ESAs Publish First List of Critical ICT Third-Party Providers Under DORA
The European Supervisory Authorities (the ESAs) have published the first list of critical ICT third-party providers (CTPPs) designated under the Digital Operational Resilience Act (DORA). This marks a key step in rolling out the DORA oversight framework, following a multi-stage assessment based on financial-entity registers, cross-sector criticality analysis and providers’ right to be heard. The […]
The Digital Omnibus: Targeted Amendments to the EU Digital Rulebook
The European Commission has unveiled a new digital package designed to cut administrative burdens for companies across the EU and streamline the Union’s fragmented digital rulebook. The package centres on, amongst other things, amending existing requirements relating to GDPR, AI Act, Data Act, e-privacy directive and other data legislation such as the Data Governance Act. […]
EDPB Publishes Opinion on European Commission’s Proposal to Extend UK Adequacy Decision for Data Transfers to December 2031
On 22 July 2025, the European Commission proposed draft decisions to extend the United Kingdom’s GDPR adequacy status until December 2031. This would allow EU organisations to continue transferring personal data to the UK without additional safeguards such as Standard Contractual Clauses. The European Data Protection Board (EDPB) has now issued its opinion, welcoming the […]
Swedish Accessibility Act – First Market Surveillance and Supervision by PTS
Following the entry into force of the Swedish Act on the Accessibility of Certain Products and Services in June, the Swedish Post and Telecom Authority (Sw. PTS) has initiated its first round of market surveillance and supervision under the new legislation. Market Surveillance – Laptops, Smartphones, and Tablets The market surveillance covers laptops, smartphones, and […]
Swedish Government Submits Bill on New Cybersecurity Act to Implement NIS 2
The Swedish Government has published the bill to implement the NIS 2 directive (2022/2555) into Swedish law. The proposal includes amongst other things the introduction of a new law, the Swedish Cybersecurity Act – which will replace the current Swedish Act (2018:1174) that implemented the previous NIS directive. The Cybersecurity Act largely aligns with the […]
Sweden Proposes National AI Legislation to Supplement the EU AI Act
Sweden has published its long-awaited government inquiry concerning the AI Act (SOU 2025:101). The inquiry essentially recommends that a new Swedish AI law and ordinance should supplement the AI Act, along with certain adjustments relating to national rules on secrecy and confidentiality. The proposed Swedish AI law and ordinance are relatively straightforward as they primarily […]
Prohibitory injunction request under GDPR is clarified by the CJEU
In Case C-655/23, the Court of Justice of the European Union (CJEU) was asked to clarify whether a data subject may obtain a prohibitory injunction to prevent further unlawful data processing under the GDPR, whether such relief depends on the risk of repetition, and how this interacts with claims for non-material damages. Opinion of Advocate […]
Digital Omnibus: Simplifying the EU’s Digital Rulebook
The European Commission is taking steps to simplify the EU’s complex digital regulations, with the aim to ease reporting requirements for businesses and to create a more consistent digital regulatory framework. The Digital Omnibus, part of the wider Digital Package on Simplification, targets overlapping and outdated rules across several digital areas. The goal of the […]
Proposed Amendments to the Swedish Gambling Act to Address Unlicensed Gambling
A new Swedish government inquiry has proposed significant amendments to the Gambling Act (Sw. spellagen (2018:1138)) in order to combat unlicensed gambling more effectively. Under the current Swedish law, companies that offer gambling services directed at the Swedish market are required to hold a Swedish license. This so-called “directional criterion” has been difficult to apply […]
Product safety in focus – EU joint market surveillance initiative
The Swedish Consumer Agency (Sw. Konsumentverket) has found that only 17% of tested children’s activity toys comply with EU standards, a finding made within the framework of the EU initiative Joint Actions on Compliance of Products (JACOP 2024). Under the initiative, market surveillance authorities from EU member states and EFTA countries assess whether a wide […]