Regulating Data: EU Data Act & More Newsletters

Our regular round-up of the EU’s digital regulatory ever evolving landscape, updates on both new compliance challenges and strategic opportunities in Europe.

01 July 2026

Publication

Loading...

Listen to our publication

0:00 / 0:00

Current Edition

1 July 2026

At the centre of this issue stands the ongoing discussion on the Digital Omnibus covering the Data Act. The debate has gained considerable momentum in recent weeks, with Council and Parliament each staking out distinct positions, and stakeholders weighing in on issues ranging from trade secret protection to switching rights for data processing services. We summarise the key institutional and stakeholder positions to help you navigate where the negotiations currently stand.

Beyond the Digital Omnibus, we turn to the measures now shaping how data regulation is applied on the ground: Germany's new enforcement framework, the emerging role of secure processing environments, and the Commission's intensified scrutiny of the cloud market.

In this edition, we cover:

  • The Data Act in the Digital Omnibus gives rise to discussions – policymakers and business stakeholders exchange opinions on the recalibration of the Data Act, in particular with regards to the trade secret and data processing service provisions.
  • Germany’s Data Act Implementing Law enters into force – Germany has completed its national Data Act implementation, with the DADG establishing the country’s enforcement framework.
  • ETSI highlights the infrastructure layer of the data economy – a new technical specification underlines the growing relevance of secure processing environments and data protection at infrastructure level.
  • The DMA cloud market investigation moves into a more technical phase – the Commission is turning its attention to cloud interoperability, pricing and contractual conditions.

Previous Editions

27 May 2026

The EU Data Act's enforcement landscape is beginning to take shape and is no longer solely relevant in Europe. While national authorities and Member State legislators are now actively building the operational infrastructure for the Data Act, parallel developments in other jurisdictions signal that data access regulation is becoming a global theme. In particular:

  • In the Netherlands, the Authority for Consumers and Markets (ACM) has published comprehensive national authority guidance on data sharing under the Data Act, offering detailed practical interpretations of the Regulation's transparency, access and contractual provisions.
  • In Japan, the Cabinet has approved a new certification-based framework for government-to-business data sharing, expressly modelled on the EU's data regulatory architecture, raising the question of whether mandatory B2B data sharing obligations will follow.
  • In Germany, the Data Governance Act implementation law has entered into force, marking an important step in Germany’s implementation of the EU's broader data strategy.
  • Also in Germany, the federal government has published a dedicated communication reaffirming its commitment to operationalising the Data Act, signalling that the Regulation remains a political priority.
  • At EU level, the E-Evidence Regulation will become fully applicable on 18 August 2026, introducing a new category of cross-border data production and preservation orders that will require in-scope service providers to have robust internal response processes in place.

This edition covers these developments and highlights where businesses should review their data sharing arrangements, internal compliance frameworks and readiness planning.

27 April 2026

The implementation phase of the EU’s data regulatory framework is in full swing. While the EU Data Act has been in force since September 2025, recent developments clearly show a shift from legislative design to practical and institutional fine tuning at both an EU and Member State level.

  • At EU level, Council negotiations on the Digital Omnibus are refining key concepts under the Data Act.
  • In Germany, parliament (Bundestag) has adopted the national Data Act implementation law.
  • Across other Member States, Belgium and Ireland have advanced preliminary national Data Act implementation drafts.
  • In the health data space, the European Commission has moved the EHDS into its technical implementation phase.

27 March 2026

This edition of our newsletter highlights three recent developments that are particularly relevant for organisations planning or refining their data and cybersecurity compliance programmes:

  • Digital Omnibus – ECB perspective on Data Act changes.
  • Cyber Resilience Act – Commission draft guidance
  • Germany’s NIS 2 regime – first indications after the registration deadline.

27 February 2026

In this edition, we examine several key developments with immediate relevance for your business:

  • EU Data Act: The Commission’s newly published Draft Guidelines on “reasonable compensation” and their implications for B2B data sharing arrangements.
  • German NIS2 Regime: The critical phase of Germany’s NIS2 implementation, including the statutory registration deadline and sector-specific impacts.
  • Digital Omnibus Proposal: The EDPB and EDPS Joint Opinion.

29 January 2026

In this edition, we examine three developments that are particularly relevant from a legal and commercial perspective:

  • EU Data Act FAQs (Version 1.4): The Commission’s latest updates provide targeted clarifications, inter alia, on the scope, interoperability, model contractual terms and reasonable compensation, offering important guidance for organisations preparing for Data Act compliance and contract adjustments.
  • Open Data Maturity Assessment 2025: While overall maturity levels continue to rise across Europe, the findings reveal where regulatory expectations are crystallising — and where public-sector data reuse, high-value datasets and technical implementation still present practical and legal challenges.
  • ProtectEU Roadmap on Law Enforcement Access to Data: The roadmap signals a renewed policy focus on access to digital evidence, encryption and standardisation, with potentially far-reaching implications for service providers, platform operators and cross-border data governance.

23 December 2025

In this edition, we highlight several important developments that could directly affect your business:

  • Data Act Implementation Laws: An up-to-date overview of how Member States are progressing with national implementation, including enforcement authorities and sanction regimes.
  • NIS 2 Implementation in Germany: Key provisions of Germany’s NIS 2 implementation law, with a focus on the expanded scope and impact on cloud service providers.
  • EU Cloud and AI Development Act (EPRS Briefing): Insights into the EU’s legislative plans to strengthen digital infrastructure and reduce reliance on non-EU cloud providers.

26 November 2025

This newsletter summarises the key developments and practical implications for your organisation, including:

  • The Digital Omnibus Proposal: How the Commission plans to streamline and unify the EU’s digital legal regime.
  • Data Union Strategy: How the Commission aims to simplify compliance with the Data Act, support businesses with practical tools, and strengthen EU data sovereignty in the context of AI and global.
  • National Implementation Laws: The current status of Data Act implementation laws across Member States, including enforcement authorities and sanctions.
  • Standardisation and Interoperability: The latest on technical standards and interoperability requirements that will affect your business strategy.

23 October 2025

Auditors are already beginning to review compliance with the EU Data Act across all sectors, including financial institutions and asset managers. Given the heightened regulatory attention, this month, we provide an overview of:

  • The EU Commission’s updated FAQs on the Data Act (version 1.3, dated 12 September 2025), which highlight the broad applicability of the EU Data Act, including SaaS – making it highly relevant for all sectors.
  • Newly published guidance on vehicle data under the EU Data Act, which provides info (amongst others) on data being in-scope and out-of-scope of the Data Act.,
  • The European Commission’s Call for Evidence on the “Digital Omnibus” which has the goal to get stakeholder input on how to simplify legislation on data, cybersecurity and AI.

8 August 2025

In this newsletter, we bring you the latest developments surrounding the EU Data Act and related regulatory initiatives shaping the European data economy. With the EU Data Act becoming applicable in September 2025, now is the time to understand how it will impact cloud switching, data sharing, access rights, and relevant obligations across industries. From the EU Data Act, the evolving framework of the Financial Data Access Regulation (FiDA) to national implementing measures and sector-specific rules, we aim to provide insights and practical updates. Whether you're navigating compliance, developing data-driven services, or following the broader policy landscape, this newsletter is designed to keep you informed and prepared.

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.