Recently updated
The most recently updated articles.
Consumer Rights Directive (Directive 2011/83/EU)
Any consumer who buys online or off-premises has at least 14 days to withdraw without reason [Art. 9]; if you failed to provide the required withdrawal information, that window stretches to 12 months — and cross-border enforcement fines can reach 4 % of annual turnover [Art. 24(3)].
Directive (EU) 2019/2121 — Cross-Border Conversions, Mergers and Divisions of Limited Liability Companies
Since 31 January 2023, all Member States must provide harmonised procedures for cross-border conversions, mergers and divisions — legal counsel must secure the pre-operation certificate from the departure Member State authority or the operation cannot proceed [Art. 86m].
Regulation (EU) 2018/858 — Type-Approval and Market Surveillance of Motor Vehicles
Regulation (EU) 2018/858 has been fully applicable since 1 September 2020 — the Commission can impose administrative fines of up to EUR 30,000 per non-compliant vehicle, system or component, and your compliance or homologation team should verify conformity of production now [Art. 85(1)].
Regulation (EU) 2020/741 — Minimum Requirements for Water Reuse
Since 26 June 2023 any reclamation facility supplying treated urban waste water for agricultural irrigation must hold a permit under Regulation (EU) 2020/741 — operating without one exposes the operator to Member-State penalties that must be effective, proportionate and dissuasive [Art. 15].
EU Restructuring and Insolvency Directive — Preventive Restructuring Frameworks
Member States must offer viable enterprises access to preventive restructuring before insolvency, with a stay of up to 12 months and a cram-down mechanism — the legal team must ensure the national transposition (deadline: 17 July 2021, with electronic-means provisions phased to 17 July 2026) is reflected in internal crisis protocols.
All EU regulations
EU AI Act — Regulation on Artificial Intelligence
Which of our AI projects must we halt immediately, and what does our compliance team need to deliver before the high-risk deadline hits?
Providers placing high-risk AI systems on the EU market must achieve full conformity by 2 August 2026 — failure to comply exposes them to fines of up to EUR 15 million or 3 % of global annual turnover, while prohibited AI practices already carry penalties of up to EUR 35 million or 7 %.
Read article →Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR)
Can we defend our current data processing if a supervisory authority knocks tomorrow — and what does the next breach actually cost?
Every organisation processing EU personal data faces a permanently enforceable 72-hour breach-notification duty, and a single violation of core principles can trigger fines up to EUR 20 million or 4 % of global annual turnover — your DPO or legal counsel must act first.
Read article →NIS 2 Directive — Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union
Does our organisation fall under NIS 2, and what happens if we miss the 24-hour incident notification window?
Any medium-sized or larger entity in 18 critical sectors must comply since 18 October 2024 — essential entities face fines up to EUR 10 million or 2 % of global turnover, and the CISO must file the first incident alert within 24 hours [Art. 23(4)].
Read article →DORA — Digital Operational Resilience Act for the Financial Sector
Can our ICT infrastructure survive a major cyber incident without disrupting client services — and what happens to us if we cannot prove it to the regulator?
Since 17 January 2025 every EU financial entity must operate a fully documented ICT risk management framework, report major ICT-related incidents to the competent authority and run regular resilience testing — non-compliance triggers administrative penalties and remedial measures under national law, and the CISO or CTO should be leading the gap assessment now.
Read article →Cyber Resilience Act (CRA) — Regulation (EU) 2024/2847 on horizontal cybersecurity requirements for products with digital elements
Which of our connected products need a cybersecurity overhaul before the Cyber Resilience Act kicks in — and what happens if we miss the deadline?
Any product with digital elements sold in the EU must meet mandatory cybersecurity-by-design requirements by 11 December 2027 — non-compliance exposes manufacturers to fines of up to EUR 15 million or 2.5% of global turnover.
Read article →General Product Safety Regulation (GPSR) — Regulation (EU) 2023/988
Are the products we sell to consumers in the EU still compliant now that the new General Product Safety Regulation applies — and what happens if a recall goes wrong?
