Global Law Experts Logo

Digital Law Monitor by Schönherr – 2/2026

By János Böszörményi
– posted 4 hours ago

Welcome to the sixth edition of the Digital Law Monitor. Keeping up with developments in digital law is becoming increasingly challenging. To help you stay ahead of the curve, we have created this comprehensive overview and will update it regularly. It includes legal acts, draft legal acts, guidelines and, occasionally, other legal materials. If you haven’t already, subscribe here.

For weekly updates on legal acts and guidelines in Austria and the EU (in German), sign up for the Schönherr Digitalrechtsmonitor.

Subscribe to Schoenherr’s other newsletters for regular briefings on digital law developments, monthly updates on financial regulation, white-collar crime and litigation-update (in German), quarterly updates on healthcare and life sciences law, and much more.

EU legal acts

  • Regulations (incl. drafts)

EP/Council, agreement on the Digital Omnibus on AI

Council of Europe Framework Convention on AI

European Technological Sovereignty Package

Council Decision (EU) 2026/1347 on the United Nations Convention against Cybercrime and the Convention

  • Commission Guidelines

Guidelines on the implementation of the transparency obligations (Art. 50 AI Act)

Draft guidelines on trusted flaggers (DSA)

Code of Practice on marking and labelling AI-generated content

  • European Data Protection Board

DPIA Template

Guidelines 1/2026 on processing of personal data for scientific research purposes

Data Breach Template

  • NIS2 Cooperation Group

Common templates for incident reporting

Austrian legal acts

Amendment to the KEM-V

MiCAR Crypto-Asset Service Provider Reporting Ordinance

University and Higher Education Statistics and Education Documentation Ordinance (UHSBV)

Resilience of Critical Entities Ordinance

Political Advertising Act

Bulgarian legal acts

Ordinance Repealing Ordinance No. 21 of 2007 on the Rules for the Construction of Mobile Telecommunications Networks and Facilities

Ordinance Repealing Ordinance No. 35 of 2012 on the Rules and Standards for the Design, Construction and Commissioning of Cable Electronic Communications Networks and Associated Infrastructure

Decree No. 59 of 30 April 2026 on the Adoption of the List of Defence-Related Products and the List of Dual-Use Items and Technologies Subject to Import Control

Law on Combating Corruption among Persons Holding Public Office

Croatian legal acts

Act on Amendments to the Consumer Protection Act

Act on Amendments to the Trade Act

Act on Amendments to the Public Procurement Act

Act on Amendments to the Electronic Communications Act

Ordinance on the Criteria and Procedure for Acquiring, Suspending and Revoking the Status of Trusted Flaggers

Ordinance on the Conduct of Covert Surveillance over Supervised Entities pursuant to the Capital Markets Act

Czech legal acts

Act on Data Management, Controlled Access to Data and Amendments to Certain Related Acts

Decree on the Filing of Forms for Adjustment Taxes for the Purpose of Ensuring a Minimum Level of Taxation for Large Multinational Groups and Large Domestic Groups

Digital and Information Agency outlines the priorities for digitalisation for 2026

Decision on inclusion in the list of critical infrastructure entities

Hungarian legal acts

Ministerial Decree on the fees applicable in the unified electronic sales system for certain public services

Amendment to the NMHH Decree on radio spectrum reservation and usage fees

Amendment to the NMHH Decree on the Communications Network Registry

Amendment to the NMHH Decree on the detailed rules of electronic communications subscriber contracts

Amendment to the NMHH Decree on the detailed rules of safe services provided for minors

Decree No. 6/2026 (VI.8.) of the President of the Supervisory Authority for Regulatory Affairs on the amendment of certain decrees relating to cybersecurity

Moldovan legal acts

Government Decision on the Concept of the “State Population Register” Information System and the Regulation on the Maintenance of the State Population Register

Government Decision on the “Customs Decisions” Information System

Decision on the conditions and procedures for the grant, modification, assignment, revocation and suspension of radio frequency usage rights

Decisions on special licence conditions for numbering resources

Polish legal acts

Act on AI Systems

Digital Services Act (DSA) – government adopted two national implementing bills

EROD guidelines for data-driven innovation

Romanian legal acts

Government Emergency Ordinance on green claims, distance financial services and online interfaces

DNSC simplifies cyber incident reporting and launches a public blacklist of malicious domains

ASF Regulation reorganising digital operational resilience supervision

ANAF procedure for tax meetings via videoconference

Slovenian legal acts

Regulation on the Implementation of the EU Regulation on the European Digital Identity Wallet

Rules of the SISBON System for Exchange of Information on Indebtedness of Natural Persons

Rules of the SISBIZ System for Exchange of Information on Indebtedness of Business Entities

Decision on the fulfilment of technical conditions for establishing the online search engine for property sales in insolvency proceedings

Launch of the renewed eSodstvo portal with new security scheme

Rules amending the rules on electronic business operations in insolvency proceedings

Rules amending the rules on electronic business operations in civil court proceedings and criminal proceedings

Turkish legal acts

DPA, Public Announcement on Matters to Be Considered When Using Security Camera Systems in Workplaces

DPA, Public Announcement on Matters to Be Considered When Using Security Camera Systems in Apartment Buildings and Residential Complexes

Amendments to Law No. 5651 introduce new child protection measures and a regulatory framework for digital game platforms

Personal Data Protection Board, Principle Decision on the processing of biometric data for attendance tracking

To the Point:

EU legal acts 

Regulations (incl. drafts)

EP/Council, agreement on the Digital Omnibus on AI

  • On 7 May 2026, the European Parliament and the Council reached a political agreement on the Digital Omnibus on AI. This Regulation is intended to simplify the rules under the AI Act and postpone certain deadlines. Further information is available here.

