This is the second part of our series analyzing the Danish public sector’s data protection assessments of Microsoft 365. Part one covered the Data Protection Impact Assessment (DPIA); this article focuses on the Transfer Impact Assessment (TIA), which specifically examines data transfers to third countries.

This is part one of a two-part series examining Denmark’s comprehensive data protection assessments related to Microsoft 365. This article focuses on the Data Protection Impact Assessment (DPIA), while part two will cover the Transfer Impact Assessment (TIA), which evaluates international data transfers.

The ENISA NIS360 report assesses the maturity and criticality of key sectors under the NIS2 Directive. Check how your sector is doing and learn what it means for you as a digital compliance professional in digital infrastructure, healthcare, finance, and other regulated industries.

Regulatory landscapes shift fast—are you keeping up? Every month, we scan over 50 official sources to bring you the latest must-know updates on GDPR, AI Act, DSA, and more. Our official knowledge database is constantly evolving to ensure you have access to the most authoritative guidance, regulatory reports, and compliance tools—all in one place. Below, you’ll find a concise summary of February’s key additions to StreamLex.eu, with direct links to help you navigate the latest legal updates with ease.

The European Union’s digital regulatory landscape is evolving rapidly, with new guidelines and technical specifications shaping compliance requirements for businesses. Key upcoming developments in 2025 include Digital Services Act (DSA) guidelines for protecting minors, Cyber Resilience Act (CRA) classifications for critical digital products, and Data Governance Act (DGA) rules for data altruism. These updates will impact online platforms, digital product manufacturers, and data-sharing organizations. Staying informed is essential for regulatory compliance and strategic planning.

On 17 February, the Swedish DPA released a two-part DPIA guidance document and a three-part DPIA template to support organizations with GDPR Article 35 compliance. The piece provides access to unofficial automated translations of the guidance.

With AI Act Article 4 on AI Literacy entering into application on 2 February 2025, organizations across Europe are increasing efforts to enhance AI literacy within their workforce. To support this, the EU AI Office has published a Living Repository of AI literacy practices, showcasing real-world approaches adopted by businesses and institutions. An analysis of this repository highlights key learning formats, target groups, and challenges organizations face when implementing AI literacy programs. These insights can help organizations develop AI training strategies that align with their workforce needs and business goals.

In January 2025, the European Commission unveiled its Competitiveness Compass, outlining strategic measures to boost the EU’s innovation and competitiveness. This article explores seven new legislative acts under Pillar 1: Closing the Innovation Gap, while also examining how the Commission plans to approach the mosaic of the existing digital laws like the GDPR, AI Act, Cyber Resilience Act, and Data Act.

The first requirements under the EU Artificial Intelligence (AI) Act come into effect on February 2, 2025, banning prohibited AI practices and requiring AI literacy measures for providers and deployers. The AI Act, which entered into force on August 1, 2024, is being implemented in stages, with most provisions applying by August 2, 2026. This article outlines the key provisions now in effect and considers additional guidance to be expected from the regulators.

The Cyber Resilience Act (CRA) relies heavily on delegated and implementing acts, along with guidance documents, adopted by the European Commission. This approach reflects a broader trend in EU legislation, particularly in complex and technical areas like cybersecurity. However, it also introduces regulatory uncertainty for businesses. This article examines the delegated and implementing acts under the CRA and explores their potential impact on economic operators.

The EU Cyber Resilience Act (CRA), in force since 10 December 2024, introduces mandatory cybersecurity requirements for products with digital elements in the EU market. The legislation impacts manufacturers, importers, and distributors of hardware and software with digital components. This article outlines the key provisions of the regulation, focusing on aspects relevant to manufacturers of digital products, and explains the implementation timeline and enforcement approach.

The European Union has taken a significant step forward in modernizing its product liability framework. On 18 November 2024, the new Product Liability Directive (PLD) was officially published, marking a shift in how the EU addresses liability for defective products in the digital age. This update to the nearly 40-year-old regime brings major changes that will impact businesses across various sectors, particularly those involved in software and AI development.