Since 13 December 2024 every consumer product on the EU market must meet the GPSR's general safety requirement — non-compliant manufacturers, importers, and online marketplaces face penalties set by each Member State under Article 44, and must offer consumers at least two free remedies in any recall [Art. 37].
Read article →European Accessibility Act — Accessibility Requirements for Products and Services
Which of our digital products and services must be accessible by 28 June 2025 — and what happens if they are not?
Any company placing consumer hardware, self-service terminals, e-commerce, banking or electronic communications services on the EU market must comply with harmonised accessibility requirements since 28 June 2025; non-compliance triggers Member State penalties that must be effective, proportionate and dissuasive, and market surveillance authorities can order product withdrawal [Art. 30, Art. 20].
Read article →Anti-Money Laundering Regulation (EU) 2024/1624 — Prevention of the Use of the Financial System for Money Laundering or Terrorist Financing
Does my business need a full KYC programme by July 2027 — and what happens if we are caught without one?
Every credit institution, financial institution, crypto-asset service provider, real-estate agent, lawyer and auditor in the EU must apply directly binding customer due diligence, beneficial-ownership and suspicious-transaction rules from 10 July 2027 — with administrative sanctions under the companion Directive (EU) 2024/1640 reaching up to EUR 10 million or 10 % of annual turnover for the most serious breaches.
Read article →Data Act — Regulation (EU) 2023/2854 on harmonised rules on fair access to and use of data
Our IoT devices generate massive amounts of data — who actually owns it, and what happens if we refuse to share it with customers or third parties after September 2025?
From 12 September 2025, any manufacturer or service provider of connected products in the EU must grant users access to product data on request — penalties are set by Member States and, for personal data infringements under Chapters II, III and V, can reach up to EUR 20 million or 4% of global turnover under the GDPR enforcement channel [Art. 40(4)].
Read article →Corporate Sustainability Due Diligence Directive (CSDDD) — Directive (EU) 2024/1760
Does our supply chain expose us to personal liability for human rights or environmental harm — and what does the CSDDD actually require before 2028?
Companies with more than 3,000 employees and EUR 900 million turnover must conduct mandatory human rights and environmental due diligence across their entire chain of activities from 26 July 2028, or face fines of at least 5% of net worldwide turnover [Art. 27(4)] and civil liability claims [Art. 29].
Read article →Carbon Border Adjustment Mechanism (CBAM) — Regulation (EU) 2023/956
Do our imports of steel, aluminium or cement from outside the EU now carry a carbon price — and what happens if we ignore the new border mechanism?
From 1 January 2026, every importer of CBAM goods (cement, iron/steel, aluminium, fertilisers, electricity, hydrogen) must hold authorised CBAM declarant status, buy CBAM certificates matching the EU ETS price, and surrender them by 30 September each year — failure to surrender triggers the EU ETS excess-emissions penalty per missing certificate, and unauthorised importers face three to five times that amount [Art. 26].
Read article →EU Deforestation Regulation (EUDR) — Regulation (EU) 2023/1115 on deforestation-free supply chains
Do my supply chains for coffee, soya, palm oil or wood pass the EU deforestation cut-off — and what happens at customs if they don't?
Any operator placing cattle, cocoa, coffee, oil palm, rubber, soya or wood products on the EU market must file a due diligence statement proving deforestation-free origin by 30 December 2026 — non-compliance risks fines of at least 4 % of annual EU-wide turnover and a market ban [Art. 25(2)].
Read article →Whistleblower Protection Directive (EU) 2019/1937 — Reporting Channels, Retaliation Bans and Compliance Obligations
Do we need a whistleblower reporting channel, and what happens if an employee reports a compliance breach before we have one?
Every private-sector entity with 50 or more workers must operate a secure internal reporting channel under Directive (EU) 2019/1937 — the transposition deadline has passed in all Member States, and failure to protect a reporting person exposes the organisation to effective, proportionate and dissuasive penalties set by national law [Art. 23].