Council of Europe Framework Convention on Artificial Intelligence

  • On 13 May 2026, the “Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law” was published in the Official Journal of the EU, OJ L, 2026/1081. It is intended to address concerns about the impact of AI systems on individual autonomy, human rights, democracy and the rule of law. An “artificial intelligence system” is defined as “a machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations or decisions that may influence physical or virtual environments“.

European Technological Sovereignty Package

  • On 3 June 2026, the European Commission presented the European Technological Sovereignty Package. The package includes two legislative proposals, namely a proposal for the Chips Act 2.0, COM(2026) 504 final, and a proposal for the Cloud and AI Development Act, COM(2026) 502 final. The package also includes the EU Open Source Strategy, COM(2026) 503 final, and the Strategic Roadmap for Digitalisation and AI in Energy, COM(2026) 501 final. The objective of the European Technological Sovereignty Package is to strengthen the EU in semiconductors, chips, AI, data centres and energy. A call for AI gigafactories is upcoming.

Council Decision (EU) 2026/1347 on the United Nations Convention against Cybercrime and the Convention

  • On 19 June 2026, the “Council Decision (EU) 2026/1347 of 4 June 2026 on the conclusion, on behalf of the European Union, of the United Nations Convention against Cybercrime; Strengthening International Cooperation for Combating Certain Crimes Committed by Means of Information and Communications Technology Systems and for the Sharing of Evidence in Electronic Form of Serious Crimes”, OJ L, 2026/1347, and the “United Nations Convention against Cybercrime; Strengthening International Cooperation for Combating Certain Crimes Committed by Means of Information and Communications Technology Systems and for the Sharing of Evidence in Electronic Form of Serious Crimes”, OJ L, 2026/1348, were published. The Convention is intended to strengthen international cooperation for combating cybercrime.

Commission Guidelines

Guidelines on the implementation of the transparency obligations for certain AI systems under Art. 50 of the AI Act

Draft guidelines on trusted flaggers

  • On 29 May 2026, the draft “Commission guidelines on trusted flaggers” was published. The draft is accompanied by a study on “trusted flaggers“. Pursuant to Art. 22(1) of the Digital Services Act (DSA; Regulation (EU) 2022/2065), providers of online platforms must give notices submitted by trusted flaggers The status of trusted flagger is awarded by Digital Services Coordinators. The guidelines deal, among other things, with the award of that status and with notices to providers of online platforms.

Code of Practice on marking and labelling AI-generated content

European Data Protection Board

DPIA Template

  • On 14 April 2026, the European Data Protection Board (EDPB) published the draft template for Data Protection Impact Assessment (DPIA) pursuant to Art. 35 GDPR. An explainer was provided to clarify the template. The purpose of the template is to support organisations in conducting their DPIAs.

Guidelines 1/2026 on processing of personal data for scientific research purposes

Data Breach Template

  • On 10 June 2026, the EDPB published the “Template for personal data breach notification“. The template contains 126 rows on 27 pages, populated with numerous examples. Note: The template covers a wide range of scenarios and organisational forms. We recommend adapting the template for your organisation so that, in the event of a personal data breach, you do not have to work through 126 rows. We would be pleased to assist you with this.

NIS2 Cooperation Group

Common templates for incident reporting

  • On 26 May 2026, the NIS2 Cooperation Group agreed on common templates for incident reporting. The templates have not yet been published.

Austrian legal acts

Amendment to the KEM-V

  • On 25 March 2026, the amendment to the Communication Parameters, Fees and Value-Added Services Ordinance 2009 (KEM-V 2009), Federal Law Gazette II 2026/66, was published. The explanatory notes are published here. The amendment is intended to make the unauthorised use of alphanumeric sender identifiers in messaging services more difficult or to prevent it altogether.

MiCAR Crypto-Asset Service Provider Reporting Ordinance

  • On 30 March 2026, the “MiCAR Crypto-Asset Service Provider Reporting Ordinance“, Federal Law Gazette II 2026/71, was published. This ordinance sets out reporting cut-off dates, reporting intervals, and the structure and content of reports by crypto-asset service providers pursuant to Section 10(1) and (2) MiCA-VVG.

University and Higher Education Statistics and Education Documentation Ordinance (UHSBV)

  • On 2 April 2026, the “University and Higher Education Statistics and Education Documentation Ordinance” (UHSBV), Federal Law Gazette II 2026/84, was published. This Regulation amends the University and Higher Education Statistics and Education Documentation Ordinance and regulates the provision of statistical information on study operations.

