The digital world is facing a major turning point. The EU Data Act, the Cyber Resilience Act (CRA) and the AI Act are to be passed before the European elections in June 2024.
EU Data Act: New rules for data use & sharing in the digital economy
At the center of this development is the EU Data Act, which has reached the final stages of the legislative process. This will regulate data access and data use of non-personal data uniformly throughout the EU. After long negotiations between the Council, the EU Parliament and the EU Commission, clear guidelines are emerging. These concern not only the flow of data within companies, but also that of machines. Data generated during the use of networked machines or associated services must be made available to users. This means that customers will have direct access to all machine data and can even demand that it be passed on to third parties.
Companies are being asked to adapt their data-based business models and contracts to comply with the new requirements. Special consideration is given to small and medium-sized enterprises, which can benefit from special regulations.
It is expected that the Data Act will formally come into force at the beginning of 2024; the requirements would then apply after a transition period of 20 months towards the end of 2025.
Cyber Resilience Act: New security standards for networked products & IT security
With regard to digital security, the Cyber Resilience Act (CRA) will play a significant role. This act will introduce mandatory cybersecurity requirements for networked hardware and software products and thus also affects all networked machines and components.
Negotiations on the CRA are proceeding comparatively smoothly, and political agreement is expected before the end of the year. The new regulations are then expected to be applied from mid-2026 or 2027.
EU AI law: New rules for responsible & safe Artificial Intelligence
One particularly much-discussed project is the European law on artificial intelligence (AI). This law aims to ban ethically questionable AI applications and introduce stricter regulations for so-called "high-risk AI". These regulations will also affect manufacturers of mobile machinery, particularly if AI is used in safety-relevant functions.
The negotiations here are complex and polarizing, as different views exist on the use and limits of AI. Agreement is being sought, but the timing of this is not expected to be until after the EU elections in June 2024 due to the multi-layered discussions and technological developments.
