The Council of Ministers and the European Parliament are responsible for the decision-making on European rules and regulations proposed by the European Commission. Some legislation impacts the digital government, as outlined below:
General Data Protection Regulation (GDPR)
The GDPR is the European privacy directive. In the Netherlands, it is further elaborated in the Dutch GDPR Implementation Act (in Dutch, Uitvoeringswet AVG). The law has been in effect since 2018. A report on the outcomes of this law is due in 2024, which may lead to a revision.
Digital Services Act (DSA)
The Digital Services Act came into effect across Europe in 2022. This law applies to intermediary services, including social media platforms and app stores. The DSA primarily aims to protect citizens from illegal content and misinformation.
Digital Markets Act (DMA)
The DMA came into force in 2023. This regulation assigns responsibilities to providers of major digital platforms and online service providers. The DMA includes rules, prohibitions, and obligations for these platforms. It also contains rules about the use and sharing of data.
European Digital Identity (eIDAS)
eIDAS stands for ‘Electronic Identities And Trust Services’. With eIDAS, the European member states have agreed to uniform concepts, levels of assurance, and digital infrastructure. In 2023, the eIDAS regulation was amended to make the access provided by this system universal. Part of the regulation is the cross-border use of European-recognised login tools and certificates.
Single Digital Gateway (SDG)
The Single Digital Gateway is a regulation that establishes a single digital access point. This gateway provides online access to the necessary information, administrative procedures, and services to live or run a business in another EU country.
Data Governance Act (DGA)
The Data Governance Act is a key pillar of the European Data Strategy. Its aim is to utilise data capacity for the benefit of European citizens and businesses. The DGA will make more data available and facilitate data sharing between sectors and EU countries.
Open Data and the Reuse of Public-Sector Information
The Directive on Open Data and the Reuse of Public-Sector Information promotes the use of open data by governments.
Directive on the Accessibility of Websites and Apps of Public Sector Bodies
The Directive on the Accessibility of Websites and Apps of Public Sector Bodies helps member states achieve their accessibility goals and meet the obligations of the UN Convention on the Rights of Persons with Disabilities (CRPD). Another goal of the directive is to harmonise the accessibility requirements of EU countries. In the Netherlands, the directive is further elaborated in the Temporary Decree on Digital Accessibility of the Government (in Dutch, Tijdelijk besluit digitale toegankelijkheid overheid).
Cybersecurity Legislation: NIS2 Directive
The Directive on Measures for a High Common Level of Cybersecurity Across the Union (NIS2) aims to further strengthen cybersecurity in Europe. The directive provides legal measures to raise the overall level of cybersecurity in the EU.
European legislation and regulations under negotiation:
Data Act
The Data Act allows public authorities to access data from third parties, provided the data is requested for a legitimate purpose, such as an emergency. The regulation was passed at the end of 2023 and has a long implementation period. It will be until 2026 before all the rules in the Data Act are mandatory.
AI Act
The AI Act includes requirements and frameworks for the development and use of AI systems by governments and market players, facilitating innovation and economic development while protecting public values.
Interoperability Act
The EU is working on a regulation to establish interoperability frameworks for sharing information in the public sector. There are already several EU interoperability initiatives, such as the European Interoperability Framework (EIF). They are non-binding and have limited impact. The Interoperability Act aims to improve the quality of public services across all EU countries. The regulation was provisionally adopted in 2023.
Cyber Solidarity Act
With the Cyber Solidarity Act, the European Commission strives to strengthen the cybersecurity capabilities of member states and the EU.
Gigabit Infrastructure Act
The proposed Gigabit Infrastructure Act focuses on accelerating the installation of high-quality networks by making it financially attractive. The proposal is still in an early stage and may take until 2030 to be enacted into law.