Read article →Directive (EU) 2019/770 — Digital Content and Digital Services Contracts
Can a customer demand a refund or free fix when my SaaS product, app, or digital download does not work as promised — and what happens if our terms say otherwise?
Since 1 January 2022, any trader supplying digital content or digital services in the EU must ensure conformity with both contractual and objective quality standards — non-compliant terms are void, consumers can demand repair, price reduction, or contract termination, and your legal team must act first to align contracts with the mandatory rules.
Read article →AMLD5 — Directive (EU) 2018/843 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for money laundering or terrorist financing
Do our AML controls already cover crypto exchanges, art dealers, and the new beneficial ownership registers — or are we exposed to sanctions right now?
Since 10 January 2020, every obliged entity — including virtual currency exchange platforms and custodian wallet providers — must apply full customer due diligence; breaches can trigger fines of up to EUR 5 million or 10 % of annual turnover, and your MLRO should verify coverage immediately [Art. 1].
Read article →Directive (EU) 2015/849 — Prevention of the Use of the Financial System for Money Laundering or Terrorist Financing (AMLD4)
Is our customer due diligence programme robust enough to survive an AML supervisory inspection — and what happens if it is not?
Obliged entities that fail to implement risk-based CDD, suspicious-transaction reporting and beneficial-ownership verification face administrative fines of up to EUR 5 million or 10 % of annual turnover [Art. 59(3)], and compliance officers must act now because these obligations are permanently enforceable.
Read article →Solvency II — Directive 2009/138/EC on the taking-up and pursuit of the business of Insurance and Reinsurance
Does our insurer hold enough capital to survive a 1-in-200-year loss — and what happens to our licence if it does not?
Every EU insurer and reinsurer must continuously cover its Solvency Capital Requirement (99.5 % VaR) or face a recovery plan within six months and, if the Minimum Capital Requirement is breached, licence withdrawal — enforced by national supervisors since 1 January 2016 [Art. 138, Art. 139].
Read article →Capital Requirements Directive IV (CRD IV) — Directive 2013/36/EU on Access to Credit Institution Activity and Prudential Supervision
Does our bank's governance, capital planning and bonus structure survive the next SREP cycle — and what happens if it does not?
Credit institutions and investment firms operating in the EU must permanently meet CRD IV governance, ICAAP, capital-buffer and remuneration requirements — breaches can trigger administrative penalties of up to 10 % of annual net turnover, and the compliance function should verify alignment ahead of each annual SREP review.
Read article →Regulation (EU) 2015/848 on Insolvency Proceedings (Recast)
Our supplier in another EU Member State just filed for insolvency — can we still recover assets and lodge claims across borders, or are we locked out?
Cross-border insolvency proceedings are automatically recognised across the EU since 26 June 2017, but foreign creditors must lodge claims within a minimum of 30 days after publication or risk losing their ranking [Art. 55(6)].
Read article →Directive (EU) 2019/790 — Copyright in the Digital Single Market (DSM Directive)
Does our platform need upload filters — and what happens if a rightholder claims we are not doing enough to keep infringing content off?
Any online content-sharing service provider that stores and gives the public access to large amounts of user-uploaded copyright-protected works must obtain licences or demonstrate best efforts to prevent infringement — failure exposes the platform to direct liability for unauthorised communication to the public, with sanctions set by each Member State's transposition since 7 June 2021 [Art. 17].
Read article →Directive (EU) 2016/943 — Protection of Trade Secrets Against Unlawful Acquisition, Use and Disclosure
A competitor just hired our lead engineer — can we actually stop them from exploiting our proprietary processes across the EU?
Since 9 June 2018, any business in the EU can seek injunctions, seizure of infringing goods, and full damages for trade secret misappropriation — but only if legal counsel can demonstrate that reasonable protective steps were already in place [Art. 2(1)(c), Art. 4, Art. 12].