Resilience of Critical Entities Ordinance

  • On 14 April 2026, the “Resilience of Critical Entities Ordinance” (RKEV), Federal Law Gazette II 2026/91, was published. This Ordinance lays down, for the individual sectors, the conditions under which a security incident may arise in the provision of an essential service (pursuant to Section 11(1) (4) RKEG) and the conditions under which a reportable security incident within the meaning of Section 17(1) RKEG exists. Note: Further information is available here.

Political Advertising Act

  • On 23 April 2026, the “Federal Act enacting a Political Advertising Act and amending the KommAustria Act and the Media Act“, Federal Law Gazette I 2026/21, was published. The Political Advertising Act (PolWG) regulates the implementation of the obligations arising from “Regulation (EU) 2024/900 on the transparency and targeting of political advertising“. The Act designates the Austrian Communications Authority (KommAustria) as the competent authority, administrative penal authority and national contact point, supported by RTR-GmbH, Media Division. In its function as national contact point, KommAustria cooperates with the Data Protection Authority and the Parliamentary Data Protection Committee. The act provides for fines of up to EUR 500,000.

Bulgarian legal acts

Ordinance Repealing Ordinance No. 21 of 2007 on the Rules for the Construction of Mobile Telecommunications Networks and Facilities

  • On 24 April 2026, the “Ordinance Repealing Ordinance No. 21 of 2007 on the Rules for the Construction of Mobile Telecommunications Networks and Facilities” was published in the State Gazette No. 38/2026. By this Ordinance, “Ordinance No. 21 of 2007 on the Rules for the Construction of Mobile Telecommunications Networks and Facilitiesis repealed. The repeal of “Ordinance No. 21 of 2007 on the Rules for the Construction of Mobile Telecommunications Networks and Facilities” aims to avoid conflicting interpretations of the relevant secondary legislation.

Ordinance Repealing Ordinance No. 35 of 2012 on the Rules and Standards for the Design, Construction and Commissioning of Cable Electronic Communications Networks and Associated Infrastructure

  • On 24 April 2026, the “Ordinance Repealing Ordinance No. 35 of 2012 on the Rules and Standards for the Design, Construction and Commissioning of Cable Electronic Communications Networks and Associated Infrastructure” was published in the State Gazette No. 38/2026. By this Ordinance, “Ordinance No. 35 of 2012 on the Rules and Standards for the Design, Construction and Commissioning of Cable Electronic Communications Networks and Associated Infrastructureis repealed. The repeal of “Ordinance No. 35 of 2012 on the Rules and Standards for the Design, Construction and Commissioning of Cable Electronic Communications Networks and Associated Infrastructure” aims to avoid conflicting interpretations of the relevant secondary legislation.

Decree No. 59 of 30 April 2026 on the Adoption of the List of Defence-Related Products and the List of Dual-Use Items and Technologies Subject to Import Control

  • On 8 May 2026, “Decree No. 59 of 30 April 2026 on the Adoption of the List of Defence-Related Products and the List of Dual-Use Items and Technologies Subject to Import Control” was published in the State Gazette No. 42/2026. The Decree adopts an updated List of Defence-Related Products and a List of Dual-Use Items and Technologies Subject to Import Control. The Decree transposes the requirements of “Commission Delegated Directive (EU) 2026/325 of 27 October 2025 amending Directive 2009/43/EC of the European Parliament and of the Council” as regards the updating of the List of Defence-Related Products in accordance with the updated Common Military List of the European Union of 24 February 2025.

Law on Combating Corruption among Persons Holding Public Office

  • By the Transitional and Final Provisions of the “Law on Combating Corruption among Persons Holding Public Office“, published in the State Gazette No. 51/2026 on 5 June 2026, the “Electronic Communications Act” was supplemented. The amendment to the Electronic Communications Act expressly extends the regime for access to traffic data by allowing such data to be used also for the prevention of serious crimes within the framework of operational and investigative activities under the new anti-corruption Law on Combating Corruption among Persons Holding Public Office. In addition, the competent anti-corruption directorate is designated as a body entitled to request such access, through its director or a person authorised by the director.

Croatian legal acts

Act on Amendments to the Consumer Protection Act

  • The Act on Amendments to the Consumer Protection Act, published in the Official Gazette No. 59/2026, entered into force on 17 June 2026, with certain provisions coming into force gradually until 17 November 2026. The Act, implementing Directive (EU) 2023/2673, introduces novel obligations regarding digital goods and services, simplifies the exercise of the right to unilateral withdrawal, expands consumer notification obligations and prohibits misleading and deceiving practices on digital marketplaces.

Act on Amendments to the Trade Act

  • The Act on Amendments to the Trade Act, published in the Official Gazette No. 59/2026, entered into force on 17 June 2026. The Act mandates the integration of the e-Citizens system for digital age verification for online sale of alcoholic beverages and extends these age-verification principles to automated self-service checkouts in physical stores.

Act on Amendments to the Public Procurement Act

  • The Act on Amendments to the Public Procurement Act, published in the Official Gazette No. 48/2026, entered into force on 16 May 2026, with certain provision coming into force on 1 September 2026. The Act expands the use of the national electronic public procurement system and introduces mandatory digital signatures on public procurement contracts.

