On September 30th, the IAPP (formerly the International Association of Privacy Professionals) released its EU Digital Laws Report 2025, a comprehensive analysis explaining and synthesizing the requirements of core EU digital laws. The report aims to provide a resource to help the broadest possible class of organizations, platforms, and developers comply with the Data Governance Act, the Data Act, the Digital Markets Act, the Digital Services Act, the EU AI Act, and the NIS2 Directive.
The 75-page report, prepared collaboratively by professionals from EU law firms, academia, and a banking institution, is divided into 8 chapters:
Chapter 1: Scope and Requirements provides an overview of each law, outlining its purpose, key requirements, and the types of organizations and activities that fall within its scope.
Chapter 2: Transparency examines the role of “transparency” within each law, including documentation, public disclosure, and reporting requirements.
Chapter 3: Accountability describes the accountability measures that ensure that organizations remain compliant, including contractual terms, codes of conduct, and legal obligations.
Chapter 4: Risk Assessments details the requirements under the DSA and the AI Act to conduct risk assessments and what these assessments must contain.
Chapter 5: Individual Rights outlines individuals’ rights with respect to activities covered by the laws, including available protections and remedies.
Chapter 6: Data Governance describes how the laws may impact data governance practices, including data storage, data security, consent, user reporting, and complaint remediation.
Chapter 7: Stakeholders and EU-Level Collaboration describes the laws’ relationships with government groups and institutions at the member state and EU level.
Chapter 8: The Interplay with GDPR analyzes each law’s relationship with the General Data Protection Regulation (GDPR), comparing and contrasting overlapping provisions and subject matter.
In light of the expanding responsibilities for professionals in fields such as AI governance, cybersecurity, and data protection, this report provides a foundational guidance for a strategy to build a robust compliance program in line with these laws.
Hintze Law PLLC is a Chambers-ranked and Legal 500-recognized, boutique law firm that provides counseling exclusively on global privacy, data security, and AI law. Its attorneys and data consultants support technology, ecommerce, advertising, media, retail, healthcare, and mobile companies, organizations, and industry associations in all aspects of privacy, data security, and AI law.
Hansenard Piou is an Associate at Hintze Law PLLC with experience in global data protection issues, including kids’ global privacy laws, AADC, privacy impact assessments, GDPR, and privacy statements.
