Keep Europe connected, safely and seamlessly
1895: Marconi changed communications forever.
Today’s rules should not silence the radio star.
1895: Marconi changed communications forever.
Today’s rules should not silence the radio star.
What is the issue?
When Guglielmo Marconi sent the first wireless signal across the Atlantic, he proved that communication could transcend borders, igniting a revolution that made modern connectivity possible.
Today, that same spirit drives tech innovators enabling Europe’s digital economy: cloud providers, communication platforms, and online services that keep people, businesses, and ideas connected across the European Union.
Europe’s capacity to innovate hasn’t faded. Yet if Marconi were here today, he would face a fragmented EU regulatory landscape. Europe’s digital connections are governed by a patchwork of overlapping cybersecurity, data protection, and telecom rules that make it harder to build and scale new connectivity technologies.
For example, the inconsistent implementation of the European Electronic Communications Code (EECC) – combined with new layers of obligations under the Cyber Resilience Act (CRA), the NIS2 Directive, and the ePrivacy framework – creates complexity that slows investment and innovation.
For tech companies powering Europe’s digital economy, this patchwork means an unnecessary compliance burden and less room to grow.
To secure Europe’s future connectivity, policymakers must focus on three priorities:
1. Strengthen cybersecurity to keep Europe connected.
2. Protect privacy while powering communication.
3. Enable data flows to drive innovation and growth.
Simplifying and harmonising Europe’s connectivity rules will help innovators deliver faster, safer, and more reliable digital services – ensuring that Marconi’s connectivity legacy continues to power Europe’s digital age.
1. Strengthen cybersecurity to keep Europe connected
One secure rulebook will make Europe’s networks safer and easier to build.
Digital services connect millions of people across Europe at any given moment. But right now, duplicative and inconsistent cybersecurity obligations from at least seven different pieces of EU legislation force companies to file multiple incident reports and undergo parallel audits – diverting resources from real security improvements that would benefit European users to compliance with red tape.
Those rules are the CRA, Critical Entities Resilience (CER) Directive, NIS2 Directive, EECC, AI Act, Digital Operational Resilience Act (DORA), General Data Protection Regulation (GDPR), and the Payment Services Directive 2 (PSD2).
The way forward for Europe:
I. Create a single, EU-wide incident-reporting system.
Align templates, timelines, and thresholds so that one single report satisfies CRA, CER, NIS2, GDPR, DORA, EECC, and GDPR requirements, as well as sectoral rules (AI Act, PSD2).
II. Ensure consistent supervision across Member States.
Extend the NIS 2 ‘one-stop-shop’ principle to the EECC and all other sectoral laws regulating cybersecurity.
III. Recognise global standards.
Accept evidence from internationally recognised frameworks (e.g. ISO 27001, NIST CSF) to meet EU compliance requirements.
2. Protect privacy while powering communication
Clear privacy rules will give users confidence and let innovation thrive.
Modern communication services rely on trust. But diverging national interpretations of the General Data Protection Regulation (GDPR), ePrivacy Directive, and Data Act – together with prescriptive enforcement approaches and telecom-specific rules under the EECC – miss the point. More often than not, rules and their interpretation end up creating uncertainty about how users can effectively control their data, and how user data can be processed and shared responsibly.
The way forward for Europe:
I. Ensure consistent application of privacy and data-sharing rules.
Clarify how the GDPR, ePrivacy Directive, and Data Act interact – especially around consent, data portability, and data reuse – to eliminate contradictory obligations. This will give users strong, consistent privacy protections and provide businesses with clear, predictable rules for data processing and sharing across the EU.
II. Reduce consent fatigue.
Move low-risk technical processing (security, anti-fraud, analytics, etc) under the GDPR’s risk-based model, instead of overwhelming Europeans with an endless stream of pop-up windows with cookie-consent requests.
III. Ensure consistent cross-border enforcement.
Strengthen cooperation among data protection authorities and other national and EU regulators through a common EU forum for the structured sharing of information and exchange of compliance best practices.
3. Enable data flows to drive innovation and growth
Open, secure data flows will power European innovation and competitiveness.
The way forward for Europe:
I. Guarantee legal certainty for cross-border transfers.
Introduce a presumption of lawful transfers for data flows of personal and non-personal data when rules are aligned with the GDPR – ensuring consistent standards and preventing new barriers to global data exchange. Compliance with GDPR provisions for personal data transfers should be recognised as fulfilling requirements under the Data Act, avoiding duplicate processes and contradictory obligations.
II. Clarify business-to-government (B2G) data-access rules.
Define what qualifies as a ‘public emergency’ and an ‘exceptional need’ under the Data Act to avoid imposing undue burdens on companies through endless reporting cycles. Clarity will protect companies’ proprietary data while enabling legitimate public-interest uses that benefit European consumers.
III. Strengthen global interoperability.
Adopt additional adequacy decisions and align EU data-transfer mechanisms with trusted international frameworks to maintain open, secure data flows between the EU and third countries.