Act on Amendments to the Electronic Communications Act

  • The Act on Amendments to the Electronic Communications Act, published in the Official Gazette No. 45/2026, entered into force on 7 May 2026. The Act implements the EU Gigabit Infrastructure Act, introduces stricter obligations for providers of critical communications and further tightens the cyber and digital security regulatory framework. Note: Further information on the Gigabit Infrastructure Act is available here.

Ordinance on the Criteria and Procedure for Acquiring, Suspending and Revoking the Status of Trusted Flaggers

  • The Ordinance on the Criteria and Procedure for Acquiring, Suspending and Revoking the Status of Trusted Flaggers, published in the Official Gazette No. 49/2026, entered into force on 21 May 2026. Pursuant to the EU Digital Services Act (DSA), the Ordinance defines the procedures for awarding trusted flagger status and establishes technical standards for automated reporting of illegal online content to digital platforms.

Ordinance on the Conduct of Covert Surveillance over Supervised Entities pursuant to the Capital Markets Act

  • The Ordinance on the Conduct of Covert Surveillance over Supervised Entities pursuant to the Capital Markets Act, published in the Official Gazette No. 49/2026, entered into force on 21 May 2026. The Ordinance establishes procedural rules for secret surveillance of providers of investment and other capital market services by the Croatian Financial Services Supervisory Agency.

Czech legal acts

Act on Data Management, Controlled Access to Data, and Amendments to Certain Related Acts

  • The Act on Data Management and Controlled Access to Data was published in the Official Gazette No. 60/2026 on 12 May 2026 and entered into force on 27 May 2026. In accordance with the directly applicable Data Governance Act (Regulation (EU) 2022/868), it newly establishes rules for both controlled access to data and data governance. It generally applies to data and operational records maintained in public administration information systems. The Act aims to establish principles for public sector data governance and to regulate controlled access to public sector data and the possibility of its reuse to eliminate persistent inappropriate handling of data by public administration bodies. Its two areas of concern are to ensure sufficient transparency to enable other administrative bodies to use this data in executing their duties and to adequately enable so-called controlled access to data, particularly for the purposes of science and research.

Decree on the Filing of Forms for Adjustment Taxes for the Purpose of Ensuring a Minimum Level of Taxation for Large Multinational Groups and Large Domestic Groups

  • On 20 May 2026, the “Decree on the Filing of Forms for Adjustment Taxes for the Purpose of Ensuring a Minimum Level of Taxation for Large Multinational Groups and Large Domestic Groups” was published in the Official Gazette No. 68/2026, entering into force on 21 May 2026. The Decree implements Council Directive (EU) 2025/872 and establishes the content, structure and XML format of electronic tax filings, including tax returns for Czech top-up tax and allocated top-up tax, as well as information returns concerning top-up taxation.

Digital and Information Agency outlines the priorities for digitalisation for 2026

  • To mark the third anniversary of its founding, the Digital and Information Agency (DIA) presented its key priorities for the remainder of the year on 21 April 2026. As part of the ongoing digitisation of public administration, the DIA is focusing on coordinating the implementation of the Act on the Right to Digital Services published in the Official Gazette No. 12/2020, as amended in 2025, ensuring the technical success of the fall municipal elections, and launching the European Digital Identity Wallet.

The Ministry of the Interior is set to make its first decision on inclusion in the list of critical infrastructure entities by 17 July 2026

  • By 17 July 2026, the Ministry of the Interior is required to issue its first decisions on the designation of critical infrastructure entities pursuant to the transitional provisions of the Critical Infrastructure Act (Official Gazette No. 266/2025). Providers of essential services that fulfilled their reporting obligation by 1 March 2026 should expect to receive the Ministry’s decision by this date. Only upon a positive decision and inclusion in the non-public register of critical infrastructure entities does a provider become a critical infrastructure entity. Such designation triggers a range of legal obligations, including compliance with the Cybersecurity Act.

Hungarian legal acts

Ministerial Decree on the fees applicable in the unified electronic sales system for certain public services

  • Decree No. 7/2026. (III.31.) of the Minister of Energy on the fees applicable in the unified electronic sales system for certain public services was published in the Hungarian Gazette No. 2026/35 on 31 March 2026. The Decree applies to the determination of digital sales fees for electronic parking services, electronic road transport services and electronic passenger transport services provided within the unified electronic sales system. It prohibits the charging of convenience fees to end users for accessing public services through digital channels; resellers may only charge separately for additional services with the end user’s express prior consent. Resale fees and commission sharing are set by contract but may not exceed the caps laid down in Annex 1, subject to limited exceptions for value-creating developments or innovations. Fee levels and calculation methods must be published in advance in a clear and accessible manner.

Amendment to the NMHH Decree on radio spectrum reservation and usage fees

  • Decree No. 7/2026. (V.26.) of the President of the National Media and Infocommunications Authority (NMHH) amending NMHH Decree No. 1/2011. (III.31.) on radio spectrum reservation and usage fees was published in the Hungarian Gazette No. 2026/58 on 26 May 2026. The NMHH Decree establishes radio spectrum fees for newly planned radio applications and designated frequency bands and refines the existing fee determination rules. Most notably, it introduces a new dedicated fee regime for wireless broadband (WBB) local networks in the 4100–4200 MHz band, clarifies the scope of exemptions, and updates related terminology and annexes.

