Keep Europe connected, safely and seamlessly

1895

Marconi changed communications forever.

Today’s rules should not silence the radio star.

What is the issue?

When Guglielmo Marconi sent the first wireless signal across the Atlantic, he proved that communication could transcend borders, igniting a revolution that made modern connectivity possible.

Today, that same spirit drives tech innovators enabling Europe’s digital economy: cloud providers, communication platforms, and online services that keep people, businesses, and ideas connected across the European Union.

Europe’s capacity to innovate hasn’t faded. Yet if Marconi were here today, he would face a fragmented EU regulatory landscape. Europe’s digital connections are governed by a patchwork of overlapping cybersecurity, data protection, and telecom rules that make it harder to build and scale new connectivity technologies.

For example, the inconsistent implementation of the European Electronic Communications Code – combined with new layers of obligations under the Cyber Resilience Act, NIS2 Directive, and the ePrivacy framework – creates complexity that slows investment and innovation.

For tech companies powering Europe’s digital economy, this patchwork means an unnecessary compliance burden and less room to grow.

To secure Europe’s future connectivity, policymakers must focus on three priorities:

1. Strengthen cybersecurity to keep Europe connected

2. Protect privacy while powering communication

3. Enable data flows to drive innovation and growth

1. Strengthen cybersecurity to keep Europe connected

One secure rulebook will make Europe’s networks safer and easier to build.

Digital services connect millions of Europeans at any given moment. But right now, duplicative and inconsistent cybersecurity obligations from at least seven different EU laws force companies to file multiple incident reports and undergo parallel audits – diverting resources from real security improvements that would benefit users, to red tape.

Those rules are the Cyber Resilience Act (CRA), Critical Entities Resilience (CER) Directive, NIS2 Directive, European Electronic Communications Code (EECC), AI Act, Digital Operational Resilience Act (DORA), General Data Protection Regulation (GDPR), and the Payment Services Directive 2 (PSD2).

The way forward for bold and ambitious simplification

I. Simplify EU incident-reporting

Unify templates, timelines, and thresholds so that one single report fulfils CRA, CER, NIS2, DORA, EECC, and GDPR requirements, as well as sectoral rules (AI Act, PSD2).

II. Harmonise cybersecurity oversight

Extend the NIS2 ‘one-stop-shop’ principle to the EECC and all other sectoral laws regulating cybersecurity to ensure that supervision in one EU Member State is recognised by all national authorities.

III. Align with international standard

Recognise international global frameworks (e.g. ISO 27001, NIST CSF) to meet EU compliance requirements.

Explore recommendation 2 of CCIA Europe’s paper for more solutions

2. Protect privacy while powering communication

Clear privacy rules will give users confidence and let innovation thrive.

Modern communication services rely on trust. But diverging national interpretations of the General Data Protection Regulation (GDPR), ePrivacy Directive, and the Data Act – together with prescriptive enforcement approaches and telecom-specific rules under the European Electronic Communications Code – miss the point. More often than not, rules and their interpretation end up creating uncertainty about how users can effectively control their data, and how user data can be processed and shared responsibly.

The way forward for bold and ambitious simplification

I. Harmonise privacy and data-sharing rules

Clarify how the GDPR, ePrivacy Directive, and the Data Act interact – especially on consent, data portability, and data reuse – to remove contradictions. Consistent, predictable rules will protect privacy and give businesses certainty for responsible data sharing across Europe.

II. Reduce consent fatigue

Move low-risk technical processing (e.g. for security, anti-fraud, and analytics) under the GDPR’s risk-based model, instead of overwhelming Europeans with an endless stream of pop-up windows with cookie-consent requests. This will improve trust and the user experience.

III. Boost cross-border enforcement

Enhance cooperation among data protection authorities and regulators through an EU forum to share information, align guidance, and exchange of compliance best practices. This will ensure consistent enforcement across Member States.

Explore recommendation 4 of CCIA Europe’s paper for more solutions

3. Enable data flows to drive innovation and growth

Open, secure data flows will power European innovation and competitiveness.

Digital connectivity depends on the secure movement of data. Yet the EU’s Data Act and data transfer rules remain too imprecise on international data access and flows – giving national authorities wide discretion and risking fragmented standards for both personal and non-personal data. This creates barriers for online services operating across borders.

The way forward for bold and ambitious simplification

I. Guarantee legal certainty for cross-border transfers

Presume lawful transfers for personal and non-personal data when aligned with the General Data Protection Regulation (GDPR) to avoid barriers to global data flows. Recognising GDPR- compliant transfers as fulfilling requirements under the Data Act will remove duplication and legal contradictions.

II. Clarify business-to-government data-access rules

Define what qualifies as a ‘public emergency’ and an ‘exceptional need’ under the Data Act to prevent undue burdens through endless reporting cycles. Clarity will protect companies’ proprietary data while enabling legitimate public-interest uses.

III. Strengthen global data interoperability

Adopt additional adequacy decisions and align EU data-transfer mechanisms with trusted international frameworks to maintain open, secure, and predictable data flows between the EU and third countries.

Explore recommendations 3 and 4 of CCIA Europe’s paper for more solutions