News

In a nutshell: The European Commission published the 28^th regime proposal and opened feedback for the Cyber Resilience Act guidance. The European Council adopted conclusions on competitiveness and the single market. The Council of the EU adopted conclusions on the EU’s capacity to counter hybrid threats. The EDPB and EDPS published a joint opinion on the Cybersecurity Act 2.0 and NIS 2 amendments. The European Economic and Social Committee published an opinion on the Digital Omnibus. CJEU Advocate General delivered an opinion on high-risk suppliers.

In a nutshell: The European Commission published a Submarine Cable Security Toolbox and Cable Projects of European Interest, 2026 Annual Single Market and Competitiveness Report, an IPRED study, and a counter terrorism strategy. The European Parliament held a hearing on CPC Regulation reform. The Council of the EU adopted a position on the 2030 Consumer Agenda. EDPB adopted a report on the right to be forgotten. EDPB, jointly with EDPS, adopted an opinion on the Digital Omnibus proposal. NIS Cooperation Group adopted an ICT supply chain toolbox. EU Member States published non-papers on competitiveness.

In a nutshell: Cyprus took over the presidency in the Council of the EU. The EU institutions agreed on the EU legislative priorities. The European Commission is seeking input on tackling online fraud, open-source strategy and is assessing further steps to curb online piracy of sports and other live events. The Commission also published its proposals for the Cybersecurity Act 2.0, NIS2 amendments, and the Digital Networks Act. The Council of the EU published a statement on European competitiveness. The European Parliament is finalising its views on the upcoming 28^th regime for innovative companies. Crafts and industrial GIs can be registered under the new protection scheme.

In a nutshell: The European Commission published the proposals on Digital Omnibus and the European Business Wallet and unveiled the strategy of the European Democracy Shield. The Commission also published its report on the necessity of a domain name information and alert system for the agricultural geographical indications, and launched a call for applications for a Multi-Stakeholder Forum on Internet Standards Deployment. In addition, the European Commission is seeking views from the public on the upcoming reform of EU public procurement, and on further Digital Fitness Check in line with its simplification agenda. The EU institutions reached an agreement on the Insolvency Directive proposal and the Payment Services Regulation. EU Member States signed a declaration for European Digital Sovereignty.

In a nutshell: The European Commission presented its 2026 work programme, the report on simplification, the Apply AI Strategy, a report on submarine cable security, the Cloud Sovereignty Framework, and together with EDPB published joint guidelines on DMA and GDPR. In addition, the European Commission is consulting on the upcoming EU Quantum Act. The European Council shared conclusions on simplification and sovereign digital transition. EU digital ministers agreed on a declaration on online protection of minors. ENISA published the annual Threat Landscape report. ESMA and EBA published the 2026 work programme.

In a nutshell: The Commission President von der Leyen presented her State of the Union speech. The European Commission published 2025 Strategic Foresight Report, guidelines under the CER Directive and opened a call for evidence on the Digital Omnibus. The European Parliament adopted a resolution on the IGF, and a report on the revision of the public procurement framework. The CJEU dismissed a case against the EU-US data transfer framework, and clarified the scope of personal data in data transfers. The EDPB published guidelines on the interplay between the DSA and the GDPR. The EDPS adopted an opinion on the UN Cybercrime treaty.

In a nutshell: The European Commission presented a proposal for the EU budget, launched calls for evidence on the 28^th regime, for revising Europol’s mandate, and the Digital Fairness Act. It also published a roadmap on FOSS. Eight Member States have yet to transpose the NIS 2 Directive into their national legal frameworks. The NIS Cooperation Group has launched a public consultation on post-quantum cryptography and published its annual report about NIS incidents in 2024. The ENISA Advisory Group published an opinion paper on the NIS 2 implementation. The Dutch government published a non-paper on the Cyber Security Act. The EDPB and the EDPS published a joint opinion on the proposal for GDPR simplification. The EDPS closed its investigation into the European Commission’s use of Microsoft 365.

In a nutshell: The European Commission published the review of the progress towards the Digital Decade targets, published a roadmap on access to data and opened a data retention consultation and a call for evidence on the Standardisation Regulation. The Danish Presidency of the Council of the EU outlined its priorities. The Council of the EU included a domain-level enforcement measure in the Payment Services Regulation and reached a general approach on the Insolvency Directive. The JURI Committee of the European Parliament adopted its version of the Insolvency Directive. ENISA published two NIS 2-related guidance documents and launched a call for experts on the Managed Security Services. Europol published a new Internet Organised Crime Threat Assessment 2025. 

In a nutshell: The European Commission published an International Digital Strategy, a non-paper on WSIS+20 review process, and opened a call for evidence Consumer Agenda 2025-2030 and European Business Wallet. The European Parliament adopted a report on European tech sovereignty, and published its findings and recommendations on the European Democracy Shield. The Council of the EU published its latest version of the insolvency proposal. Polish Presidency at the Council of the EU published conclusions on strengthening EU democratic resilience. ENISA published a handbook for cyber stress tests.

In a nutshell: European Commission started the review of the EU Cybersecurity Act, held a conference on the governance of Web 4.0 and Virtual Worlds, opened consultations on the International Digital Strategy, AI initiatives and EUID specifications. European Parliament’s committees presented draft reports on insolvency, product safety and regulatory compliance in e-commerce, and on public procurement. ENISA launched the EU Vulnerability Database. Polish presidency published a note on disinformation and threats in cyberspace to young people.