Amendment to the NMHH Decree on the Communications Network Registry

  • Decree No. 8/2026. (V.26.) of the President of the National Media and Infocommunications Authority amending NMHH Decree No. 21/2020. (XII.18.) on the Communications Network Registry was published in the Hungarian Gazette No. 2026/58 on 26 May 2026. The NMHH Decree refines the data reporting obligations and related supervisory fee reimbursement rules applicable to existing wired and wireless electronic communications networks, infrastructure and associated equipment.

Amendment to the NMHH Decree on the detailed rules of electronic communications subscriber contracts

  • Decree No. 9/2026. (V.26.) of the President of the National Media and Infocommunications Authority amending NMHH Decree No. 22/2020. (XII.21.) on the detailed rules of electronic communications subscriber contracts was published in the Hungarian Gazette No. 2026/58 on 26 May 2026. The NMHH Decree introduces detailed rules on deferred payment arrangements offered by electronic communications providers in connection with the purchase of products or services, aligning subscriber contract regulations with Act CLXII of 2009 on consumer credit and transposing Directive (EU) 2023/2225 on consumer credit agreements.

Amendment to the NMHH Decree on the detailed rules of safe services provided for minors

  • Decree No. 10/2026. (V.26.) of the President of the National Media and Infocommunications Authority amending NMHH Decree No. 7/2025. (V.30.) on the detailed rules of safe services provided for minor users was published in the Hungarian Gazette No. 2026/58 on 26 May 2026. The NMHH Decree extends the obligation to provide a safe service for minor users to providers of fixed internet access services.

Decree No. 6/2026 (VI.8.) of the President of the Supervisory Authority for Regulatory Affairs on the amendment of certain decrees relating to cybersecurity

  • Decree No. 6/2026 (VI.8.) of the President of the Supervisory Authority for Regulatory Affairs (SARA) on the amendment of certain decrees relating to cybersecurity was published in the Hungarian Gazette No. 2026/65 on 8 June 2026. The SARA Decree amends several SARA Decrees regulating cybersecurity. Most notably, the SARA Decree harmonises the requirements for auditors authorised to conduct cybersecurity audits, irrespective of the security classification of the electronic information systems they audit and introduces a uniform administrative service fee for auditor registration, replacing the previous tiered fee structure based on security class.

Moldovan legal acts

Government Decision on the Concept of the “State Population Register” Information System and the Regulation on the Maintenance of the State Population Register

  • On 6 May 2026, Government Decision No. 236 approving the Concept of the “State Population Register” Information System and the Regulation on the Maintenance of the State Population Register was adopted and published in the Official Gazette No. 206-209 on 15 May 2026. The Decision establishes the updated legal and technical framework for Moldova’s central digital identity infrastructure – the State Population Register. The State Population Register serves as the primary state information resource containing personal data on citizens, residents and other individuals registered in the Republic of Moldova, and underpins the issuance of identity documents, civil status records and electronic identification services. The new Concept aligns the RSP with Moldova’s ongoing digital identity reform, which includes the introduction of EU-standard identity cards (without a printed domicile address, effective since March 2025), the integration of qualified electronic signature certificates into identity documents, and the government data verification portal (verifica.gov.md). The RSP interacts with other state information systems through the government interoperability platform (MConnect) and is managed by the Public Services Agency.

Government Decision on the “Customs Decisions” Information System

  • On 29 April 2026, Government Decision No. 222 on the “Customs Decisions” Information System was adopted and published in the Official Gazette No. 190-193 on 1 May 2026. The Decision provides the legal and technical framework for the operation of the “Customs Decisions” Information System, an electronic platform through which economic operators may submit applications, and the customs authority may issue, modify, suspend, annul and revoke customs decisions in digital format. The system was developed with EBRD support as part of Moldova’s broader customs digitalisation programme and is aligned with EU standards, in particular in view of Moldova’s commitments under the EU Association Agreement.

Decision on the conditions and procedures for the granting, modification, assignment, revocation and suspension of radio frequency usage rights

  • On 17 April 2026, the Decision of the Administrative Board of the National Agency for Communications Regulation No. 17 dated 10 April 2026 on the conditions and procedures for the grant, modification, assignment, revocation and suspension of radio frequency usage rights was published in Official Gazette No. 173–175. The Decision establishes the framework for the management of individual radio frequency usage rights, ensuring transparency in the process of granting, reserving, assigning, suspending and revoking spectrum resources.

Decisions on special licence conditions for numbering resources

  • On 25 May 2026, the Administrative Board of the National Agency for Communications Regulation adopted decisions establishing the special licence conditions for the use of numbering resources under the National Numbering Plan: Decision No. 20 amending the Special Licence Conditions for the use of location-independent numbers in public electronic communications networks; Decision No. 21 approving the Special Conditions for the provision of Freephone (free-of-charge-for-the-caller) services via public electronic communications networks using numbering resources from the National Numbering Plan; and Decision No. 22 approving the Special Conditions for the use of numbering resources from the National Numbering Plan, as well as internal short numbers and codes, for the provision of Premium-rate services via public electronic communications networks. The decisions were published in the Official Gazette No. 231-234 dated 4 June 2026 and form a comprehensive update to the regulatory framework governing the use of numbering resources for value-added and non-geographic services in Moldova.

