Regulatory intelligence by RS Strategy

What's moving in EU digital regulation

The texts with a live deadline, an ongoing transposition, or an amendment in flight. Settled law is not here. One card per text.

Last verified 11 Jul 2026 See the timeline →

Tracker

Filter by cluster, sorted by the next date that bites.

Cyber Applying

Cyber Resilience Act

Regulation (EU) 2024/2847

GovernsCybersecurity of products with digital elements on the EU market.
Applies toManufacturers, importers, distributors and open-source stewards of products with digital elements.

The EU's cybersecurity rules for products with digital elements. The first duty to bite is vulnerability reporting from 11 September 2026, not full application in 2027.

Cyber Transposing

NIS2 Directive

Directive (EU) 2022/2555

GovernsBaseline cyber-risk management, ICT supply-chain security and incident reporting.
Applies toEssential and important entities across 18 sectors providing critical services in the EU.

The EU's baseline cybersecurity directive for essential and important entities, extended by the digital-infrastructure implementing regulation and the NIS Cooperation Group's ICT supply-chain toolbox.

Cyber In negotiation

Cybersecurity Act revision (CSA2)

COM(2026) 11

GovernsRevision of the Cybersecurity Act: ENISA mandate and certification, ICT supply-chain security framework.
Applies toENISA, national cybersecurity authorities, ICT product and service vendors and customers.

Reworks the EU Cybersecurity Act by updating ENISA’s mandate, reshaping certification and adding an ICT supply-chain security framework.

Omnibus In negotiation

Digital Omnibus (data)

COM(2025) 837

GovernsSimplification of the data and cyber acquis; single incident-reporting entry point; merges DGA, Open Data Directive, Free Flow of Non-Personal Data and P2B into the Data Act.
Applies toAnyone under the EU data and cybersecurity acquis.

The Commission’s clean-up pass on the EU data rulebook, cutting overlap across GDPR, the Data Act, ePrivacy and NIS2.

Omnibus In negotiation

Digital Omnibus on AI

COM(2025) 836

GovernsSimplification of the AI Act, chiefly the timing of high-risk obligations ("stop-the-clock").
Applies toAnyone in scope of the AI Act.

The Commission’s proposal to ease AI Act implementation, mainly by delaying high-risk obligations until relevant standards are available.

Omnibus Applying

Artificial Intelligence Act

Regulation (EU) 2024/1689

GovernsAI systems placed on the EU market, regulated by risk tier.
Applies toProviders, deployers, importers and distributors of AI systems placed on the EU market.

The EU's risk-based AI rulebook. The Digital Omnibus proposes moving high-risk obligations, tied to available standards with a long-stop of December 2027.

Omnibus Applying

Data Act

Regulation (EU) 2023/2854

GovernsAccess to and sharing of connected-product data; cloud switching.
Applies toMakers, holders and recipients of connected-product data, and the public sector.

Rules on who can access and share data from connected products and related services, now being amended by the data omnibus.

Omnibus Being merged

Data Governance Act

Regulation (EU) 2022/868

GovernsData-sharing framework, data intermediaries, data altruism.
Applies toData intermediaries, public-sector bodies, data-altruism organisations.

The EU’s framework for data intermediaries and data altruism, set to be repealed and folded into the Data Act.

Infrastructure In negotiation

Digital Networks Act

COM(2026) 16

GovernsTelecoms framework reform replacing the EECC: spectrum, 'fair share', satellite connectivity, and equipment supply-chain security.
Applies toElectronic-communications operators and providers.

A rewrite of EU telecom rules covering spectrum, investment, satellite connectivity and equipment supply-chain security.

Infrastructure In negotiation

Cloud and AI Development Act

COM(2026) 502

GovernsCloud sovereignty tiers, public procurement and EU compute capacity.
Applies toCloud and AI infrastructure providers, and public buyers.

Sets sovereignty tiers for cloud and AI infrastructure, especially in public procurement, while pushing EU compute capacity.

Infrastructure In negotiation

Chips Act 2.0

COM(2026) TBC

GovernsRevision of the 2023 Chips Act: supply-chain resilience, demand-side measures, emergency powers.
Applies toThe semiconductor supply chain and end markets.

The semiconductor arm of the tech-sovereignty package, updating resilience tools, investment rules and crisis powers.

Infrastructure In negotiation

EU Space Act

COM(2025) 335

GovernsSafety, resilience and sustainability of space activities; lex specialis to NIS2 for space operators.
Applies toSpace operators and operators of ground and space infrastructure.

Tailored safety, resilience and cybersecurity rules for space activities, acting as a sector-specific rulebook alongside NIS2.

Corporate In negotiation

EU Inc (28th regime)

COM(2026) 321

GovernsOptional EU-wide corporate legal form for innovative companies, digital-only.
Applies toStartups and scaleups incorporating across borders.

Creates an optional EU-wide company form for innovative firms to incorporate digitally across borders under one regime.

Corporate In negotiation

European Business Wallets

COM(2025) 838

GovernsSecure cross-border identification, e-signing and document exchange for businesses.
Applies toEconomic operators and public-sector bodies.

A business digital wallet for cross-border identification, signing and document exchange, built on the eIDAS framework.

If one of these is already on your desk, you know where to start.

Work with RS Strategy