Connected - July 2025

The July 2025 edition has been edited by Anthony Rosen with contributions from the Regulatory & Public Affairs team and Bird & Bird colleagues across our Bird & Bird One Firm network.

In our last edition before the Summer Break, we cover a number of ongoing EU consultations as well as wider regulatory developments.  To start with we remind our readers about the fast-approaching entry into force (in September) of the Data Act in the EU and the European Accessibility Act (which entered into force in June). On the UK side, we highlight the recent data protection reforms with the adoption of the Data (Use and Access) Act.  The EU has also kicked off its review of the Digital Markets Act and is also consulting on the Digital Fairness Act.  On the cybersecurity side, we flag the implementation of the NIS2 regime in the Czech Republic as well as the published ENISA technical guidance.  Telephone Numbering and combatting scam calls and fraud remains a critical area of focus and we summarise key developments in Sweden, Singapore as well as Spain.  We also capture recent satellite developments in Australia.

SIGN-UP TO RECEIVE THIS MONTHLY NEWSLETTER BY CLICKING HERE 

EU: The Data Act – the clock is ticking

As the European Union continues shaping its digital single market, the Data Act stands out as one of its most ambitious endeavours. The Data Act entered into force on 11 January 2024 and will apply from 12 September 2025 impacting businesses working with data-intensive products and services. Designed to boost the EU’s data economy, the Data Act establishes a framework that aims to establish fair data-sharing practices among stakeholders, including consumers, businesses, and government bodies. 

READ THE FULL STORY

For more information, please contact Tobias Brautigam.

EU: Accessibility Deadline – The European Accessibility Act comes into force

On 28 June 2025, the European Accessibility Act (EAA) came into force across the European Union, harmonising accessibility requirements for many mainstream consumer digital products and services. The EAA will be implemented and enforced through the national laws of each of the 27 Member States. 

READ THE FULL STORY

For more information, please contact Deirdre Kilroy and Kelly Mackey.

UK Data Protection Reform – Where have we landed?

The UK’s efforts to reform data protection law have finally come to fruition; with the Data (Use and Access) Act (the Act) being adopted on and entering into force on 19 June 2025. 

READ THE FULL STORY

For more information, please contact Ruth Boardman, Emma Drake and Alex Jameson.

EU – Review of the Digital Markets Act is underway

On 3 July 2025, the European Commission launched a public consultation to gather stakeholder views on the first review of the Digital Markets Act (DMA). Open until 24 September 2025, the consultation aims to assess the DMA’s impact since it started to apply in May 2023 and evaluate whether it remains fit for purpose to address emerging digital challenges, particularly in light of the rapid rise of AI-powered services. 

READ THE FULL STORY

For more information, please contact David Wouters and Anthony Rosen.

EU – Consultation on the Digital Fairness Act

European consumers may be among the most protected in the world due to the region’s consumer laws, but the EU executive believes that new regulation may be needed to address specific harmful practices confronting users online. In this context, the Commission recently opened a ‘call for evidence’ on proposals for The Digital Fairness Act (DFA) which is designed to strengthen protection and digital fairness for consumers, while ensuring a level playing field and simplifying rules for businesses in the EU. It will address specific challenges as well as harmful practices that consumers face online, such as deceptive or manipulative interface design, misleading marketing by social media influencers, addictive design of digital products and unfair personalisation practices, especially where consumer vulnerabilities are exploited for commercial purposes. The DFA will also pay particular attention to the protection of minors online.

READ THE FULL STORY

For more information, please contact Francine Cunningham.

Czech Republic – NIS2 implementation

The Czech Republic has finally implemented the NIS2 cybersecurity requirements into national law through the Cybersecurity Act (the Act). We summarise the key requirements for the communications sector in this article.

READ THE FULL STORY

For more information, please contact Jan Kuklinca and Tomas Kolouch.

EU: Cybersecurity – ENISA publishes final NIS2 guidance

In June 2025, ENISA published the NIS2 technical guidance, which provides detailed advice on mandatory cybersecurity risk management measures for digital providers subject to the NIS2 cybersecurity regime.  The NIS2 Directive establishes a strengthened cybersecurity framework across the EU to be implemented by Member States – a task which was due to be completed by October 2024 although many countries are still to adopt final legislation. For more detail on implementation status see our Tracker here: NISD 2 Tracker - Bird & Bird. 

Sweden – Prohibition on number sub-allocation

The Swedish Post and Telecom Authority (PTS) has issued comprehensive guidance that fundamentally reshapes how communications providers operators can manage numbering in Sweden. The guidance, published on 12 June 2025, represents a decisive shift away from the previously tolerated practice of number sub-allocation, with far-reaching implications for the telecommunications sector. 

Singapore – Customer authentication and stopping the use of National Registration Identity Card Numbers for Authentication

On 26 June 2025, the Personal Data Protection Commission (PDPC) and Cyber Security Agency of Singapore issued a joint advisory, which aims to stop organisations using National Registration Identity Card (NRIC) numbers for authentication (Advisory). The Government is also working to develop sector-specific guidance for regulated sectors such as finance, healthcare and telecommunications on this topic. 

READ THE FULL STORY

For more information, please contact Jeremy Tan, Loren Leung, Shawn Ting and Chester Lim.

Spain – New requirements on communication providers to share customer  information for emergency services