Close
What would you like to look for?
Site search
11 September 2024 EU Data Act, CRA, DSA, AI Act, etc.: Five-minute training videos
  • Which law applies where and how?
  • What needs to be done?
  • Seven short training videos

Some like to refer to the "Blue Wall" of digital regulation: As part of its "Digital Agenda", the EU is enacting more and more laws on the handling and protection of data and digital systems in all colors and forms. As usual, they all need to be observed and implemented. For many companies, the challenge is to actually understand which of its particular products, applications and processes are subject to which particular regulation. Regulations in the digital sector have become so complicated and are increasing so rapidly that the legal departments of companies constantly need to confront their business and product teams with new requirements.

In relation to this, a global industrial group asked us to produce short training videos for the employees in their various companies to make them aware of the most important points of the new regulations. They are designed to enable employees to understand for their particular area of work, whether and which of the various provisions could be applicable and the implications for them. It is not intended that they should not become experts and the videos do not replace legal advice but they convey a basic understanding of the rules, create awareness and help employees recognize where and when specialists need to be consulted.

The training videos, each only around five minutes long, cover the following topics:

  • AI Regulation (AI Act) - the EU law that regulates the use of risky AI systems, bans certain applications altogether and imposes certain transparency requirements for all others;
  • Digital Services Act (DSA) - the EU regulation that sets out rules for all those who provide Internet, hosting, cloud or online services (while primarily designed to protect consumers, the DSA also applies to the B2B sector, e.g. when companies offer cloud-based services);
  • Data Act - the EU law that contains rules for "connected" products and the data they generate (e.g. that these must also be made accessible to competitors), for the exchange of data in general (e.g. requirements for contracts) and for cloud computing services;
  • Cyber Resilience Act (CRA) - the upcoming EU law that contains cyber security requirements for all types of electronic products (i.e. anything that could be a direct or indirect target of a cyberattack), such as the obligation to make available security patches;
  • NIS2 - the EU directive that contains cybersecurity requirements for critical infrastructures, which can even affect companies whose sector and activities are not included in one of the extensive lists because they serve as a supplier to a covered company;
  • Digital Markets Act (DMA) and Data Governance Act (DGA) - the EU regulations that regulate large online "gatekeepers" due to their market power and regulate access to government data, among other things, both of which can offer opportunities for other companies;
  • General Data Protection Regulation (GDPR) - the EU regulation that has governed the handling of personal data for several years now (we have integrated it into the package as a bonus track, so to speak).

Most of these decrees may also affect companies outside the EU. Some of the laws are already applicable, others will become so in the next few years, although the transition periods should already be used to plan and implement any necessary measures. As a result of the Data Act and Cyber Resilience Act, a number of products will have to be adapted, internal processes will have to be established and contracts with customers and suppliers will have to be amended. Several of our clients have already begun to examine where and how they are subject to these laws and some of them have already started further implementation work.

We are now making the training videos available to other companies that want to introduce the relevant employees to the new regulations as part of a clean governance and compliance process. They are intended for employees active in "business" functions (e.g. product development, management and sales) and employees in legal & compliance, but not for specialists whose task is to advise on this regulation (they need more in-depth knowledge).

In the videos, a digital avatar of David Rosenthal explains the three most important points of each of the laws in English. There is a brief introduction at the beginning and a short summary at the end. Each video lasts four to six minutes and it is clearly pointed out in each of them that the relevant internal specialists should be contacted if there are any questions.

The EU Data Act looks like this:

The videos can be obtained from us as a package for a one-off license fee (depending on the company size) for unlimited internal use. The videos are each provided with the logo of the company or group and are otherwise neutral in design. Individual adaptations are generally possible but are subject to additional costs. Inquiries should be addressed to [email protected] or the author of this article.

David Rosenthal

Author