Current Edition
The implementation phase of the EU’s data regulatory framework is in full swing. While the EU Data Act has been in force since September 2025, recent developments clearly show a shift from legislative design to practical and institutional fine tuning at both an EU and Member State level.
- At EU level, Council negotiations on the Digital Omnibus are refining key concepts under the Data Act.
- In Germany, parliament (Bundestag) has adopted the national Data Act implementation law.
- Across other Member States, Belgium and Ireland have advanced preliminary national Data Act implementation drafts.
- In the health data space, the European Commission has moved the EHDS into its technical implementation phase.
Previous Editions
This edition of our newsletter highlights three recent developments that are particularly relevant for organisations planning or refining their data and cybersecurity compliance programmes:
- Digital Omnibus – ECB perspective on Data Act changes.
- Cyber Resilience Act – Commission draft guidance
- Germany’s NIS 2 regime – first indications after the registration deadline.
In this edition, we examine several key developments with immediate relevance for your business:
- EU Data Act: The Commission’s newly published Draft Guidelines on “reasonable compensation” and their implications for B2B data sharing arrangements.
- German NIS2 Regime: The critical phase of Germany’s NIS2 implementation, including the statutory registration deadline and sector-specific impacts.
- Digital Omnibus Proposal: The EDPB and EDPS Joint Opinion.
In this edition, we examine three developments that are particularly relevant from a legal and commercial perspective:
- EU Data Act FAQs (Version 1.4): The Commission’s latest updates provide targeted clarifications, inter alia, on the scope, interoperability, model contractual terms and reasonable compensation, offering important guidance for organisations preparing for Data Act compliance and contract adjustments.
- Open Data Maturity Assessment 2025: While overall maturity levels continue to rise across Europe, the findings reveal where regulatory expectations are crystallising — and where public-sector data reuse, high-value datasets and technical implementation still present practical and legal challenges.
- ProtectEU Roadmap on Law Enforcement Access to Data: The roadmap signals a renewed policy focus on access to digital evidence, encryption and standardisation, with potentially far-reaching implications for service providers, platform operators and cross-border data governance.
In this edition, we highlight several important developments that could directly affect your business:
- Data Act Implementation Laws: An up-to-date overview of how Member States are progressing with national implementation, including enforcement authorities and sanction regimes.
- NIS 2 Implementation in Germany: Key provisions of Germany’s NIS 2 implementation law, with a focus on the expanded scope and impact on cloud service providers.
- EU Cloud and AI Development Act (EPRS Briefing): Insights into the EU’s legislative plans to strengthen digital infrastructure and reduce reliance on non-EU cloud providers.
This newsletter summarises the key developments and practical implications for your organisation, including:
- The Digital Omnibus Proposal: How the Commission plans to streamline and unify the EU’s digital legal regime.
- Data Union Strategy: How the Commission aims to simplify compliance with the Data Act, support businesses with practical tools, and strengthen EU data sovereignty in the context of AI and global.
- National Implementation Laws: The current status of Data Act implementation laws across Member States, including enforcement authorities and sanctions.
- Standardisation and Interoperability: The latest on technical standards and interoperability requirements that will affect your business strategy.
Auditors are already beginning to review compliance with the EU Data Act across all sectors, including financial institutions and asset managers. Given the heightened regulatory attention, this month, we provide an overview of:
- The EU Commission’s updated FAQs on the Data Act (version 1.3, dated 12 September 2025), which highlight the broad applicability of the EU Data Act, including SaaS – making it highly relevant for all sectors.
- Newly published guidance on vehicle data under the EU Data Act, which provides info (amongst others) on data being in-scope and out-of-scope of the Data Act.,
- The European Commission’s Call for Evidence on the “Digital Omnibus” which has the goal to get stakeholder input on how to simplify legislation on data, cybersecurity and AI.
In this newsletter, we bring you the latest developments surrounding the EU Data Act and related regulatory initiatives shaping the European data economy. With the EU Data Act becoming applicable in September 2025, now is the time to understand how it will impact cloud switching, data sharing, access rights, and relevant obligations across industries. From the EU Data Act, the evolving framework of the Financial Data Access Regulation (FiDA) to national implementing measures and sector-specific rules, we aim to provide insights and practical updates. Whether you're navigating compliance, developing data-driven services, or following the broader policy landscape, this newsletter is designed to keep you informed and prepared.
_11zon.jpg?crop=300,495&format=webply&auto=webp)
_11zon.jpg?crop=300,495&format=webply&auto=webp)
_11zon.jpg?crop=300,495&format=webply&auto=webp)
_11zon.jpg?crop=300,495&format=webply&auto=webp)
_11zon.jpg?crop=300,495&format=webply&auto=webp)