Dive Brief:
- Nearly one quarter of business professionals are not confident in their organization’s ability to comply with the increasing number of EU digital regulations, according to a report from the IAPP, a nonprofit data privacy organization. Slightly more than half of surveyed professionals are only somewhat confident in their ability to comply.
- As digital laws like the EU AI Act, Data Governance Act, Data Act, Digital Markets Act, NIS2 Directive and Digital Services Act go into effect, IT leaders play a key role in ensuring their organization’s compliance, Müge Fazlioglu, principal researcher of privacy law and policy at IAPP and author of the EU Digital Laws Report 2025, told CIO Dive.
- “The digital law and policy environment, not only in the EU but globally, is challenging,” Fazlioglu said. “We live in this world where increasing amounts of data are being collected and processed, and this is accelerating with the use of AI across nearly every sector. We are seeing more moves from lawmakers and regulators to manage and guide this ecosystem with new laws and policies.”
Dive Insight:
The proliferation of digital laws and regulations comes at a time when businesses are rapidly deploying new advances in AI while lacking confidence in their ability to be fully compliant with new laws.
Only one in five respondents to IAPP’s Privacy Governance Report 2024, cited in the IAPP’s EU digital laws report, indicated feeling totally confident in their organization’s ability to fully comply with the sprawling set of bills.
Tracking the requirements and different implementation stages of novel regulations is a critical issue for business leaders, Fazlioglu said.
“Most digital governance professionals are not displaying high degrees of confidence in their organization’s ability to track and comply with new requirements from across this emergent suite of EU digital laws,” she said.
The EU’s array of digital laws seeks to protect personal and non-personal data, ensure markets remain competitive and create new data sharing infrastructures. The Data Act, for example, aims to increase accessibility to high quality data by imposing data-sharing obligations on certain organizations. Meanwhile, the DMA aims to regulate competition among digital platforms.
As a result, Fazlioglu said businesses must prioritize not only how to implement the laws’ various requirements, but consider how they intersect with each other as well as previous regulations like the EU’s General Data Protection Regulation.
Large U.S. tech providers are already facing challenges complying with the EU’s digital laws. In April 2025, the European Commission decided that Apple and Meta’s service offerings in Europe did not comply with the DMA. The commission is the executive arm responsible for enforcing EU laws.
The EU is also cracking down on non-U.S. companies, including Chinese-owned retail company Temu, which the commission found to be in breach of the DSA earlier this year.
