November 12, 2025. Unlike directives, it does not require national implementation.
The GIA will take full effect in February and May 2026. It contains uniform rules to simplify and accelerate approval procedures, in particular through digital contact points (single information points) that will provide information on existing infrastructure, planned construction work, and approvals. In addition, access rights to passive infrastructure such as masts, buildings, or supply networks will be harmonized across the EU. Furthermore, the GIA provides for tacit approval for certain construction and expansion permits if the competent authority does not make a decision within the specified period.
Of particular practical importance are the obligations to coordinate construction work and the requirements for fiber optic preparation in buildings for new construction and major renovations. The GIA is therefore no longer a future project, but a set of rules that network operators, infrastructure owners, and public authorities must implement operationally from 2026 onwards. Companies are required to review their planning, approval, and cooperation processes accordingly and adapt them if necessary.
3. The planned Digital Networks Act (DNA)
With the Digital Networks Act, the European Commission is planning a fundamental reform of European telecommunications law. The DNA is intended to replace or significantly supplement the existing legal framework, including the EECC, in the future. A draft proposal from the Commission is expected on January 20, 2026, followed by intensive negotiations in the Council and the European Parliament. It is questionable whether it will be finalized in 2026.
In terms of content, the DNA aims to focus regulation more strongly on investment, resilience, and strategic autonomy. Among other things, further harmonization in frequency management, a more uniform approach to the dismantling of copper networks, and coordinated licensing conditions within the EU are being discussed. At the same time, there is political controversy over the extent to which new financing mechanisms for network expansion should be introduced and whether large digital platforms need to be more closely involved.
4. TKG Amendment Act 2025 – also highly relevant in 2026
With the TKG Amendment Act 2025, the legislature has explicitly classified the expansion of fiber optic and mobile networks as a project of overriding public interest. This legal determination has been in force since summer 2025 and fundamentally changes the legal considerations in approval and planning procedures. The aim is to shorten lengthy procedures for network expansion and reduce legal uncertainties. Specifically, expansion projects are to be given greater weight than other public interests, such as environmental protection or the preservation of historical monuments. The regulation is limited in time until the end of 2030 and is thus clearly geared towards achieving the political expansion targets.
For municipalities, planning and approval authorities, this means adapting their decision-making criteria and internal processes. At the same time, the law does not establish any automaticity: environmental, nature, and monument protection are not being abolished, but must continue to be taken into account —albeit with a clear legal weight in favor of telecommunications infrastructure. Whether and to what extent procedures will actually become faster therefore depends largely on administrative practice, human resources, and the willingness to consistently apply the new rule.
Although the law came into force in 2025, 2026 will be the decisive year for implementation and testing. Network operators, investors, and local authorities will see across the board whether the new prioritization actually leads to faster approvals. For companies, the law creates planning and investment security in some areas, because the political will to accelerate expansion is now enshrined in law. For authorities and federal states, the focus in 2026 will be on applying the new requirements uniformly and harmonizing administrative practices. At the same time, it will become clear whether supplementary regulations or further simplifications are necessary.
5. Cybersecurity (NIS2, CRA, CSA 2) – also relevant for telecommunications
With the NIS2 Directive and the Cyber Resilience Act (CRA), the EU has significantly tightened the regulatory framework for cybersecurity. Both sets of regulations aim to increase the resilience of critical digital infrastructures, with a specific focus on the telecommunications industry. NIS2 expands obligations in the areas of risk management, security measures, and incident reporting, while the Cyber Resilience Act sets requirements for the cybersecurity of products with digital elements.
For telecommunications operators, this means significantly expanded organizational, technical, and documentary requirements. Companies must conduct systematic risk analyses, establish appropriate security measures, and report security incidents to the competent authorities within tight deadlines. In addition, there are new obligations for management, which must explicitly monitor and control cybersecurity. The Cyber Resilience Act also has an impact along supply and value chains, for example in the case of network components, software, or IoT systems. In practice, this leads to more internal processes, a greater need for coordination with suppliers, and increasing compliance costs. Cybersecurity is thus becoming less of a legal issue and more of a business and strategic issue.
Added to this is the draft for a revised Cybersecurity Act (CSA 2) presented by the European Commission on January 20, 2026. This aims to strengthen the security of European ICT supply chains and introduces a binding framework for identifying and reducing risks posed by third-country providers. The proposal has particular implications for the telecommunications sector: it stipulates that mobile operators must replace certain components—both in the core network and in the access network infrastructure— ly within three years of the Commission publishing a list of high-risk suppliers. This replaces the previously voluntary approach of the 5G Toolbox with binding requirements. In addition, CSA 2 contains a revised European Certification Framework (ECCF) designed to make it easier for companies to comply with cybersecurity requirements and serve as a competitive advantage. In addition, targeted amendments to the NIS2 Directive are proposed to simplify compliance requirements and strengthen ENISA's role in cross-border supervision. The draft is still in the legislative process and may undergo significant changes during negotiations between the European Parliament and the Council.
The focus for 2026 is therefore on practical application. This year, many obligations will come into full effect for the first time or will be monitored by supervisory authorities in the future. Furthermore, new obligations could arise. For affected companies, this means reviewing existing security concepts, refining structures, and further establishing reporting and crisis processes. At the same time, there is growing pressure from regulators, politicians, and the public to manage failures or security incidents professionally. Those who are not sufficiently prepared in 2026 risk not only sanctions but also damage to their reputation.
Conclusion
The year 2026 marks a phase of reorientation and refinement in telecommunications law. The evaluation of the EECC is paving the way for possible structural reforms, the GIA and the TKG are changing the practice of network expansion, and the Digital Networks Act is setting the long-term direction of European regulation. At the same time, the implementation of cybersecurity requirements is forcing telecommunications companies to significantly strengthen their cyber and compliance structures. For market participants, 2026 is therefore less a year of spectacular new regulations and more a year of strategic adjustment and regulatory preparation. However, these could be on the agenda from 2027 onwards, when DNA or CSA 2 are due to come into force.
Co-Author: Christian Zander