Read article →Directive 2008/98/EC — Waste Framework Directive (consolidated)
Are we actually meeting the EU waste recycling targets — and what does the new textile EPR obligation mean for our supply chain?
Any company generating, handling or placing products on the EU market must comply with binding municipal waste recycling targets rising to 60 % by 2030 and 65 % by 2035 [Art. 11(2)], plus mandatory textile EPR schemes by 17 April 2028 [Art. 22a] — non-compliance triggers Member State penalties that must be effective, proportionate and dissuasive [Art. 36].
Read article →Energy Performance of Buildings Directive (EPBD) — Directive 2010/31/EU
Which buildings in my portfolio still fail the nearly zero-energy standard, and what happens if I sell or rent one without a valid energy performance certificate?
Since 31 December 2020 every new building in the EU must meet the nearly zero-energy standard [Art. 9], and every sale or rental requires a valid energy performance certificate — Member States must impose effective, proportionate and dissuasive penalties for non-compliance [Art. 27].
Read article →Ecodesign Directive 2009/125/EC — Framework for Setting Ecodesign Requirements for Energy-Related Products
Can I still sell my energy-related product in the EU if I have not completed the ecodesign conformity assessment required by the applicable implementing measure?
Any manufacturer or importer placing energy-related products on the EU market without CE marking and conformity to the applicable implementing measure risks market prohibition and national penalties — your compliance team must verify product-specific implementing regulations immediately.
Read article →Critical Raw Materials Act (CRMA) — Regulation (EU) 2024/1252
Does our supply chain depend on a single-country source for lithium, cobalt or rare earths — and what happens when the EU starts enforcing diversification?
Any large company (>500 employees, >EUR 150 million turnover) using strategic raw materials in batteries, chips, wind turbines or similar technologies must complete a supply-chain risk assessment by 24 May 2025 [Art. 24], and Member States must lay down penalty rules by 24 November 2025 [Art. 47] — procurement teams that still depend on a single third-country source for more than 65% of any strategic material face mandatory mitigation action [Art. 5(1)(b)].
Read article →Regulation (EU) 2016/1011 — EU Benchmarks Regulation (BMR)
Which of our financial benchmarks need an authorised administrator — and what happens if we keep using an unregistered one?
Any administrator providing a critical, significant or EU Climate benchmark in the Union must be authorised or registered with the national competent authority or ESMA; non-compliance exposes legal persons to fines of up to EUR 1 million or 10 % of annual turnover, whichever is higher [Art. 34, Art. 42(2)].
Read article →Directive 2014/25/EU — Procurement by Entities in the Water, Energy, Transport and Postal Services Sectors
Does our next infrastructure contract in energy, water, transport or postal services need to follow EU procurement rules — and what happens if we skip the tender?
Any contracting entity operating in water, energy, transport or postal services must run a compliant procurement procedure for contracts above EUR 432,000 (supplies/services) or EUR 5,404,000 (works), with contract annulment and damages as the remedies if the procedure is flawed [Art. 15].
Read article →Directive (EU) 2021/2101 — Public Country-by-Country Reporting of Income Tax Information
Does my multinational group have to publicly disclose how much tax it pays in every country — and what happens if the first report is late?
Groups with consolidated revenue above EUR 750 million must publish a country-by-country income tax report for financial years starting on or after 22 June 2024; penalties are set by each Member State under the Directive 2013/34/EU enforcement framework, and the statutory auditor must flag non-compliance in the audit report [Art. 48f].
Read article →Directive (EU) 2016/2102 — Accessibility of Websites and Mobile Applications of Public Sector Bodies
Are our public sector websites and apps actually compliant with EU accessibility rules — and what happens when a citizen files a complaint?
Every public sector website and mobile application in the EU must already meet harmonised accessibility requirements under EN 301 549 — non-compliance exposes the body to enforcement proceedings under national law and mandatory corrective action via the feedback and complaint mechanism [Art. 9].