Polish legal acts

Act on AI Systems (national framework to apply/enforce the EU AI Act): legislative work in Parliament

  • On 9 April 2026, the government published the draft Act on AI systems in the Chancellery of the Prime Minister’s legislative portal (pl) and the Sejm held votes on the bill on 11 June 2026. The Senate then processed the Sejm-adopted Act and, on 25 June 2026, adopted a resolution introducing amendments (as shown in the Senate legislative process page and Senate print materials). As of 6 July 2026, the publicly available legislative trail shows the Act had moved through Sejm and Senate stages in late June and was continuing through the legislative pipeline (e.g. handling of Senate amendments and next steps).

Digital Services Act (DSA) – government adopted two national implementing bills

  • On 2 June 2026, the Polish government adopted two draft bills intended to enable effective national enforcement of the EU Digital Services Act (Regulation (EU) 2022/2065), including (as described by the Ministry of Digital Affairs) a draft amendment to Poland’s e-services framework to strengthen procedures around illegal content reporting/handling and related oversight mechanisms (pl).

EROD guidelines relevant for data-driven innovation (incl. AI & research)

  • On 22 April 2026, the Personal Data Protection Office (UODO) summarised the 118th EDPB plenary (15–16 April 2026), including the adoption of guidelines on processing personal data for scientific research, plus workstreams relevant to anonymisation and certification mechanisms. This is particularly relevant for organisations running R&D or training/testing data-driven systems in Poland (gov.pl).

Romanian legal acts

Government Emergency Ordinance on green claims, distance financial services and online interfaces

  • On 26 March 2026, Government Emergency Ordinance No. 18/2026 amending and supplementing Law No. 363/2007 on combating unfair commercial practices in dealings with consumers and Government Emergency Ordinance No. 34/2014 on consumer rights in contracts concluded with professionals (“GEO 18/2026“) was published in the Romanian Official Gazette, Part I, No. 236. GEO 18/2026 contains several measures of direct relevance to the digital environment. For distance contracts concluded through an online interface, businesses must provide a permanently available, clearly labelled withdrawal function and a confirmation function. When concluding distance financial services contracts, businesses may not operate their online interfaces (as defined under the Digital Services Act (Regulation (EU) 2022/2065) using dark patterns that mislead or manipulate consumers, such as visually privileging options, repeated pop-ups, or making cancellation harder than subscription. On the green-transition side, new per se misleading practices are added to the blacklist, including displaying sustainability labels not based on a certification scheme, unsubstantiated generic environmental claims, failing to inform consumers that a software update will negatively affect goods with digital elements, and presenting a software update as necessary when it merely enhances functionality. New definitions and pre-contractual duties on software updates for goods with digital elements are also introduced. The green-transition measures shall apply as of 27 September 2026, while the right to withdrawal and distance financial services measures apply from 19 June 2026.

DNSC simplifies cyber incident reporting and launches a public blacklist of malicious domains

  • On 28 April 2026, the National Cybersecurity Directorate (DNSC) announced through a press release that it had streamlined the reporting of cyber incidents through the National Cybersecurity Incident Reporting Platform (pnrisc.dnsc.ro) and, at the same time, launched a new public blacklist mechanism for domains posing cybersecurity risks. The reporting platform has been updated to offer a simpler and more intuitive process for both individuals and for the essential and important entities subject to reporting obligations under NIS2 (Directive (EU) 2022/2555). In parallel, the publicly accessible blacklist platform (pnrisc.dnsc.ro/blacklist) lists domains involved in fraudulent activities, whether reported or identified through proactive measures, after analysis and confirmation by technical experts, and is constantly updated to allow users to quickly check suspicions about online domains. For additional protection, DNSC has also developed a “DNSC Blacklist Protection” browser extension for Chromium-based browsers and Mozilla Firefox, including on Android, which queries DNSC servers in real time where a site is likely to be dangerous. Through these measures, DNSC aims to strengthen its capacity to prevent and respond to cybersecurity incidents and to promote a shared-responsibility model in which each user contributes actively to a safer digital space.

ASF Regulation reorganising digital operational resilience supervision

  • On 2 June 2026, Financial Supervisory Authority (ASF) Regulation No. 4/2026 amending and supplementing ASF Regulation No. 8/2025 on the organisation and functioning of the ASF (the “Regulation“) was published in the Romanian Official Gazette, Part I, No. 463. The Regulation restructures the ASF’s supervisory architecture to operationalise Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA), creating a dedicated Digital Operational Resilience Monitoring Service within the Integrated Supervision Directorate. Amongst others, the new service receives and analyses reporting and notifications from supervised financial entities on digital operational resilience, ICT risk and cybersecurity, monitors how those entities manage ICT risk and report major ICT-related incidents and significant cyber threats to the competent authorities. The ASF is also empowered to draft regulations and instructions implementing DORA, the related regulatory and implementing technical standards and the European Supervisory Authorities’ guidelines, to issue opinions, interpretations and guidance on digital operational resilience, ICT risk and cybersecurity, and to cooperate and exchange operational information on cyber threats and vulnerabilities with national and European authorities.

