The European Commission has launched a consultation on new guidelines clarifying obligations for general-purpose AI (GPAI) providers under the EU AI Act. These GPAI guidelines define compliance requirements, thresholds for systemic risks, and obligations for providers and downstream modifiers. Stakeholders must submit feedback by 22 May 2025. Final guidelines are expected by mid-2025, alongside a General-Purpose AI Code of Practice.

Learn what the Cyber Resilience Act is, which digital products it applies to, when it comes into force, and how to access the full text PDF via EUR-Lex or Streamlex.

A simplified guide to the EU AI Act text with risk categories, obligations, and a link to the full PDF.

Regulatory landscapes shift fast—are you keeping up? Every month, we scan over 50 official sources to bring you the latest must-know updates on GDPR, AI Act, DSA, and more. Our official knowledge database is constantly evolving to ensure you have access to the most authoritative guidance, regulatory reports, and compliance tools—all in one place. Below, you’ll find a concise summary of key additions to StreamLex.eu during March and April, with direct links to help you navigate the latest legal updates with ease.

On 2 April 2025, the European Commission's Expert Group on B2B Data Sharing and Cloud Computing Contracts published a set of model contractual terms (MCTs) and standard contractual clauses (SCCs). These templates are designed to help companies comply with the Data Act and establish fair, secure, and transparent agreements for data sharing and cloud services. Streamlex has converted the original documents into editable Word formats for ease of use.

As part of the European Commission’s broader push to simplify and streamline EU digital legislation, the EU Cybersecurity Act (CSA) is now under review. A public consultation, open until 20 June 2025, invites feedback on the implementation of the CSA and its two central pillars: ENISA's mandate and the European Cybersecurity Certification Framework (ECCF).

This is the second part of our series analyzing the Danish public sector’s data protection assessments of Microsoft 365. Part one covered the Data Protection Impact Assessment (DPIA); this article focuses on the Transfer Impact Assessment (TIA), which specifically examines data transfers to third countries.

This is part one of a two-part series examining Denmark’s comprehensive data protection assessments related to Microsoft 365. This article focuses on the Data Protection Impact Assessment (DPIA), while part two will cover the Transfer Impact Assessment (TIA), which evaluates international data transfers.

The ENISA NIS360 report assesses the maturity and criticality of key sectors under the NIS2 Directive. Check how your sector is doing and learn what it means for you as a digital compliance professional in digital infrastructure, healthcare, finance, and other regulated industries.

The European Union’s digital regulatory landscape is evolving rapidly, with new guidelines and technical specifications shaping compliance requirements for businesses. Key upcoming developments in 2025 include Digital Services Act (DSA) guidelines for protecting minors, Cyber Resilience Act (CRA) classifications for critical digital products, and Data Governance Act (DGA) rules for data altruism. These updates will impact online platforms, digital product manufacturers, and data-sharing organizations. Staying informed is essential for regulatory compliance and strategic planning.

Regulatory landscapes shift fast—are you keeping up? Every month, we scan over 50 official sources to bring you the latest must-know updates on GDPR, AI Act, DSA, and more. Our official knowledge database is constantly evolving to ensure you have access to the most authoritative guidance, regulatory reports, and compliance tools—all in one place. Below, you’ll find a concise summary of February’s key additions to StreamLex.eu, with direct links to help you navigate the latest legal updates with ease.

On 17 February, the Swedish DPA released a two-part DPIA guidance document and a three-part DPIA template to support organizations with GDPR Article 35 compliance. The piece provides access to unofficial automated translations of the guidance.

With AI Act Article 4 on AI Literacy entering into application on 2 February 2025, organizations across Europe are increasing efforts to enhance AI literacy within their workforce. To support this, the EU AI Office has published a Living Repository of AI literacy practices, showcasing real-world approaches adopted by businesses and institutions. An analysis of this repository highlights key learning formats, target groups, and challenges organizations face when implementing AI literacy programs. These insights can help organizations develop AI training strategies that align with their workforce needs and business goals.

In January 2025, the European Commission unveiled its Competitiveness Compass, outlining strategic measures to boost the EU’s innovation and competitiveness. This article explores seven new legislative acts under Pillar 1: Closing the Innovation Gap, while also examining how the Commission plans to approach the mosaic of the existing digital laws like the GDPR, AI Act, Cyber Resilience Act, and Data Act.

The first requirements under the EU Artificial Intelligence (AI) Act come into effect on February 2, 2025, banning prohibited AI practices and requiring AI literacy measures for providers and deployers. The AI Act, which entered into force on August 1, 2024, is being implemented in stages, with most provisions applying by August 2, 2026. This article outlines the key provisions now in effect and considers additional guidance to be expected from the regulators.

The Cyber Resilience Act (CRA) relies heavily on delegated and implementing acts, along with guidance documents, adopted by the European Commission. This approach reflects a broader trend in EU legislation, particularly in complex and technical areas like cybersecurity. However, it also introduces regulatory uncertainty for businesses. This article examines the delegated and implementing acts under the CRA and explores their potential impact on economic operators.

The EU Cyber Resilience Act (CRA), in force since 10 December 2024, introduces mandatory cybersecurity requirements for products with digital elements in the EU market. The legislation impacts manufacturers, importers, and distributors of hardware and software with digital components. This article outlines the key provisions of the regulation, focusing on aspects relevant to manufacturers of digital products, and explains the implementation timeline and enforcement approach.

The European Union has taken a significant step forward in modernizing its product liability framework. On 18 November 2024, the new Product Liability Directive (PLD) was officially published, marking a shift in how the EU addresses liability for defective products in the digital age. This update to the nearly 40-year-old regime brings major changes that will impact businesses across various sectors, particularly those involved in software and AI development.