Technologie En

An Overview of 2022 Tech Regulations

10 January 2023 | Knowledge, News, The Right Focus

Before embarking on any New Year’s resolutions, it is worth starting with a moment of reflection on the year gone by. In the EU, 2022 brought a number of new regulations in the new technology market, so let’s take a closer look at them. The following is our selection of the most important developments and legislative initiatives to emerge in 2022, which will significantly influence further international and national IP/IT regulations.

DORA – digital operational resilience for financial entities

The specific geopolitical situation has brought the concept of cyber security to prominence in 2022. On 27 December, the Digital Operational Resilience Regulation (DORA) was published in the Official Journal of the European Union, setting up a harmonised regulatory framework to strengthen the ICT security of financial entities. Its objective is to achieve a high common level of digital operational resilience across all EU Member States, aiming to prevent and mitigate cyber threats and ensure that businesses can withstand, respond and recover from all types of ICT-related disruptions and threats. DORA will enter into force on 16 January 2023 and will apply from 17 January 2025. The European supervisory authorities have been tasked with developing technical standards applicable to all financial entities covered by DORA.

The entities subject to DORA are encouraged to start preparing for its application by identifying any gaps in their governance and ICT processes. They should also consider which of their service providers may be considered critical and review their testing and recovery protocols against the standards set out in the new Regulation.

We discuss the main DORA provisions here: What DORA is all about – a shift in cyber security awaiting the financial sector and here.

NIS II – cyber security for network and information systems

Second, a new Network and Information Security Directive (NIS II), which will enter into force on 16 January 2023, was also published in the Official Journal of the European Union on 27 December 2022. The adoption of NIS II not only broadened the scope of the NIS Directive, but also enabled the harmonisation of cyber security requirements and the implementation of cyber measures across Member States. To achieve this, it sets out minimum rules for a regulatory framework and establishes mechanisms for cooperation between the relevant authorities in each Member State. NIS II is to be transposed into national law by 17 October 2024, with EU Member States required to apply its provisions from 18 October 2024.

DSA / DMA – digital services and markets in the EU

Third, Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services, i.e. the Digital Services Act (DSA), and Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector, i.e. the Digital Markets Act (DMA), entered into force in 2022. They both constitute a comprehensive regulatory framework for digital services, including social media and online platforms operating in the European Union.

The aim of the DMA is to ensure that the digital sector is fair with equitable access to digital services for all users. The DMA will apply to undertakings that are considered to be gatekeepers, defined in the Regulation as entities having a significant impact on the internal market; providing a core platform service which serves as an important access point for business users to reach end-users; or having an entrenched and durable position in their operations or expected to foreseeably enjoy such a position in the near future.

In contrast, the main objective of the DSA is to combat illegal services, content or goods on the Internet, in particular laying down the obligations of service providers operating as online intermediaries, e.g. Internet access providers, domain registrars or web hosting providers.

Most of the DSA provisions will come into force on 17 February 2024, with online platform operators other than micro- or small enterprises being required to publish information on the number of active users as early as 2023. Most of the DMA provisions will take effect on 2 May 2023.

For more information on the DSA, click here.

MiCA – a response to the cryptoasset market crisis

We should also not forget the regulations concerning cryptocurrencies. The year 2022 was a hard year for the cryptocurrency market as a progressive decline in the value of coins, the problems of FTX and the collapse of trust, are all raising questions about the future of crypto. The declaration of bankruptcy by FTX, the third largest cryptocurrency exchange, caused an earthquake in the industry. The primary lesson to be learned from recent events is that there is a need for greater financial transparency for cryptocurrency service providers.

The answer to this need is market regulation, and here, the Markets in Crypto Assets (MiCA) regulation could provide some answers to these problems. MiCA is part of the European Union’s larger digital finance package. Its objectives include:

  • Creating a single legal framework for the cryptocurrency market in the EU
  • Introducing uniform rules for crypto service providers (including exchange operators) and crypto issuers,
  • Ensuring market stability and protecting investors from risk.

MiCA will create a harmonised European cryptocurrency market ensuring legal certainty across the EU through clear asset classification and transparent guidelines for service providers and issuers. If the regulations are widely accepted, more institutional investors and more assets may be expected to enter the market, which could help its further development.

In addition to this, due to the scale of the European single market, MiCA could follow in the footsteps of the Data Protection Regulation (GDPR) and also contribute to the formation of similar regulations in other parts of the world. The European Parliament is expected to vote on the draft in February this year and MiCA is likely to enter into force in Q3 2024.