Read article →Regulation (EC) No 1924/2006 on Nutrition and Health Claims Made on Foods
Can our marketing team legally say our product 'boosts immunity' or 'reduces cholesterol' on EU labels and ads?
Every health claim on food labels or advertising in the EU must be pre-authorised by the Commission and listed in the Community Register since 1 July 2007 — unauthorised claims trigger enforcement by national authorities, including product withdrawal and injunctions [Art. 10].
Read article →SFDR — Sustainable Finance Disclosure Regulation
Are our ESG fund disclosures actually compliant with SFDR — and what happens at the next audit if they are not?
Every financial market participant and financial adviser in the EU must already publish sustainability risk policies, principal adverse impact statements and product-level ESG disclosures — non-compliance risks supervisory sanctions from national competent authorities and reputational damage that can trigger investor outflows overnight.
Read article →Unfair Commercial Practices Directive (UCPD) — Directive 2005/29/EC
Could our marketing, dark patterns or review practices expose us to fines of 4% of turnover under the EU's unfair commercial practices blacklist?
Any trader targeting EU consumers is permanently subject to the Unfair Commercial Practices Directive — with cross-border fines of at least 4% of annual turnover or EUR 2 million since 28 May 2022 — and your compliance team should audit every customer touchpoint against the 31-item blacklist now.
Read article →Directive (EU) 2024/1275 on the Energy Performance of Buildings (EPBD recast)
Do our buildings meet the new EU zero-emission standards — and what happens if we miss the 2030 renovation deadline?
Every new building in the EU must be zero-emission from 1 January 2030, and the worst-performing 16% of non-residential buildings must be renovated by the same date — Member States must transpose effective, proportionate and dissuasive penalties by 29 May 2026 [Art. 34].
Read article →Directive 2014/59/EU — Bank Recovery and Resolution Directive (BRRD): Framework for the Recovery and Resolution of Credit Institutions and Investment Firms
If our bank or investment firm is failing, who bears the losses first — and can the resolution authority seize our shareholders' and creditors' money overnight?
Yes — since 1 January 2016 resolution authorities can bail in shareholders and unsecured creditors up to 8 % of total liabilities before any public funds are used, with administrative fines of up to 10 % of annual net turnover for institutions that fail to maintain recovery plans or meet MREL [Art. 111(2)(d)].
Read article →Directive (EU) 2016/798 on Railway Safety (Recast)
Do we need a single safety certificate before our trains can run on EU tracks — and what happens if our safety management system fails an audit?
Every railway undertaking needs a single safety certificate from the EU Agency for Railways or the national safety authority before accessing any EU rail infrastructure — operating without one means immediate exclusion from the network and potential national penalties [Art. 10, Art. 30].
Read article →EU Prospectus Regulation — Securities Offerings and Regulated Market Admissions
Do we need an approved prospectus before we can offer these securities to investors, and what happens if we get it wrong?
Any issuer offering securities to the EU public or seeking regulated-market admission must first obtain competent-authority approval of a prospectus — non-compliance exposes legal persons to administrative sanctions of at least EUR 5 million or 3 % of annual turnover, with the new EU Follow-on and EU Growth prospectus regimes applying from 5 March 2026.
Read article →Regulation (EU) 2018/848 on organic production and labelling of organic products
Can we actually label our food products as 'organic' in the EU, and what happens if our certification lapses or our supply chain is non-compliant?
Any operator placing organic products on the EU market must hold a valid certificate issued under Regulation (EU) 2018/848 — without it, the organic claim must be removed immediately, and Member States impose penalties under national law that can include withdrawal of the certificate and a ban on marketing [Art. 35, Art. 42].
Read article →Medical Device Regulation (EU) 2017/745 — MDR
Can I still sell my medical device in the EU if it only has an old MDD certificate — and what happens when those certificates expire?
