The key to success for the EU’s digital rulebook is streamlining governance structures, writes Isabelle Roccia.  

Isabelle Roccia is the managing director for Europe at the IAPP.

The last five years have had a tremendous impact on European digital policy. The Artificial Intelligence (AI) Act was perhaps the most visible pinnacle since the General Data Protection Regulation (GDPR), but it is far from being the only significant set of digital rules enacted. New laws on access, use and sharing of data, cybersecurity, content moderation, transparency, digital identity, and liability made it to the list, among others. 

The EU pioneering a digital rulebook is the logical continuation of a consistent policymaking strategy that started in the early 2000s. 

In a quarter of a century, Brussels devised laws for fundamental and other rights, infrastructure, technology and data – four of the building blocks required to support Europe’s digital superpower ambitions.

This led to the adoption of about 100 tech-focused laws, as noted by former Italian Prime Minister and President of the European Central Bank Mario Draghi in his recent report on the future of European competitiveness. 

A piece of law never comes alone. In the case of EU legislation, it may come with secondary legislation, technical guidance, regulators’ guidelines, opinions, enforcement decisions and court rulings, all of which appear at European, national and even local levels.

Legislation is becoming a fraction of the applicable rules in any given area, and digital governance is no exception.

In time, EU policymaking has led to a dispersion of the letter of the law, challenging organisations’ ability to build responsible governance. An unintended effect of the EU approach is feeding an overwhelming sense of disorientation as organisations face exponential regulatory complexity when operating in the digital world. 

The number of legal instruments in place is staggering. The complexity and uncertainty surrounding their compatibility with one another, or sometimes lack thereof, raise many unprecedented – and to-date unanswered – questions.

The regulatory structure that supports their interpretation and enforcement is already a Gordian Knot that is about to be tightened – Draghi’s report counted over 270 regulators active in digital networks across the EU. And this framework is confronted daily with the evolution of technology, business models, societal expectations, economics and geopolitics. 

Governance is not only an effect of the law, but also the primary enabler of its effectiveness.

Regardless of how technology advancements and societal norms inform the discussions, how policymakers shape the rules, and how regulators interpret and enforce them, the impact of Europe’s digital ambitions rests first and foremost on organisations’ ability and appetite to design and deploy responsible governance effectively. 

Proliferating digital governance regulation is creating a complex matrix of compliance obligations and risks for organisations, which in turn is accelerating organisational responses. 

Organisations’ ability to shape their digital governance and manage digital risks in an appropriate and sustainable manner directly drives the effectiveness of laws in practice.

Plans have started to emerge as European Commission President Ursula von der Leyen heads into a second mandate. The level of ambition and thirst for action on digital policy has not lessened, as the mission letters for the incoming college suggest. 

Themes that drove the last agenda over the last five years, such as sovereignty or human-centric approaches to policy, will remain an EU cornerstone – though they have been somewhat elusive notions. 

Beyond its power of initiative, the European Commission is a guardian of the treaties, the institution that monitors the implementation of the laws in and by member states.

As it unveils a new policy agenda, the Commission must do more than ever before, ensuring conditions that will encourage compliance and responsible digital governance are a priority.

Responsible digital governance is pivotal in serving the objectives the law was made to achieve – and the problems it was made to fix.