Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (“NIS2 Directive”) entered into force on 16 January 2023. It had to be transposed into national law by 17 October 2024. Only a small number of member states (among them Hungary, Belgium and Croatia) have transposed the provisions of the NIS2 Directive into national law so far, and it is likely that a significant number of member states will need some time.
Regulation (EU) 2022/2554, commonly known as the Digital Operational Resilience Act (DORA), represents a significant step forward in enhancing the digital resilience of the financial sector within the European Union. Adopted by the European Parliament and the Council on 14 December 2022, DORA aims to establish a comprehensive framework to ensure that financial entities can withstand, respond to, and recover from all types of ICT-related disruptions and threats. The regulation entered into force on 17 January 2025, and applies directly across all EU member states.
The European Commission’s Competitiveness Compass was published on 29 January 2025. It sets forth the European Commission’s priorities for the next five years with a clear ambition to make Europe a leader in future technologies, services, and clean products. The policy priorities are defined around three pillars: (i) Innovation, (ii) Decarbonization and (iii) Security.
The AI Act introduces a comprehensive legal framework for companies dealing with AI systems in the EU. From 2 February 2025, companies subject to the regulation must take steps to ensure AI literacy and ensure that no prohibited AI practices are used. Non-compliance could lead to substantial fines.
The European Accessibility Act is a directive aimed at improving the accessibility of products and services for people with disabilities across the European Union. It establishes common accessibility requirements for a wide range of products and services provided to consumers to ensure that people with disabilities have better access to digital and physical environments, thereby promoting their inclusion and participation in society.
On 13 December 2024, the new Regulation (EU) 2023/988 on general product safety (GPSR) will finally apply in all EU Member States, replacing the current Directive 2001/95/EC on general product safety.
The GPSR addresses risks related to new technologies and online trading, covering a wide range of products. It represents the most comprehensive reform of European product safety law in over 20 years and will impact most economic operators (manufacturers, importers, distributors, fulfillment service providers, etc.) in the EU market.
The recently published OECD survey involving 43 member countries found that less than half of the countries require the publication of drug list prices, while the remaining countries are affected by legal and/or contractual constraints that prevent the publication of drug price information.
EU Regulation 2024/1689 on Artificial Intelligence has the aim to introduce strict rules for the design, implementation and placing on the market of Artificial Intelligence systems, to be applied both to suppliers established in European territory and to suppliers established outside the European Union.
The European Council adopted the new Product Liability Directive on 10 October 2024, and it is now awaiting publication in the Official Journal of the European Union. From its entry into force, member states will have two years to transpose it into their national law. The new directive derogates Directive 85/374/CEE. Considering the current context in which digitalization and business models based on sustainability and the circular economy are booming, it was crucial to carry out an update of the rules governing the civil liability of manufacturers and other operators of defective products.
The new EU Capital Requirements Directive establishes a new harmonized and more restrictive framework for cross-border banking and lending into the EU. The new third country branch rules will prohibit the provision of certain banking services into the EU on a cross-border basis by firms outside the EU, unless done in accordance with limited exemptions.