Data

Data

This subtopic contains guidance on EU level rules relating to non-personal data.

On 19 February 2020, the Commission published a ‘European Strategy for data’ with the aim to create a single market for data which will make the EU more competitive globally and will enable innovative processes, products and services. EU data initiatives include the EU Data Governance Act, the EU Data Act, the EU Open Data Directive, and access to in-vehicle data. It further includes Common European Data Spaces such as the European Health Data Space, and the European Mobility Data Space.

Tracking developments

Practice Note: EU data initiatives—tracker tracks the progress or implementation of the following initiatives:

•
EU Data Governance Act
•
EU Data Act
•
EU Open Data Directive
•
European Health Data Space
•
European Mobility Data Space
•
European Tourism Data Space
•
European Green Deal Data Space
•
Access to vehicle data, and
•
Data collection

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest EU Law News

Commission launches consultation to revise the EU Cybersecurity Act and strengthen the EU cybersecurity framework

The European Commission launched a call for evidence to support the preparation of a legislative proposal to revise the EU Cybersecurity Act. The initiative aims to strengthen EU cyber resilience, update the mandate of the EU Agency for Cybersecurity (ENISA) and improve the effectiveness of the European Cybersecurity Certification Framework. The Commission noted that the cybersecurity landscape has become significantly more complex and threat‑intensive since the Act’s adoption in 2019, while subsequent EU legislation has expanded ENISA’s tasks beyond its original mandate, creating the need to streamline, simplify and supplement the existing framework to ensure coherence, reduce administrative burdens and improve implementation for businesses and users. The initiative focuses on measures to support a secure and resilient Information and Communication Technology supply chain and the EU cybersecurity industrial base, addresses shortcomings in the certification framework such as slow adoption, unclear roles, limited agility and insufficient clarity on covered risks, including non‑technical factors, and considers alignment with newer instruments such as the Cyber Resilience Act. The Commission outlined policy options ranging from non‑legislative measures to targeted or comprehensive regulatory revision, stating that EU‑level action is required to prevent internal market fragmentation and to secure long‑term economic and social benefits through greater harmonisation, stronger cybersecurity and resilience, more efficient incident response and enhanced protection of fundamental rights, including personal data. The call for evidence will run until 20 June 2025.

Commission imposes definitive anti-dumping duties on Chinese steel cylinder imports

The European Commission has imposed definitive anti-dumping duties ranging from 57.7% to 90.3% on high-pressure seamless steel cylinders for compressed or liquefied gas imported from China. The measures follow an investigation that identified unfair trade practices covering cylinders of all diameters and volume capacities. During the investigation period, from 1 July 2023 to 30 June 2024, the EU market totalled 6.4 million units, of which 4.5 million units were imported from China.

Commission announces entry into force of EU-Singapore Digital Trade Agreement

The European Commission has announced that the EU-Singapore Digital Trade Agreement (DTA) entered into force on 2 February 2026, representing the EU's first standalone bilateral digital trade agreement. The DTA establishes rules for cross-border digital transactions and includes commitments on online consumer protection, personal data and privacy protection, as well as safeguards against unsolicited commercial communications. It promotes paperless trade, recognises the validity of electronic signatures, contracts and invoices and prohibits the imposition of customs duties on electronic transmissions. The DTA also prohibits unjustified data localisation requirements and the forced transfer of software source code. The DTA builds on the 2019 EU-Singapore Free Trade Agreement, with negotiations on the agreement having commenced on 20 July 2023.

ACER publishes Rules of Procedure for cross-border REMIT investigations

The Agency for the Cooperation of Energy Regulators (ACER) has published Rules of Procedure setting out how it will investigate suspected cross-border breaches of the EU Regulation on Wholesale Energy Market Integrity and Transparency (REMIT). This followed legislative changes in 2024 that gave ACER a mandate to investigate cases affecting more than one Member State. The rules explain how ACER will examine suspected insider trading, market manipulation, failures to disclose inside information, data reporting breaches and obligations on persons professionally arranging or executing transactions. They set out ACER’s investigatory powers, including on-site inspections, requests for information and interviews, while confirming that enforcement remains the responsibility of national regulatory authorities. The Rules of Procedure describe the stages of investigations, the decision-making process and the rights and obligations of the parties concerned. They are intended to ensure legal certainty, due process, fairness and efficiency. ACER is expected to begin using these cross-border investigatory powers from the second half of 2026.