Regulation and Innovation: Preparing for Europe’s Digital Future

As sweeping EU digital regulations reshape the tech landscape, companies are grappling with new compliance burdens and shifting enforcement trends. Our legal experts, Philip Nolan and Oisín Tobin break down what these changes mean in practice and why strong governance has never been more critical.

1. 2026 will see the continued rollout of major EU digital regulations. What do you see as the biggest compliance and operational challenges for tech companies?

The main challenge is the volume of new regulation and uncertainty about how matters will develop. There is a glut of new laws which have come into force or which will start applying over the next few years: AI Act, Data Act, NIS2, DSA and Cyber Resilience Act. In addition, we are seeing moves by the European Commission to attempt to apply product liability rules to software apps. Each of these laws are complex and the ways in which they apply to companies and interact with each other are not always clear.

In addition, we are seeing implementation delays and discussions around possible revisions to these laws, particularly as part of the EU’s “Omnibus” simplification initiative.

The core challenge for companies at the moment is mapping out where and how these laws apply to their operations, and what they may need to do as a result. We are having a lot of discussions with clients about this at the moment.

2. How are regulators in Ireland and across the EU approaching enforcement, and what practical steps should companies take to stay ahead?

Over the last 5 to 10 years, online services in Europe have gone from being lightly regulated to being subject to financial services level of regulation.

In addition, we have moved into a world where the relevant laws are “principles based” and quite vague, but regulators are moving quickly to “hard” enforcement, including significant fines, in some cases. This has been one of the biggest areas of change in our practice over the last decade and means that our technology lawyers daily work hand in glove with our litigation teams.

To manage risks, companies need to stay abreast of the key areas of regulatory interest and ensure that the positions that they adopt are legally sound. In addition, we are seeing an increasing focus from regulators on governance and risk controls, including an expectation that companies maintain sufficient internal records of their decision making. This can be a challenge for technology companies that traditionally operated quite leanly.

3. Looking beyond 2026, how do you expect the balance between innovation and regulation to evolve?

This is very hard to predict. There is an increasing view that the EU has “over regulated” and there are various political debates, following the Draghi report, around liberalising EU laws in this area.

The European Commission has made various proposals to reduce the regulatory burden on technology companies, but we are already seeing significant political pushback.

In the short term, and from the trenches, we can say that we are not seeing any let up in the intensity of regulation and expect that there will still be significant activity here over the next few years.

4. What practical foundations should companies put in place now to prepare for the next wave of digital regulation?

There are three broad sets of steps that companies can take to manage their exposure.

First, they need to understand the new regulatory environment and, crucially, understand which laws apply to the various parts of their business. This, in turn, helps them to understand what they ought to prioritise when it comes to compliance projects.

Second, since a lot of these laws focus on risk controls, it is important that legal teams get a handle on how, precisely, their companies are operating. For example, who are they sharing data with? Where is that data going? How are they using AI?

Third, given the increasing focus on governance and documentation, it is important that boards are appropriately involved in decision making and reviewing regulatory risks.

For more information and expert advice, please contact a member of our Data & Technology team.

This content is provided for information purposes only and does not constitute legal or other advice.