ANAF procedure for tax meetings via videoconference

  • On 15 June 2026, the National Agency of Fiscal Administration (ANAF) procedure on holding meetings between the central tax authority and taxpayers by means of remote video communication, forming part of Order No. 705/2026, was published in the Romanian Official Gazette, Part I, No. 494. The procedure allows a defined set of tax proceedings, including tax inspections, audits of personal tax situations, hearings, audiences and mediation, to be conducted through the ANAF videoconference platform.

Slovenian legal acts

Regulation on the Implementation of the EU Regulation on the European Digital Identity Wallet

  • On 7 May 2026, the Regulation on the Implementation of the EU Regulation on the European Digital Identity Wallet (Official Gazette of the Republic of Slovenia, No. 581/26) was adopted. This is the core implementing measure for the EUDI Wallet in Slovenia under eIDAS 2.0 (Regulation (EU) 2024/1183). The regulation designated the ministry responsible for the central service for online login and electronic signature as the authority for the relying party register and authentication mechanism. It also established unique identification of EUDI Wallet users via a recalculated identifier that may not be used for other purposes or for linking databases. It entered into force on 23 May 2026.

Rules of the SISBON System for Exchange of Information on Indebtedness of Natural Persons

  • On 2 June 2026, the Rules of the SISBON System for Exchange of Information on Indebtedness of Natural Persons (Official Gazette of the Republic of Slovenia, No. 938/26) was adopted, establishing a comprehensive GDPR-compliant framework for the exchange of personal financial data. Access requires qualified digital certificates under eIDAS. The Rules introduce provisions on automated access for concluding credit transactions, subject to prior DPIA. Individual rights are established in line with GDPR Articles 15-22, including explanation of automated decision-making logic, exercisable via the “Moj SISBON” application (requiring medium-level electronic identification). It entered into force on 27 June 2026.

Rules of the SISBIZ System for Exchange of Information on Indebtedness of Business Entities

  • On 2 June 2026, the Rules of the sisbiz System for Exchange of Information on Indebtedness of Business Entities (Official Gazette of the Republic of Slovenia, No. 937/26) was adopted. The Rules mirror the SISBON security provisions (eIDAS digital certificates, audit trails, role-based access controls). Notably, the Rules introduce an ESG data chapter (applicable from 1 September 2026): business entities may voluntarily report environmental, social, and governance data to the Central Credit Register via the “Moj SISBIZ” application. ESG data is classified as confidential. It entered into force on 27 June 2026.

Decision on the Fulfilment of Technical Conditions for Establishing the Online Search Engine for Property Sales in Insolvency Proceedings

  • On 13 April 2026, the Decision on the Fulfilment of Technical Conditions for Establishing the Online Search Engine for Property Sales in Insolvency Proceedings (Sklep o izpolnitvi tehničnih pogojev za vzpostavitev spletnega iskalnika prodaj premoženja v stečajnih postopkih) was adopted, with which the Minister of Justice confirmed the fulfilment of technical conditions for the online search engine for property sales in insolvency proceedings. The search engine is part of the e-Auction portal (sodnedrazbe.si) managed by the Supreme Court of the Republic of Slovenia.

Launch of the Renewed eSodstvo Portal with New Security Scheme

  • On 23 June 2026, the Supreme Court of the Republic of Slovenia announced the launch of the renewed eSodstvo (e-Judiciary) Portal (available at esodisce.si) with a new judicial security scheme, operational from 26 June 2026. Login now requires authentication via the national SI-PASS system using electronic identification means of high assurance level (e.g. electronic identity card, qualified digital certificate). The previous username-and-password login method is discontinued. Existing qualified external users are migrated automatically; registered users relying on username and password must re-register. Electronic submissions still require a qualified or advanced electronic signature based on a qualified certificate.

Rules Amending the Rules on Electronic Business Operations in Insolvency Proceedings

  • On 23 June 2026, the Rules Amending the Rules on Electronic Business Operations in Insolvency Proceedings (Official Gazette of the Republic of Slovenia, No. 1062/26) was adopted. The amendment redefines and expands the catalogue of electronic insolvency operations (eINS-opravila) in the e-sodstvo system. Insolvency administrators, attorneys, the State Attorney’s Office and non-professional participants may now file electronic submissions, proposals and claims, and review electronic documents. The Rules entered into force on 29 June 2026.

Rules Amending the Rules on Electronic Business Operations in Civil Court Proceedings and Criminal Proceedings

  • On 23 June 2026, the Rules Amending the Rules on Electronic Business Operations in Civil Court Proceedings and Criminal Proceedings (Official Gazette of the Republic of Slovenia, No. 1061/26) was adopted, which represent a major overhaul of the electronic business operations framework for civil and criminal court proceedings in the e-sodstvo system. The Rules align terminology with the eIDAS Regulation and establish a new security scheme for managing user authorisations, identity verification and authentication. New e-review of court files provisions allow parties to electronically review court files. The Rules entered into force on 29 June 2026.

