Europe's Digital Awakening | Risk Advisory | Deloitte Netherlands


Europe’s Digital Awakening

A Guide to a Europe fit for the Digital Age

By now you have probably gathered many bits and pieces about the European Union`s digital ambitions. However, it can be difficult to navigate the chaotic legislative scene which brings up something new at every corner. To relieve some of the difficulties, we have untangled the European digital framework with a thematic guide to the “A Europe fit for the Digital Age” program.

The Big Picture

In our previous blog, we have introduced you to European Union`s strategy for digital technologies, ‘A Europe fit for the Digital Age’. In that piece, we outlined what the EU sees as the "European way" toward a digital society. Whether you use or deploy Artificial Intelligence (AI), online platforms, cloud services, blockchain, robots, or other digital technologies, be prepared for inevitable new rules that you will have to comply with.

The European Commission, leading the regulatory effort, has put forward over a dozen of new or updated Directives and Regulations as part of its digital strategy. These proposals are complementary to previous digital legislation such as the GDPR, the Cybersecurity Act, or the Open Data Directive, as they are expected to form a cohesive digital framework for Europe.

Europe fit for the Digital Age Themes

In this blog, we start by introducing general themes as we will explore each regulation individually in our upcoming blogs. We do this for two reasons: firstly, all these new Directives and Regulations are interconnected; none of them should be read or implemented just by itself, and, secondly, there are a number of themes that can be identified across these proposals, and it’s important to recognize and understand that to manage them efficiently.

The themes that we see are Data, Artificial Intelligence, E-commerce, Cybersecurity, and Digital Finance.


Data is an essential resource for progress and innovation. In a world where a small number of Big Tech companies hold a large part of the global data, the EU seized the opportunity to reclaim its data sovereignty. The strategy includes new rules for data governance, access, and reuse alongside impressive investments in processing infrastructures or data sharing tools. After the success of the GDPR, the EU has proven it has what it takes to set high standards which will resonate internationally. Aside from boosting our data economy, the strategy will have great implications for future technological developments in 5G, 6G, quantum, and cloud computing. We`re taking our first steps toward unlocking the enormous potential of data.

Artificial Intelligence

Artificial Intelligence is here to stay. Its vast application across industries hints at an increased dependency on AI-enabled technologies, such as voice assistants, online translation, or autonomous robots. Europe`s strategy for AI strives to build trust by ensuring human agency, transparency, and accountability for all applications. Aside from upcoming rules for developing and deploying AI, the EU is keen on stimulating investments and creating sandboxes to test responsible solutions. Be ready to witness a new regulatory paradigm for innovation.


Search engines, online marketplaces, and social media platforms are being used on a daily basis by millions of Europeans. Digital platforms are now an essential part of the way we work, learn, and enjoy our free time. But are we truly getting the best out of our online interactions? The uptake of manipulative advertising, illegal trade of goods, or possible monopoly positions of a few companies makes it clear that we need a new way of managing our digital environment. That is why the EU set in motion new Regulations for a safer and fairer online world. We are expecting traceability for online sellers, accountability for the largest organizations, more control for users over the content they are seeing, and many more requirements which will transform our online experience.


There is no doubt that cyber threats have evolved both in frequency and complexity. Despite having a good foundation in terms of cyber capabilities, the EU recently published a new Cybersecurity Strategy meant to fill in the gaps and to strengthen our collective resilience. We expect the implementation of new common standards and certification schemes for products, more security obligations for companies, and stricter rules for placing radio equipment on the market. Requirements are followed by investments, with 1.6 billion euros to be spent on strengthening our cybersecurity infrastructure. We are looking ahead to a great mobilization of resources for both the public and private sectors.

Digital Finance

The financial sector was not overlooked. Leading a strong initiative, the EU plans to boost the FinTech sector and to take advantage of its applications in big data, cybersecurity, blockchain, interoperability, and many more. The lack of coordination between European countries resulted in overlaps, inconsistencies, and high compliance costs. New rules will aim to mitigate these risks and ensure more safeguards and testing of ICT financial systems. In addition, the previously unregulated areas of the crypto-asset industry are now subjected to new requirements. Providers will face transparency and oversight obligations, so the best thing you can do is prepare in advance for what`s to come.

GDPR Mimesis/ Imitation

Why change something that works? The GDPR stands out as a success story for the European Commission. European citizens became more aware of their privacy rights and the GDPR is also considered a “global point of reference on data protection”. There is always room for improvement and some issues still need to be ironed out, however, the European Commission stuck with the same structure throughout their “A Europe fit for the Digital Age” program.

That is why, we are now encountering GDPR-imitating proposals, which are principle-based, invoke the same digital rights for individuals, and are worded in a technology-neutral way. Similar structures for supervisory authorities, fine application, and cybersecurity considerations also became common for new legislations that are put forward. Drawing lessons from the GDPR will prove to be useful in effectively navigating these future digital Regulations and Directives.

What's next?

When thinking about regulatory compliance, our minds shoot directly to time-consuming business transformations and high compliance costs. However, aside from the obvious upcoming obligations, new opportunities emerge as well and it would be a shame to miss the head start to our new digital age.

At Deloitte, we are preparing to use multidisciplinary approaches to analyze both risks and opportunities of upcoming digital Regulations and Directives. From our point of view, only if we make use of digital technologies responsibly, society will trust us enough to allow their use. One of the ways to show that responsibility is to make sure we adhere to the rules that govern them. Stay tuned for more details on what is awaiting us in the coming years!

Did you find this useful?