Technology & Software Development

• Software Directive 2009/24/EC

The Software Directive provides the EU legal framework for the protection of computer programs, treating software as a form of intellectual property protected under copyright law. It applies directly to the technology and software development industry, covering both proprietary and custom-developed software solutions.

For software developers and technology companies, the Directive defines the scope of exclusive rights, including reproduction, distribution, and modification of software, while also regulating lawful use, decompilation, and interoperability. It balances creator protection with innovation by allowing limited exceptions necessary for technical compatibility and security testing.

By harmonising software copyright protection across the EU, the Directive ensures legal certainty, cross-border enforceability, and protection of software assets, making it a foundational regulation for lawful development, licensing, and commercialisation of software within the European digital economy.

• Copyright DSM Directive 2019/790

The Copyright in the Digital Single Market Directive modernises EU copyright law to address the realities of digital content creation, software development, and online platforms. It introduces new rules governing the use, sharing, and monetisation of copyrighted works in digital environments.

For technology and software companies, the Directive is particularly relevant in areas such as user-generated content, platform hosting, content licensing, and data-driven services. It establishes enhanced responsibilities for certain online platforms, including obligations to obtain licences and implement measures to prevent unauthorised content sharing, while also introducing exceptions for text and data mining that support innovation and research.

By harmonising copyright rules across the EU, the DSM Directive strengthens legal certainty, fair remuneration for rights holders, and innovation-friendly frameworks, making it a key regulation for technology businesses operating in the digital single market.`

• GDPR

The GDPR establishes the EU-wide framework for the processing and protection of personal data, making it a core regulation for technology and software development companies. Software products and digital services routinely process user data, including identifiers, usage analytics, and sometimes sensitive information, placing GDPR compliance at the centre of product design and operation.

For the technology sector, the Regulation imposes obligations related to data protection by design and by default, lawful processing grounds, security measures, and user rights management. It directly affects software architecture, cloud services, SaaS platforms, mobile applications, and data-driven technologies.

By embedding privacy requirements into technological development, the GDPR promotes trust, accountability, and legal certainty, ensuring that innovation in software and digital services is aligned with fundamental data protection standards across the European Union.

• E-Privacy rules

The EU e-Privacy rules govern the confidentiality of electronic communications and the use of cookies and similar tracking technologies, making them directly relevant to software applications, SaaS platforms, websites, and digital products. They regulate how technology providers collect and use data related to user communications, device identifiers, and online behaviour.

For technology and software companies, these rules affect cookie management, analytics, targeted advertising, in-app communications, and marketing automation. Valid user consent is required for non-essential tracking, and strict limits apply to unsolicited electronic communications. e-Privacy compliance must be embedded into user interfaces, consent mechanisms, and system architecture.

Together with the GDPR, the e-Privacy framework ensures that digital services operate lawfully, transparently, and with respect for user confidentiality, reinforcing trust and regulatory compliance in the development and deployment of modern software solutions across the EU.

• NIS2 Directive (EU) 2022/2555 (cybersecurity)

The NIS2 Directive establishes an enhanced EU framework for cybersecurity risk management and incident reporting, significantly expanding the scope of regulated entities compared to the original NIS Directive. It applies to a wide range of technology and software companies that provide digital services, cloud computing, data processing, and critical ICT infrastructure.

For technology and software development businesses, NIS2 introduces obligations to implement robust technical and organisational security measures, conduct risk assessments, ensure supply-chain security, and report significant cybersecurity incidents within strict timelines. Management bodies are made directly accountable for compliance, increasing governance and liability exposure.

By strengthening cybersecurity resilience across the EU, NIS2 embeds security as a core legal and operational requirement for digital service providers, making compliance essential for business continuity, regulatory approval, and trust in the digital economy.

• Data Act (EU) 2023/2854

The Data Act establishes a new EU framework governing access to, use of, and sharing of data, particularly data generated by connected devices, software applications, and digital services. It is a cornerstone of the EU’s data strategy and directly impacts technology companies developing IoT solutions, cloud services, platforms, and data-driven software.

For software developers and technology providers, the Regulation introduces rules on user access to data, data portability, contractual fairness, and data-sharing obligations between businesses. It also sets limits on unfair contractual terms, regulates switching between cloud and data-processing services, and introduces safeguards against unlawful international data transfers.

By clarifying who can access and use data—and under what conditions—the Data Act promotes innovation, competition, and legal certainty, while requiring technology companies to redesign data architectures, contracts, and governance models to align with the EU’s evolving digital regulatory framework.

• Data Governance Act (EU) 2022/868

The Data Governance Act establishes a trust-based framework for data sharing and data reuse within the European Union, supporting the development of a competitive and secure data economy. It focuses on enabling the reuse of certain categories of public-sector data and creating conditions for voluntary data sharing between businesses, individuals, and public bodies.

For technology and software companies, the Act introduces rules for data intermediaries, data-sharing services, and data altruism organisations, setting neutrality, transparency, and governance requirements. It also creates safeguards to ensure that data is shared lawfully, securely, and without exclusive control, particularly where sensitive or protected data is involved.

By promoting trustworthy data-sharing mechanisms, the Data Governance Act enhances legal certainty, interoperability, and innovation, positioning technology providers to participate responsibly in EU data spaces while maintaining compliance with privacy, competition, and security standards.

• AI Act (politically adopted 2024; entering into force with staged application)

The EU Artificial Intelligence Act introduces the world’s first comprehensive regulatory framework for artificial intelligence, governing the development, deployment, and use of AI systems within the European Union. Politically adopted in 2024, the Act will apply in stages, with obligations depending on the risk level of the AI system.

For technology and software development companies, the AI Act imposes differentiated requirements for high-risk AI systems, including conformity assessments, risk management, data governance, human oversight, and post-market monitoring. Certain AI practices are prohibited altogether, while transparency obligations apply to generative AI, automated decision-making, and AI systems interacting with users.

By embedding trust, accountability, and safety into AI innovation, the AI Act reshapes how AI-driven software is designed and commercialised. Compliance with its requirements will become a key legal and strategic consideration for technology companies seeking market access, scalability, and regulatory certainty in the EU digital economy.

• DSA/DMA for platform governance (where applicable)

The Digital Services Act (DSA) and the Digital Markets Act (DMA) form the EU’s core framework for regulating digital platforms and large technology providers. They introduce differentiated obligations based on a platform’s size, role, and systemic impact on the digital market.

For technology and software development companies operating platforms, marketplaces, or intermediary services, the DSA governs content moderation, online advertising transparency, user protection, and platform accountability. It requires clear procedures for handling illegal content, safeguards for users, and enhanced oversight for large-scale platforms.

The DMA applies to designated “gatekeepers”, imposing competition-focused obligations aimed at preventing unfair market practices. It regulates areas such as data use, self-preferencing, interoperability, and access to platform services, reshaping how dominant platforms design and operate their ecosystems.

Together, the DSA and DMA establish a new standard of platform governance, fairness, and transparency, making compliance essential for technology companies whose software services shape digital markets within the European Union.

• Personal Data Protection Act

• Electronic Communications Act;

• Cybersecurity Act (NIS2 transposed)

• Copyright and Related Rights Act

• Electronic Document and Electronic Certification Services Act (eIDAS)

• Obligations and Contracts Act / Commerce Act (contracting)