Read more about MICA here: MiCA, or how the European Union intends to regulate the cryptocurrency market.

Artificial Intelligence – a strategic area of interest for the European Union

Legislative excitement is also unabated in the field of AI, with the expected entry into force of the most important piece of AI legislation – the AI Act, a Regulation of the European Parliament and of the Council establishing harmonised rules on artificial intelligence. The aim of this regulation is to develop safe, reliable and ethical artificial intelligence processes in the European Union. The AI Act will divide AI systems by risk categories. The Act specifies which AI applications will be considered unacceptable and has created a category of high-risk AI systems, the operators of which will be subject to a number of obligations.

The year 2022 brought further amendments, bringing us closer to the final wording of the document. At the beginning of December, the Council adopted a common position on the act, and the next step will be for the Parliament to also adopt a common position. The exact date when the AI Act will come into effect is not yet known, but estimates place it around early 2024.

AI is central to the EU’s strategy for creating a digital single market, so in parallel to work on the AI Act, other aspects of AI are also under discussion. In September 2022, the European Commission adopted two proposals leading to the regulation of AI liability. One concerns the modernisation of existing rules on the strict liability of manufacturers for defective products, whereas the other proposes a new, separate directive on AI liability. The Commission’s proposals now need to be adopted by the European Parliament and the Council.

Read more about the new draft AI liability regulations here.

This concludes our regulatory review and we look ahead to 2023. If the acts described in this article apply to your company, you will need to bring your operating model in compliance with the new obligations. Even if the effective dates of the acts are still unknown or appear remote, it is worth analysing how the regulations may affect your business and what changes you may have to make in your operation.

If you have any questions, we will be happy to help.

Contact the authors:

Maciej Kuranc

Paulina Perkowska

See also:
A difficult time for cryptocurrencies
The Digital Services Act (DSA) – the “Constitution of the Internet” has now entered into force
New liability rules for artificial intelligence in the European Union

Latest Knowledge

What EU businesses need to know about foreign subsidies

Just two months after the Regulation came into force, the Commission launched a high-profile investigation into a contract awarded by the Bulgarian Ministry of Transport and Communications for the purchase of electric trains from a major Chinese manufacturer. This was intended to emphasise the EU’s stance on unfair competition and its determination to combat this phenomenon.

Labour law: what lies ahead in 2026?

Changes to the way the length of service is determined, new executive ordinances for foreigners, and new powers for the National Labour Inspectorate are just some of the changes in labour law that will come into force in 2026.

Protecting designs exhibited at trade fairs

How can intellectual property and designs that have already been presented to the public, for example at trade fairs, be protected? All you need to do is exercise your exhibition priority right. This mechanism allows you to file an application for such a design at a later date without affecting its novelty. Let’s see how it works in practice.

Contractual practices prohibited under the Data Act 

One of the key aspects of the Data Act is the introduction of provisions on prohibited contractual practices. These provisions are intended to protect businesses operating within the broadly understood digital industry that have a weaker contractual position.

Those who have data have power. The Data Act redistributes this power

The EU Data Act, which came into force in September 2025, represents a breakthrough in the regulation of data access and use. Data generated by devices, ranging from agricultural tractors and industrial machinery to solar panels and transport fleets, is no longer the sole property of manufacturers. Other market participants now have the opportunity to access and use this data to develop new, innovative products and services. The Data Act marks a departure from business models based on data monopolisation, to one requiring data to be shared in accordance with its rules. We are therefore entering a completely new reality.

KSeF and transfer pricing: a new era of transparency and operational challenges

The introduction of the National e-Invoice System (KSeF) represents one of the most significant challenges for group companies in recent years. Although the KSeF is intended to simplify the invoicing process and reduce tax abuse, it also has a significant impact on transfer pricing, particularly with regard to the documentation and settlement of TP adjustments.

Contributing assets to a family foundation – what to keep in mind

A family foundation is a legal entity whose purpose is to manage wealth effectively and ensure its succession without the risk of dispersing assets accumulated over generations. Therefore, a key issue related to the activities of such an organisation is the contribution of this wealth to the foundation in the form of various types of assets that will work for the beneficiaries. Let’s take a look at what this process involves in practice.

Cloud migration after the Data Act: new rights, lower costs and greater freedom

The Data Act requires a significant change in approach to cloud services. Companies should review their contracts and start planning updates immediately. It is crucial to introduce appropriate switching provisions and remove or renegotiate exit fees. Companies must also prepare their infrastructure, both technically and organisationally, for interoperability and migration in accordance with the new regulations.