The 2019-2024 legislative period of the European Union brought significant progress in the digital transformation and data protection. Despite successful implementations such as the Digital Services Act and the Digital Markets Act, some key initiatives remained unfinished. In the coming legislative period 2024-2029, further significant developments and legislative initiatives are pending to make the digital space safer and fairer.
The 2019-2024 legislative period of the European Union was characterised by far-reaching changes in the digital space. With the Digital Services Act and the Digital Markets Act, ground-breaking regulations were introduced to clarify the responsibilities of online platforms and ensure fair competition. The Data Governance Act and the Data Act are intended to provide a framework for the secure exchange and use of data, while the AI Act is intended to create a regulatory framework for the use of artificial intelligence. Despite this progress, some important projects, such as the regulation to combat child abuse material and the introduction of the digital euro, remain unfinished. The upcoming 2024-2029 legislative period promises to tackle these challenges and drive forward new initiatives. The focus will be on security in the digital space, the transparency of digital advertising and the adaptation of regulations to ongoing digitalisation. These developments are crucial to protecting citizens' digital rights and strengthening trust in digital technologies.
Achieved goals 2019-2024
The laws listed below were adopted in the 2019-2024 legislative period. However, not all of them have already been published in the Official Journal of the EU.
Digital services and markets
Digital Services Act (DSA): The DSA aims to clearly regulate the responsibilities of online platforms, increase transparency in advertising and improve protection against illegal content. This regulation introduced measures to better protect users and prevent the distribution of illegal content.
Digital Markets Act (DMA): The DMA focusses on the regulation of large platforms that function as gatekeepers. The aim is to ensure fair competition and prevent market abuse. This regulation ensures that large digital platforms do not abuse their market power and enable fair competition.
Data protection and data use
Data Governance Act and Data Act: These regulations promote the sharing and use of data within the EU while safeguarding companies' business secrets and citizens' data protection and rights. The Data Governance Act is a framework for the management and distribution of data, while the Data Act will regulate the access and use of data to promote innovation and efficiency.
European Health Data Space (EHDS): This initiative aims to promote the secure exchange of health data to improve healthcare and research within the EU. The EHDS enables health data to be used securely and efficiently to achieve better medical outcomes and support research. The law is expected to be finalised in autumn 2024.
Artificial intelligence (AI)
AI Act: The AI Act establishes a regulatory framework for the use of artificial intelligence and addresses issues of liability and transparency in the use of AI technologies. This regulation ensures that AI applications are developed and used safely and responsibly. The AI Act is expected to be promulgated in July 2024.
Cybersecurity capabilities
The Cyber Solidarity Act aims to strengthen the EU's cyber defence. This regulation will help to better protect the EU against cyberattacks and increase the resilience of the digital infrastructure. The law is expected to be finalised in autumn 2024.
Cyber security requirements (Cyber Resilience Act)
The Cyber Resilience Act focuses on the security of digital products. This regulation will ensure that digital products are secure and resilient to cyber threats, which will increase consumer and business confidence in digital technologies. The law is expected to be finalised in autumn 2024.
Liability for defective products (Revised Product Liability Directive)
The New Product Liability Directive will regulate liability for defective products. It will ensure that manufacturers and suppliers can be held liable for damage caused by defective products. The law is expected to be finalised in autumn 2024.
Advance passenger information (API)
The regulation on the collection and transmission of Advance Passenger Information (API) aims to combat terrorism and serious crime. This initiative will increase security in the EU by enabling law enforcement authorities to identify and prevent potential threats at an early stage.
Open projects and challenges
CSAM Regulation (chat control)
Despite the adoption of a position by the Parliament in November, the draft regulation on combating child sexual abuse material (CSAM) has not been finalised. Negotiations in the Council are ongoing, and the upcoming elections could influence the negotiations. There is an urgent need for action to strengthen the protection of children in the digital space.
Digital Euro
Progress on the introduction of the digital euro also failed to materialise. The "single currency package" presented in June 2023 is still awaiting agreement from Parliament and the Council. It is expected that the trialogue negotiations will not begin before summer 2025. The introduction of the digital euro could strengthen the digital economy and promote financial inclusion.
AI Liability Directive
Work on the AI Liability Directive, which is intended to clarify liability in the event of problems with AI applications, is currently stagnating in the committees. Work is not expected to continue until the autumn. However, it is also possible that the project will be abandoned - especially in Parliament, the question is being asked as to whether there are still gaps in protection that the Liability Directive would have to close in addition to the new Product Liability Directive, the Cyber Resilience Act, and the AI Act.
Planned initiatives for 2024-2029
Based on published information and press reports, the following educated guesses can be made about planned initiatives in the coming legislative period:
Data storage, cookies, and digital advertising
The ePrivacy Regulation is to be abandoned. It is to be replaced by the following laws:
Data retention
A new proposal on data retention is being prepared by the Commission. This regulation is intended to regulate the controversial issue of access to electronic communications data by law enforcement authorities. This could lead to intense debates on data protection and privacy, as a balance must be struck between security requirements and the protection of civil rights.
Digital Fairness Act
The Digital Fairness Act is intended to cover issues such as web cookies, influencer marketing, dark patterns, and contract cancellations. The aim is to create more transparency and fairness in the digital space. This regulation could increase consumer trust in digital services by reducing misleading practices and establishing clear rules for handling user data.
Digital advertising
Another legislative initiative could aim to increase transparency in the digital advertising sector and address power imbalances in favour of large tech companies. This initiative could lead to a fairer and more transparent advertising market that benefits both consumers and smaller companies.
Audiovisual media and age verification
Revision of the Audiovisual Media Services Directive (AVMSD)
A revision is intended to adapt the regulations to advancing digitalisation and the changing media landscape. The aim is to improve the market conditions for audiovisual media services and ensure that EU media regulation meets modern requirements.
Digital age verification wallet
A digital wallet for age verification is intended to increase the security of minors in the digital space and complement the DSA. This solution would make it possible to reliably verify the age of users before they are given access to age-restricted content. This could strengthen the trust of parents and guardians in digital services.
Adaptations to the Copyright Directive regarding generative AI
In view of the increasing use of generative AI, the Copyright Directive should be adapted to prevent the illegal use of content and protect the rights of creators. These adjustments could ensure that AI systems are developed and used responsibly and in accordance with the rights of creators.
Licence agreements for AI training
The EU Commission is probably planning to develop a licence market for training data to use copyright-protected content for the training of generative AI applications. This includes the introduction of an opt-out protocol for rights holders to protect their content from data scraping. This initiative will ensure that AI companies have fair and non-discriminatory conditions for access to training data while respecting the rights of creators.
A look into the future
Considerable progress was made in EU legislation during the 2019-2024 legislative period, particularly around digital services, and markets. The Digital Services Act and the Digital Markets Act were passed to clarify the responsibilities of online platforms and promote fair competition. The Data Governance Act and the Data Act were implemented in data protection and data utilisation, while the AI Act provides a legal framework for the use of artificial intelligence. Cybersecurity measures, such as the Cyber Solidarity Act and the Cyber Resilience Act, have also been introduced to strengthen the EU's digital infrastructure. Despite this progress, some initiatives, such as the introduction of the digital euro and the AI Liability Directive, remain open and will require further work in the coming legislative period. Overall, however, the legislative tsunami of the last legislative period should subside - it is now a matter of applying the rules that have been adopted and adapting existing laws to the new environment. Companies should also check their contractual relationships to see whether they are compatible with the new rules.