Contact

Digital Regulation

Our expertise extends into all aspects of digital and data-related regulation. Whether you need advice on navigating online platform rules under the Digital Services Act, new data access requirements for IoT providers or cloud-switching rules under the Data Act, or how to navigate the increasingly-sophisticated cybersecurity landscape across regulations like NIS2, DORA and the Cyber Resilience Act, we’ve got your back.

How We Can Help

This has been a transformational decade for the use of digital services in Europe, and regulation of those services.

Europe’s digital agenda has ushered in a raft of new regulations – from new rules designed to forge safe, open digital markets that emphasise user rights and support competition, to rules promoting data sharing, data access and ease of switching cloud services.

At the same time, the United Kingdom’s departure from the European Union has led to the evolution of new UK laws that, while they may have counterparts in European legislation, often have their own distinct requirements and characteristics.

Staying abreast of these developments and their practical implications is challenging, and this is where Digiphile is here to help.

Identify legal gaps

For any new digital law, the starting point for any client is to identify any gaps between its existing measures and the new requirements. We help clients undertake this exercise and to identify what compliance measures they should prioritise, taking account of cost and risk.

Cloud switching

Europe's Data Act introduces new requirements for cloud providers to enable easy switching to alternative cloud services. We advise cloud customers and vendors on the scope of these new rights, how to exercise them, and impacts on contractual relationships.

Platform liabilities

Europe's Digital Services Act updated long-standing intermediary liability rules in the EU, while also introducing strict regulation of online platforms. We help clients to determine whether they fall under new online platform rules, the obligations that arise if so, and how to implement these requirements.

Online Profiling and Advertising

Beyond GDPR requirements regulating the targeting and delivery of online advertising and content, our team is well-versed to advise on additional requirements for transparency and recommender systems found in laws like the DSA and DMA.

European Cybersecurity compliance

We help clients understand the increasingly-regulated cybersecurity landscape, including laws like DORA and NIS2 that impose new requirements for cyber governance, contracting and incident reporting.

IoT data access regulations

Starting in September 2025, manufacturers of internet of things devices and providers or related services will be subject to new data access and portability rules - including for non-personal data. We can advise on how to prepare for and implement these new requirements.

Yes, it does. However, other laws apply in addition to the GDPR. These include the ePrivacy Directive, which specifies consent requirements for cookies, but also, more recently, the EU’s Digital Services Act (DSA). Among other things, the DSA contains rules prohibiting the use of dark patterns by online platforms to manipulate user choices, as well as rules against the use of sensitive data or children’s data for targeted advertising. It also specifies requirements to provide real-time transparency information to individuals about the “main parameters” used to target them with adverts on online platforms.

The NIS 2 Directive will come into effect into EU Member States (if transposed on time) on 18 October 2024. It imposes reporting requirements for “significant incidents” that are separate from, and apply in addition to, any personal data breach reporting requirements that may also arise under the GDPR. Where a significant incident occurs, entities must submit an initial “early warning” report to the competent authorities within 24 hours, with a follow-up report to occur within 72 hours of the incident and a final detailed follow-up report within 1 month (unless the incident is still ongoing). If requested by the competent authorities, the impacted entity may also need to provide intermediate reports to the authorities prior to the final report.

In addition to these requirements, impacted entities are also required to notify their service recipients without undue delay if the incident is likely to adversely affect the provision of the services.

The Data Act is a law that will come into effect on 12 September 2025. It sets out wide-ranging new rules designed to enhance the EU’s data economy and foster a competitive data market.

Among other things, it gives B2C an B2B users of connected products (i.e. Internet of Things) greater access to the data they generate, and lays down rules for providers of connected products and related services to share data with other businesses. It also prohibits certain unilaterally imposed data-related terms in B2B contracts that are deemed unfair, and creates new rules intended to enable users of cloud services to switch service providers more easily, by requiring providers of data processing services to provide greater transparency about the possibility of switching and prohibiting contractual terms intended to discourage switching.

Frequently Asked Questions

Please reach out to our team if your question is not listed here. Our experts are always ready to provide the guidance and support you need.

Contact Us

Want to know more? Get in touch with us today.

Get in Touch

We are a team of forward-thinking legal experts committed to simplifying complex legal challenges. We specialise in delivering simple, strategic and actionable advice to empower your business in the digital world.

  • Digiphile Services Limited
    86-90 Paul Street,
    London,
    EC2A 4NE
    United Kingdom

© 2024 Digiphile.

"Digiphile" and the Digiphile "Simple. Strategic. Actionable." logo are registered trade marks of Digiphile Services Limited.

Website design by