i6eal.de
DEEN
Start a project
EU Digital Law Ticker

EU digital law: what applies when?

NIS2, the Cyber Resilience Act, Data Act, DSA, eIDAS, AI Act, the Digital Omnibus … – EU digital law is growing fast. This ticker bundles the key laws with their compliance deadlines and a countdown to the next obligation.

Deadlines hand-verified against EUR-Lex and updated regularly.

Overview13 laws · 6 already fully in force
Next deadline2 August 2026AI Act
already appliesupcoming

  1. AI Act

    (EU) 2024/1689
    AI & liability

    The EU’s first comprehensive AI regulation with a staggered timeline. The high-risk deadlines are expected to be postponed by the Digital Omnibus – details in the dedicated AI roadmap.

    1. 1 August 2024Entry into force
    2. 2 February 2025Prohibitions + AI literacy apply
    3. 2 August 2025GPAI obligations apply
    4. 2 August 2026Transparency obligations (Art. 50) apply
    Official text · eur-lex.europa.eu Detailed roadmap

  2. Cyber Resilience Act (CRA)

    (EU) 2024/2847
    Cybersecurity

    EU-wide cybersecurity requirements for all products with digital elements (hardware and software) across the full lifecycle – with CE marking and vulnerability reporting duties.

    1. 10 December 2024Entry into force
    2. 11 September 2026Reporting obligations (Art. 14) apply
    3. 11 December 2027Main obligations fully apply
    Official text · eur-lex.europa.eu

  3. Data Act

    (EU) 2023/2854
    Data & platforms

    Governs fair access to and use of data from connected (IoT) products and related services; affects manufacturers, users and cloud providers.

    1. 11 January 2024Entry into force
    2. 12 September 2025Applies from
    3. 12 September 2026Data-access-by-design for new products
    Official text · eur-lex.europa.eu

  4. New Product Liability Directive

    (EU) 2024/2853
    AI & liability

    Modernises EU product liability and, for the first time, explicitly treats software and AI systems as 'products' under strict liability.

    1. 8 December 2024Entry into force
    2. 9 December 2026Transposition deadline – applies to products placed on the market after this date
    Official text · eur-lex.europa.eu

  5. eIDAS 2.0 – EU Digital Identity (EUDI Wallet)

    (EU) 2024/1183
    Digital identity

    Requires every member state to provide all citizens with a voluntary EU Digital Identity Wallet (EUDI Wallet) by the end of 2026.

    1. 20 May 2024Entry into force
    2. 31 December 2026Member states must provide the EUDI Wallet
    Official text · eur-lex.europa.eu

  6. European Health Data Space (EHDS)

    (EU) 2025/327
    Data & platforms

    EU-wide access to and exchange of electronic health data – for care (primary use) and research/innovation (secondary use).

    1. 26 March 2025Entry into force
    2. 26 March 2029Core obligations apply (primary & secondary use)
    Official text · eur-lex.europa.eu

  7. NIS2 Directive

    (EU) 2022/2555
    Cybersecurity

    EU-wide baseline cybersecurity standards (risk management, incident reporting, registration) for medium and large entities across 18 critical and important sectors.

    Germany: the transposition law (NIS2UmsuCG) is in force since 6 Dec 2025 – no transition period, covering ~29,500 entities.

    1. 16 January 2023Entry into force (EU)
    2. 17 October 2024EU transposition deadline
    3. 6 December 2025Germany: NIS2UmsuCG in force
    Official text · eur-lex.europa.eu

  8. DORA – Digital Operational Resilience Act

    (EU) 2022/2554
    Cybersecurity

    Framework for the financial sector's digital operational resilience: ICT risk management, incident reporting, resilience testing and oversight of ICT third-party providers.

    Directly applicable EU regulation; supervised in Germany by BaFin.

    1. 16 January 2023Entry into force
    2. 17 January 2025Applies from
    Official text · eur-lex.europa.eu

  9. Cyber Solidarity Act

    (EU) 2025/38
    Cybersecurity

    Strengthens EU-wide detection, preparedness and response to cyber threats – incl. a European alert system (cyber hubs) and an emergency mechanism. Addresses EU/state structures, not individual businesses.

    1. 4 February 2025Entry into force / applies
    Official text · eur-lex.europa.eu

  10. Data Governance Act

    (EU) 2022/868
    Data & platforms

    Rules for the re-use of protected public-sector data, for data-intermediation services and for data altruism.

    1. 23 June 2022Entry into force
    2. 24 September 2023Applies from
    Official text · eur-lex.europa.eu

  11. Digital Services Act (DSA)

    (EU) 2022/2065
    Data & platforms

    Obligations for online intermediaries, platforms and marketplaces against illegal content – with stricter duties for very large platforms (VLOPs).

    1. 16 November 2022Entry into force
    2. 17 February 2024General application (all services)
    Official text · eur-lex.europa.eu

  12. Digital Markets Act (DMA)

    (EU) 2022/1925
    Data & platforms

    Conduct rules for dominant 'gatekeeper' platforms to ensure fair and contestable digital markets.

    1. 1 November 2022Entry into force
    2. 2 May 2023Applies from
    3. 7 March 2024Compliance deadline for designated gatekeepers
    Official text · eur-lex.europa.eu

  13. Digital Omnibus (simplification package)

    COM(2025) – Vorschlag
    Reform / in progressIn negotiation

    Commission simplification package (Nov 2025) of two proposals: a 'Digital Omnibus' (GDPR, ePrivacy/cookies, NIS2, Data Act) and a 'Digital Omnibus on AI' that postpones the AI Act high-risk deadlines, among others. NOT YET FINAL.

    1. 19 November 2025Commission tables the package (2 proposals)
    2. 6 May 2026Political agreement on the AI part (trilogue)

    As of 2026-06-23: the AI part is politically agreed (trilogue 6 May, Council 13 May 2026) but not yet in the Official Journal – the postponed high-risk deadlines (Annex III → 2 Dec 2027, Annex I → 2 Aug 2028) only take effect on publication (expected before 2 Aug 2026). The data-protection/cookie part is still only a Commission proposal and may change significantly.

    Official text · europarl.europa.eu

Sources & status

Last checked: 23 June 2026

Curated overview, not legal advice. Deadlines are verified against EUR-Lex and official EU sources; see the status above. Specific obligations and exceptions follow from each legal act. The 'Digital Omnibus' is not yet final – flagged deadlines may change.

Frequently asked questions

What does the EU Digital Law Ticker show?

The key EU digital and cyber laws with their compliance deadlines – sorted by the next upcoming deadline, with a countdown. From NIS2 to the Cyber Resilience Act to the AI Act and the Digital Omnibus.

Where does the data come from?

The deadlines are hand-verified against EUR-Lex (the EU Official Journal) and official European Commission sources. We curate the list deliberately, because a wrongly stated deadline is worse than none.

What does 'In negotiation' mean for the Digital Omnibus?

The Digital Omnibus is a Commission simplification package that is not yet final. The AI part is politically agreed but not yet published in the Official Journal; the data-protection/cookie part is still only a proposal. We flag it accordingly.

Does NIS2 already apply in Germany?

Yes. Germany transposed the NIS2 Directive late but has now done so: the NIS2 transposition law (NIS2UmsuCG) is in force since 6 December 2025 – with no transition period.

Is this legal advice?

No. The ticker is an orientation overview. Which obligations apply specifically to your company is something we're happy to clarify in a conversation.

Digital law? We make it manageable with you.

We translate NIS2, CRA, Data Act & the AI Act into concrete steps for your company – without compliance theatre.

Start a projectSee services