Turkish legal acts

DPA, Public Announcement on Matters to Be Considered When Using Security Camera Systems in Workplaces

  • On 8 June 2026, the Turkish Personal Data Protection Authority (“DPA“) published a public announcement entitled “Public Announcement on Matters to Be Considered When Using Security Camera Systems in Workplaces. The announcement addresses the processing of personal data through workplace surveillance systems and outlines the DPA’s expectations regarding the lawful use of security cameras in employment settings. The DPA emphasises that image recordings obtained through workplace security cameras constitute personal data processing activities under the Personal Data Protection Law No. 6698 (“DPL”). Security cameras may be used for purposes such as ensuring workplace security, preventing occupational accidents, protecting employees’ health and safety, and assisting in the prevention and detection of criminal activities. However, monitoring employees legitimate for broad purposes such as increasing discipline, maintaining general control or assessing productivity cannot, by themselves, constitute legitimate grounds for surveillance.

DPA, Public Announcement on Matters to Be Considered When Using Security Camera Systems in Apartment Buildings and Residential Complexes

  • On 8 June 2026, the DPA published a Public Announcement on the Use of Security Camera Systems in Apartment Buildings and Residential Complexes. The announcement was issued following an increasing number of complaints concerning the unlawful installation and operation of surveillance cameras in shared residential areas. The installation and operation of security camera systems must be based on a valid legal ground and comply with the obligations set out under the DPL as well as the Condominium Ownership Law No. 634 (634 sayılı Kat Mülkiyeti Kanunu). Security cameras may be installed in common areas for legitimate purposes such as ensuring the security of residents, protecting common property, safeguarding shared facilities and preventing criminal activities. However, any surveillance measure must respect residents’ reasonable expectations of privacy and comply with the principles of necessity, proportionality and data minimisation.

Amendments to Law No. 5651 introduce new child protection measures and a regulatory framework for digital game platforms

  • On 1 May 2026, the Law on Amendments to the Social Services Law and Certain Other Laws (“Amending Law”) was published in the Official Gazette. Among other things, the Amending Law introduces significant amendments to Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed Through Such Publications (“Law No. 5651”), including new child protection requirements for social network providers and a dedicated regulatory framework for digital game platforms. The Amending Law introduces the definitions of “game”, “game developer”, “game distributor” and game platform” into Law No. 5651, thereby establishing a dedicated legal framework for the distribution and provision of digital games in Türkiye. Social network providers may no longer provide services to children under the age of 15 and are required to implement age verification measures and offer accessible parental control tools. Social network providers with more than ten million daily accesses from Türkiye are subject to enhanced compliance obligations. In particular, such providers must implement urgent content removal and access-blocking decisions within one hour and take the necessary measures to prevent the re-publication of content that has been subject to content removal or access-blocking decisions.

Personal Data Protection Board, Principle Decision on the Processing of Biometric Data for Attendance Tracking

  • On 29 April 2026, the Turkish Personal Data Protection Board adopted Principle Decision No. 2026/921 concerning the processing of biometric data for attendance tracking purposes. The decision was subsequently announced by the DPA in order to provide guidance on the use of biometric identification systems in employment relationships. Biometric identification systems, such as fingerprint, facial recognition, iris scan and retina scan technologies, involve the processing of sensitive personal data and therefore require a particularly strict assessment. Although employers are under a legal obligation to monitor and document working hours, there is no explicit legal provision requiring attendance tracking to be carried out through biometric identification systems.

global law experts default thumbnail cover news
By Global Law Experts

posted 6 hours ago

Find the right Advisory Expert for your business

The premier guide to leading advisory professionals throughout the world

Specialism
Country
Practice Area
ADVISORS RECOGNIZED
0
EVALUATIONS OF ADVISORS BY THEIR PEERS
0 m+
PRACTICE AREAS
0
COUNTRIES AROUND THE WORLD
0
Join
who are already getting the benefits
0

Sign up for the latest advisor briefings and news within Global Advisory Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.

Naturally you can unsubscribe at any time.

About Us

Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.

Global Law Experts App

Now Available on the App & Google Play Stores.

Social Posts
[wp_social_ninja id="50714" platform="instagram"]
[codicts-social-feeds platform="instagram" url="https://www.instagram.com/globallawexperts/" template="carousel" results_limit="10" header="false" column_count="1"]

See More:

Contact Us

Stay Informed

Join Mailing List
About Us

Global Advisory Experts is dedicated to providing exceptional advisory services to clients around the world. With a vast network of highly skilled and experienced advisors, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.

Social Posts
[wp_social_ninja id="50714" platform="instagram"]
[codicts-social-feeds platform="instagram" url="https://www.instagram.com/globallawexperts/" template="carousel" results_limit="10" header="false" column_count="1"]

See More:

Global Law Experts App

Now Available on the App & Google Play Stores.

Contact Us

Stay Informed

GAE

Lawyer Profile Page - Lead Capture
GLE-Logo-White
Lawyer Profile Page - Lead Capture

Digital Law Monitor by Schönherr – 2/2026

Send welcome message

Custom Message