Legacy MDD/AIMDD certificates expire on 31 December 2027 for class III and IIb implantable devices or 31 December 2028 for all others — after that, placing a non-MDR-certified device on the market is unlawful and Member States must impose effective, proportionate and dissuasive penalties [Art. 113].
Read article →Regulation (EU) 2017/746 — In Vitro Diagnostic Medical Devices Regulation (IVDR)
Does my IVD still have a valid CE mark — and what happens when the IVDR transition window closes?
IVD manufacturers that fail to transition legacy devices to the IVDR face removal from the EU market — Class D devices by 31 December 2027, Class C by 31 December 2028, Class B by 31 December 2029 — with penalties set by each Member State.
Read article →MiFID II — Directive on Markets in Financial Instruments (2014/65/EU)
Are our investment services compliant with MiFID II — and what happens at the next supervisory audit if they are not?
Investment firms, banks offering investment services, and market operators face fines of up to EUR 5 million or 10 % of annual turnover if they breach MiFID II's investor-protection, product-governance, or market-structure rules — compliance and legal teams must verify ongoing adherence now.
Read article →Payment Services Directive 2 (PSD2) — Directive (EU) 2015/2366
Does my payment checkout actually comply with Strong Customer Authentication — and what happens to my business if a regulator finds it does not?
Any entity providing payment services in the EU must apply Strong Customer Authentication since 14 September 2019, and national competent authorities can impose effective, proportionate and dissuasive penalties for non-compliance — including public disclosure of sanctions [Art. 97, Art. 103].
Read article →Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA)
Do we need a MiCA licence before we can keep operating our crypto exchange or custody service in the EU — and what happens if we miss the deadline?
Every crypto-asset service provider in the EU must hold a MiCA authorisation by 1 July 2026 at the latest — operating without it exposes the entity to fines of up to EUR 5 million or 12.5 % of annual turnover and an immediate cease-and-desist order [Art. 59, Art. 111].
Read article →Data Governance Act (DGA) — Regulation (EU) 2022/868
Do we need to register as a data intermediary or data altruism organisation before we can legally broker data in the EU?
Any entity providing data intermediation services in the EU must notify the competent authority under the Data Governance Act, applicable since 24 September 2023 — non-compliance exposes providers to Member-State penalties and potential service prohibition [Art. 11, Art. 14].
Read article →Digital Services Act (DSA) — Regulation on a Single Market for Digital Services
Does our platform need a compliance officer, risk assessment and advertising repository under the DSA — and what happens if we miss the obligations?
Any intermediary service offered to EU users must comply with the DSA since 17 February 2024, with fines up to 6% of worldwide annual turnover — and platforms reaching 45 million monthly active users face additional VLOP obligations enforced directly by the European Commission.
Read article →Ecodesign for Sustainable Products Regulation (ESPR) — Regulation (EU) 2024/1781
Which of our products will need a Digital Product Passport before they can be sold in the EU — and what happens if we miss the deadline?
Any manufacturer, importer or distributor placing physical goods on the EU market must comply with product-specific ecodesign requirements once the Commission adopts delegated acts (first possible from 19 July 2025 onward) — non-compliant products face market withdrawal and fines set by Member States, plus potential exclusion from public procurement [Art. 74].
Read article →EU Battery Regulation — Sustainability, Passport and End-of-Life Rules for All Battery Categories
Do our batteries need a digital passport and carbon footprint declaration before we can keep selling them in the EU?
Any company placing EV, industrial (>2 kWh) or LMT batteries on the EU market must issue a battery passport by 18 February 2027 — and carbon footprint declarations are already due for EV batteries since February 2025, with non-compliant products barred from the market.
Read article →CLP Regulation — Classification, Labelling and Packaging of Substances and Mixtures
Are our chemical labels compliant — and what happens if an inspector finds they are not?
Any manufacturer, importer or downstream user placing a substance or mixture on the EU market must classify, label and package it under the CLP Regulation — non-compliance triggers Member-State penalties that must be effective, proportionate and dissuasive, and enforcement authorities can pull non-conforming products from the market [Art. 47].
