The United States and the European Union (EU)’s 27 Member States share a $7.1 trillion economic relationship, the largest economic relationship in the world. The digital economy underpins practically every aspect of it.

During the 2019-2024 European Commission (EC) mandate the EU took an assertive stance toward regulating the digital economy. Based on two strategic communications, Shaping Europe’s Digital Future and Europe’s Digital Decade, the EC set out its vision for a human-centric, sustainable digital society to empower citizens and businesses through establishing: a digitally skilled population and highly skilled digital professionals; secure and sustainable digital infrastructure; digital transformation of businesses; and digitalization of public services. Details on the EU’s progress toward achieving its digital economy objectives can be found in the EC’s report on the State of the Digital Decade 2024.

In July 2023 the United States and the EU enacted the EU-U.S. Data Privacy Framework as a replacement for the Privacy Shield, reestablishing a legal mechanism for transfers of personal data from the EU to the United States. Transatlantic data flows are critical for all companies large and small across all sectors of the economy.

The EU held elections in June 2024 and the new EC is working to identify its leaders, who should be confirmed by November 1, and who will define and articulate the EC’s priorities for its 2024-2029 mandate.

Challenges

The EU digital economy is highly regulated. A host of newly enacted regulations still in the early stages of implementation make the regulatory environment complex, opaque and potentially fragmented. Startups and small and medium-sized enterprises (SMEs) with limited financial resources face a disproportionate burden and often exist in a gray zone when facing regulatory compliance compared to larger companies.

The General Data Protection Regulation (GDPR), enacted in 2018, governs the transfer of personal data outside the EU and the European Economic Area (EEA). The GDPR provides detailed provisions on the rights of the data subject, the duties of data controllers and processors, data transfers, supervisory authorities, remedies, liabilities, and penalties.

During the 2019-2024 Commission mandate, the EU enacted numerous pieces of legislation governing the digital economy, including:

• Digital Markets Act (DMA): Enacted in 2022, this ex-ante regulation aims to harmonize rules on competition in digital markets and make digital markets fairer and more contestable by preventing large companies from abusing market power.
• Digital Services Act (DSA): Enacted in 2022, the DSA includes measures for companies in scope to counter illegal content; combat the online sale of illegal products and services; reduce disinformation, and better protect minors online.
• Data Governance Act: Enacted in 2022, the Act regulates the reuse of certain categories of data held by public sector bodies and is a key pillar of the European strategy for data.
• Data Act: Enacted in 2023, the Data Act covers business-to-business, business-to-government, and business-to-consumer sharing of non-personal data stored within industrial applications (e.g., robots, wind farms) and smart devices (e.g., smart TVs, connected cars).
• Network and Information Systems (NIS) Directive and its revision, known as NIS2: Enacted in 2023, the Directive aims to enhance the security of network and information systems within the EU by requiring operators of critical infrastructure and essential services to implement security measures and report incidents to relevant authorities.
• Artificial Intelligence (AI) Act: Enacted in 2024, the Act seeks to set a global standard for AI technologies and divides AI applications into four risk categories: Applications and systems that create an unacceptable risk, e.g., social scoring, are banned; high-risk applications, e.g., a credit scoring, are subject to specific legal requirements; limited risk applications, e.g., chatbots, need to abide by specific transparency obligations; and minimal/No risk applications, e.g., spam filters, are left unregulated.
• European Digital Identity Framework (eID): Enacted in 2024, the framework is available to EU citizens, residents, and businesses who want to identify themselves or provide confirmation of certain personal information, for both online and offline public and private services across the EU.
• Cyber Resilience Act (CRA): Proposed by the EC in 2022, the Act will enter into force in the second half of 2024. It creates approval processes for a wide range of digital products and services.
• Cybersecurity Act: Enacted in 2019, with amendments proposed in 2023, the Cybersecurity Act seeks to strengthen the EU Agency for Cybersecurity (ENISA) and establish a cybersecurity certification framework for products and services.

Still other proposed pieces of legislation remain pending at the conclusion of the mandate, including:

• European Cybersecurity Certification Scheme for Cloud Services (EUCS), seeks to harmonize the requirements for obtaining cybersecurity certificates for cloud service providers among the EU Member States.
• Regulation on Privacy and Electronic Communications, would expand the scope of the existing e-Privacy Directive of 2002, which applies to traditional telecommunications services providers, to include over-the-top Internet-enabled services.

The EC is also working to ensure the security and resilience of the EU’s connectivity sector and telecommunications infrastructure. While no legislation has been proposed as of this writing, consideration has been given to financing infrastructure investment in part by requiring large Internet-enabled service suppliers (primarily U.S. firms) to make direct payments (referred to as “network usage fees”) to European telecommunications network operators. Opponents of this approach say such a mechanism is unnecessary and could harm the Internet ecosystem.

In addition, although the United States and the EU Member States share the largest economic relationship in the world, U.S. goods and services face persistent barriers entering and maintaining access to certain sectors of the EU economy, including those in the digital economy. Additionally, the rise of a growing digital sovereignty narrative that has been embraced by some close partners and allies has the potential to undermine key digital economy and cybersecurity objectives by blocking access to EU markets, unduly preventing cross-border data flows, and preferencing domestic manufacturers and service providers. The United States Trade Representative’s 2024 National Trade Estimate Report on Foreign Trade Barriers outlines many of the barriers to U.S. goods and services in the EU, including in areas related to the digital economy.

Opportunities

Opportunities for doing business with the EU institutions are handled through public procurement. Projects above certain financial thresholds (depending on the product or service involved) are posted on the Tenders Electronic Daily (TED) platform.

Most opportunities in the EU, both public and private, are in the individual Member States. For information on the best prospects in each of the 27 Member States, please consult the relevant individual Member State Country Commercial Guides.

Resources

• U.S. Department of Commerce, International Trade Administration, Industry & Analysis Office of Digital and Emerging Technology Service (DETS) 
• National Trade Estimates Report – Digital Trade Barriers
• White House CET List, e.g., Artificial Intelligence -> Machine Learning
• United States International Cyberspace & Digital Policy Strategy - United States Department of State
• United States comments on European Consultation: “The future of the electronic communications sector and its infrastructure” | National Telecommunications and Information Administration (ntia.gov)