/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2026-01-20-19-34-05-027-696fd8ad1237b1732a1fef3b.jpg)
As 2026 unfolds, new EU regulations take effect, additional obligations become enforceable, and fresh initiatives are introduced. If you need an at-a-glance guide to the key legal developments affecting technology and online businesses, you’re in the right place. This blog offers a quick overview of what is coming, who is affected, and when the changes apply. Interested in cybersecurity law? Don’t miss our upcoming 2026 overview of European cybersecurity law, and subscribe to Reed Smith’s Emerging Technologies and Entertainment & Media posts.
A. Digital Omnibus package
What? The European Commission is exploring a “Digital Omnibus” package to streamline and align aspects of existing EU digital laws. Potential areas include the GDPR, ePrivacy, the Data Act, artificial intelligence rules, and cybersecurity frameworks. Given the breadth of possible changes, Reed Smith prepared an in‑depth analysis of the package’s objectives and potential reforms.
Who? Potentially the majority of companies operating in the EU could be affected by these changes, not only technology or data-driven businesses, due to the cross-sector reach of the targeted frameworks.
When? Further discussions are expected in early 2026, with timing and content dependent on stakeholder feedback.
B. General Product Safety Regulation (GPSR)
What? The GPSR is the EU’s modern product safety framework replacing the General Product Safety Directive. Commission guidance issued in 2025 clarifies key concepts, including the broad definition of “product” (covering digital and hybrid products).
Who? All economic operators placing products on the EU market, manufacturers, importers, authorized representatives, fulfillment service providers, and online marketplaces; with complementary duties for marketplaces under the DSA.
When? In force since December 13, 2024. With guidance now available, market surveillance is expected to intensify through 2026. Operators should continue to strengthen compliance programs, particularly in relation to the EU´s considerations on digital and hybrid products.
C. AI Act
What? The EU AI Act (AI Act) establishes a risk‑based framework for trustworthy AI, including prohibitions, comprehensive obligations for high‑risk systems, transparency duties for certain AI, governance structures, and support measures.
Who? Providers, deployers, importers, distributors, and product manufacturers integrating AI in the EU.
When? In force since August 1, 2024. Regulations on prohibited AI apply from February 2, 2025. The AI Act applies from August 2, 2026, with remaining specific high-risk AI obligations applying by August 2, 2027. Practically, 2026 is the pivotal year for operational readiness.
D. Data Act (DA)
What? The DA creates user rights to access and port data generated by connected products and associated services, with significant implications for data access, product lifecycles, technical architectures (including APIs and export functions), and contracting.
Who? Manufacturers of connected products, providers of associated services, and cloud providers, who must enable access and portability both technically and organizationally.
When? In force since January 11, 2024; most rules apply from September 12, 2025. Core data‑access obligations apply from September 12, 2026. Expect 2026 to focus on implementation and the first contractual and operational disputes.
E. Revised Product Liability Directive (PLD)
What? The revised PLD modernizes EU product liability rules to reflect digitalization and complex global supply chains. It explicitly covers digital products, including software, and materially changes the risk landscape for companies placing products, physical or digital, on the EU market. Member states have already begun publishing draft national implementing laws.
Who? All producers and relevant economic operators for movable and immovable products placed on the market or put into service in the EU, with explicit inclusion of digital products.
When? Member states must transpose the Directive by December 9, 2026. Given its implications, businesses should assess impacts on product design, documentation, and insurance well ahead of national implementation. Reed Smith offers a series of webinars in February 2026 in particular addressing liability for digital products and related topics.
F. Distance Marketing of Financial Services Directive
What? The Distance Marketing of Financial Services Directive amends the EU Consumer Rights Directive und requires consumers to be able to withdraw from contracts via a dedicated withdrawal function on an online interface (a “withdrawal button”). Read our extensive analysis on the topic.
Who? Applies to all distance contracts concluded via an online user interface, including websites and apps.
When? Member states are expected to implement the amendments by June 19, 2026.
G. Quantum Act
What? The legislative initiative on the Quantum Act aims to develop a robust European quantum ecosystem and enhance strategic autonomy, supporting research, and deployment of quantum technologies. No formal legislative proposal has been published yet.
Who? Companies in the quantum technology value chain, universities and research institutions, public‑sector bodies, and stakeholders in cybersecurity and defense.
When? The Quantum Act remains at the strategy and consultation stage and is expected to be submitted for adoption in 2026. The timing of any final adoption and entry into force is not yet certain.
H. Space Act
What? The proposed EU Space Act seeks to establish a harmonized regulatory framework for space activities across the EU, simplifying compliance and addressing safety, resilience, and environmental objectives.
Who? Space service providers and related operators across the space‑based data and services ecosystem.
When? The feedback period has closed. Under the current draft, application would begin on January 1, 2030, subject to the legislative process and potential revisions.
I. Digital Fairness Act
What? The Digital Fairness Act is a legislative initiative the Commission announced in its 2026 work program. It is expected to regulate certain online commercial practices that affect consumers such as dark patterns, marketing practices, and certain aspects of digital product design; and to complement existing frameworks like the DSA.
Who? The scope remains under development but is expected to focus on B2C offerings, notably social media platforms, e‑commerce, and gaming platforms.
When? The public consultation concluded in 2025. A first draft is tentatively expected by the end of 2026.
J. e‑Evidence Regulation and Directive
What? The e‑Evidence package introduces a new EU framework for cross‑border access by law‑enforcement authorities to data. Although it has received relatively little attention, the compliance obligations can be significant. For example, in emergencies, covered providers may need to produce requested data within eight hours, with the risk of substantial fines for non‑compliance.
Who? Electronic communications services, cloud computing services, and platforms enabling user‑to‑user communication (for example, online platforms, gaming platforms, and social media).
When? Member states must transpose the Directive by February 18, 2026. The Regulation will apply from August 18, 2026.
Reed Smith stands ready to help you navigate the rapidly evolving legal landscape. Our interdisciplinary team covers the full spectrum of European digital law, including privacy and data protection, platform and consumer rules, AI and data governance, data sharing and cloud, cybersecurity, product safety and liability. If you would like to discuss how these developments affect your organization, please reach out to your usual Reed Smith contact.