Read article →Machinery Regulation (EU) 2023/1230 — New rules for machinery, AI safety components and digital instructions
Our machines have CE marking under the old Machinery Directive — do we need to re-certify everything before January 2027?
Any machinery or safety component placed on the EU market from 20 January 2027 must comply with the new Machinery Regulation (EU) 2023/1230 — non-compliant products face market prohibition, withdrawal or recall enforced by national authorities, and Member States must have penalty regimes in place by 20 October 2026 [Art. 50].
Read article →Machinery Directive 2006/42/EC — CE marking, risk assessment and conformity rules for machinery on the EU market
Our machinery carries CE marking under Directive 2006/42/EC — what exactly must we prove to market surveillance authorities if they challenge our conformity today, and what changes when the new Machinery Regulation takes over?
Any manufacturer placing machinery on the EU market must hold a complete technical file, an EC declaration of conformity and a valid CE marking under Directive 2006/42/EC [Art. 5], with penalties set by each Member State that must be effective, proportionate and dissuasive [Art. 23] — and all products first placed on the market from 20 January 2027 must instead comply with the replacement Regulation (EU) 2023/1230.
Read article →Consumer Rights Directive (Directive 2011/83/EU)
Can a customer return our product bought online after 14 days — and what happens if our withdrawal notice is defective?
Any consumer who buys online or off-premises has at least 14 days to withdraw without reason [Art. 9]; if you failed to provide the required withdrawal information, that window stretches to 12 months — and cross-border enforcement fines can reach 4 % of annual turnover [Art. 24(3)].
Read article →Product Liability Directive (EU) 2024/2853 — No-Fault Liability for Defective Products Including Software and AI
If our AI-powered product injures someone after a software update, who pays — and can we still rely on the old Product Liability Directive defences?
From 9 December 2026, any manufacturer, importer or even fulfilment service provider placing a product — including standalone software and AI systems — on the EU market faces strict no-fault civil liability with no financial ceiling, and courts can presume both defectiveness and causation where the claimant faces technical complexity [Art. 10(4)].
Read article →Directive 2014/24/EU on Public Procurement
Which of our above-threshold purchases require a full EU-wide tender — and what happens if we skip the procedure?
Any contracting authority awarding supply or service contracts worth EUR 140,000 or more (EUR 216,000 for sub-central bodies) without the procedures mandated by Directive 2014/24/EU risks having the contract declared ineffective and facing damages claims from excluded competitors under the Remedies Directive 89/665/EEC.
Read article →Directive 2012/19/EU on Waste Electrical and Electronic Equipment (WEEE)
Are we legally responsible for every old laptop and server our customers throw away — and what happens if our WEEE registration is missing?
Any producer placing electrical or electronic equipment on the EU market must register, finance take-back, and hit 65 % collection targets under Directive 2012/19/EU — non-compliance triggers national penalties and potential market access bans, with your compliance team needing to act first.
Read article →Directive (EU) 2019/2121 — Cross-Border Conversions, Mergers and Divisions of Limited Liability Companies
We want to move our subsidiary's registered office to another EU Member State or split it cross-border — what procedural requirements can block the operation, and what happens to dissenting shareholders?
Since 31 January 2023, all Member States must provide harmonised procedures for cross-border conversions, mergers and divisions — legal counsel must secure the pre-operation certificate from the departure Member State authority or the operation cannot proceed [Art. 86m].
Read article →Directive (EU) 2019/1151 — Digitalisation of Company Law (Online Formation, Branch Registration, BRIS)
Can I form a subsidiary or register a branch in another EU Member State entirely online — and will a director disqualified in one country be flagged across the Union?
Since 1 August 2021, every Member State must offer fully online company formation within 5 to 10 working days and cross-border director disqualification checks via BRIS [Art. 13g, Art. 13i of Directive 2017/1132 as amended] — legal counsel should verify that the target Member State's portal is operational before initiating any cross-border expansion.
Read article →Regulation (EU) 2022/612 — Roaming on public mobile communications networks within the Union (recast)
Are we charging our roaming customers correctly under the recast Roaming Regulation — and what happens if our wholesale agreements or retail transparency fall short?
Since 1 July 2022, every EU mobile operator must offer roam-like-at-home at domestic prices, respect declining wholesale caps that reach EUR 1.00/GB by 2027 [Art. 11], and meet strict quality-of-service and transparency rules — with Member States required to impose effective, proportionate and dissuasive penalties for non-compliance [Art. 19].
Read article →Regulation (EU) 2018/858 — Type-Approval and Market Surveillance of Motor Vehicles
Do our vehicles still meet EU type-approval requirements — and what happens if market surveillance finds they don't?
Regulation (EU) 2018/858 has been fully applicable since 1 September 2020 — the Commission can impose administrative fines of up to EUR 30,000 per non-compliant vehicle, system or component, and your compliance or homologation team should verify conformity of production now [Art. 85(1)].
Read article →Regulation (EU) 2020/741 — Minimum Requirements for Water Reuse
Can we legally irrigate our fields with treated waste water — and what do we need before turning on the tap?
Since 26 June 2023 any reclamation facility supplying treated urban waste water for agricultural irrigation must hold a permit under Regulation (EU) 2020/741 — operating without one exposes the operator to Member-State penalties that must be effective, proportionate and dissuasive [Art. 15].
Read article →EU Restructuring and Insolvency Directive — Preventive Restructuring Frameworks
Our company is sliding toward insolvency — can we restructure early enough to keep operating, and what does the new EU framework actually require from us?
Member States must offer viable enterprises access to preventive restructuring before insolvency, with a stay of up to 12 months and a cram-down mechanism — the legal team must ensure the national transposition (deadline: 17 July 2021, with electronic-means provisions phased to 17 July 2026) is reflected in internal crisis protocols.
Read article →Directive 2000/78/EC — General Framework for Equal Treatment in Employment and Occupation
Could a dismissed employee claim discrimination based on age, religion, disability, or sexual orientation — and what would that cost your organisation?
Under Directive 2000/78/EC, enforceable since 2 December 2003, any employer in the EU that discriminates in hiring, promotion, or dismissal on grounds of religion, disability, age, or sexual orientation faces sanctions that Member States must make effective, proportionate, and dissuasive [Art. 17] — Legal and HR must act first.
Read article →Directive 2006/66/EC on batteries and accumulators and waste batteries and accumulators
Our products contain batteries — do we still need to comply with the old Battery Directive, or has the new Batteries Regulation taken over?
Directive 2006/66/EC was repealed on 18 August 2025 by Regulation (EU) 2023/1542, but its legacy obligations on collection rates, recycling efficiencies and substance bans shaped national transposition laws that remain enforceable until fully superseded — compliance teams should verify alignment with the successor Regulation now.
Read article →Regulation (EC) No 178/2002 — General Food Law: Principles, EFSA and Food Safety Procedures
If a contamination incident hits our supply chain tomorrow, can we actually trace every ingredient back to its source — and what happens if we cannot?
Every food and feed business operator in the EU must be able to identify suppliers and recipients of all products at all times — failure to maintain traceability triggers immediate withdrawal obligations and Member State penalties that are required to be effective, proportionate and dissuasive [Art. 18, Art. 17(2)].
Read article →Common entry points
- High-risk systems under the AI Act →
- GDPR and data processors →
- NIS2 reporting obligations →
- DORA and ICT third-party providers →
- CRA and SBOM →
- Product safety (GPSR) →
- Accessibility (EAA) →
- Anti-money laundering (AMLR) →
- Data access rights (Data Act) →
- Supply chain due diligence (CSDDD) →
- Carbon border adjustment (CBAM) →
- Deforestation regulation (EUDR) →
- Whistleblower protection →