top of page

EU REGULATIONS: THE UPDATES, ROLLBACKS AND REWRITES TO BE READY FOR

January 12, 2023 by Phoebe-Jane Boyd


Here are some of the big updates, rollbacks and regulation rewrites to be prepared for, with pointers from those in the industry on what to expect.


You need to be ready for… Britain’s relaxing of ‘ring-fencing’ banking reforms What is it: Back in December 2022, plans were announced for the easing of banking rules that had been instituted following the global financial crisis of 2008. Chancellor Jeremy Hunt said at the time of the announcement that the changes will make the UK ‘one of the most open, dynamic and competitive financial services hubs in the world’. What is on the way: In what Hunt characterised as the use of ‘Brexit freedoms’ to make the UK a more competitive proposition, the proposed package of over 30 changes include a lifting of the bankers’ bonuses cap and the easing of capital requirements for smaller lenders. Regulations holding bankers accountable for their decisions will also be reviewed by the Government, while ‘ringfencing’ rules to keep potentially dicey investment banking from impacting retail operations will be relaxed. Take note: At the time of announcement, critics warned that the changes could lead to increased risk, while proponents highlighted plenty of opportunity for the financial sector.

You need to be ready for…. requirements of the Digital Service Act (DSA) What is it: The DSA, originally approved by the EU Council in October 2022, requires large search engines to take responsibility for the content on their websites and servers, with plans for future extensions to large online platforms. Established brands like YouTube and Facebook will be impacted… as will every business and individual that shares content there. What is on the way: ‘Large digital firms operating in the EU must submit the first set of performance reports to the EU Commission this month as a requirement,’ says Delphine Gatignol, business unit director at Newsback. ‘These companies will face fines if they allow illegal content, misinformation and cyber bullying to go unchecked.’ Take note: ‘As a signatory on the Code of Practice on Disinformation at Newsback, we will be assessing how seriously platforms are fighting disinformation,’ shares Delphine. ‘When it comes to addressing this problem, we recognise that online platforms have their work cut out. The Code was created to provide a framework and set goals to help digital firms fulfil their responsibilities. ‘Our co-signatories, as well as the platforms, include civil society actors, fact-checkers, source-raters and anti-disinformation companies. In the year ahead this smaller group will be holding digital firms accountable and ensuring the Code becomes an effective tool against disinformation.’

You need to be ready for… amendments to the Unfair Commercial Practices Directive What is it: This directive on unfair commercial practices was put in place in 2005 to boost consumer confidence while making it much easier for businesses to trade across borders. It has since been amended to enable easier enforcement, but more changes are to come. What is on the way: ‘ESG has been shaping the way both organisations and the communications sector evolve – this is one of the policies centering greenwashing and introducing standardised approaches to ESG reporting this year, addressing unclear language about environmental credentials,’ says Sarah Woodhouse, director of AMBITIOUS PR. Take note: ‘This has been an EU priority for a few years now, but this will be a big year as we prepare for 2024, when the policies for addressing these issues will enter into full force,’ advises Sarah.

You need to be ready for… the Product Environmental Footprint (PEF) What is it: This ‘multi-criteria measure of the environmental performance of a good or service throughout its life cycle’ will seek to reduce the negative environmental impacts on account supply chains. What is on the way: The planned update to the PEF will ‘introduce an improved framework for Life Cycle Assessments, that take into account the footprint of products, including upstream and downstream impacts,’ says Sarah at AMBITIOUS PR. Take note: If your business has a supply chain of any sort, this impacts you. As Sarah warns: ‘The implications will be felt by businesses outside the EU and within not only product and sustainability but also marketing and communications teams.’

You need to be ready for… the Corporate Sustainability Reporting Directive What is it: Expanding on the existing EU corporate sustainability initiatives on supply chains, the CSRD is a reporting requirement that will cover big large public and private companies meeting at least two of the following criteria: 250+ employees, €20 million or more in total assets or €40 million or more in turnover. What is on the way: ‘This has started to be applied already, but will be mandatory next year, warns AMBITIOUS PR’s Sarah. Take note: ‘Companies listed on regulated markets in the EU will be rapidly getting familiar with the rules and preparing to publish info on issues from environment, employee treatment, carbon emissions and human rights this year’. You need to be ready for… the Digital Operational Resilience Act (DORA) and the proposed Cyber Resilience Act What are they: ‘Strengthening the IT security of financial entities such as banks, insurance companies and investment firms’, DORA was put in place to ‘ensure that the financial sector in Europe is able to stay resilient through a severe operational disruption’. The Cyber Resilience Act will aim to boost existing cybersecurity rules to ensure greater security for hardware and software products. What is on the way: ‘Although it will be a couple of years before mandatory compliance for Digital Operational Resilience Act (DORA), it will eventually put financial organisations in a much stronger position for handling outages, leaks, unauthorised access and data loss,’ advises Jakub Lewandowski, Global Data Governance Officer at Commvault. ‘Within the highly sensitive information that the financial sector holds, this is incredibly important. ‘DORA lays out detailed requirements on every aspect of cybersecurity – technical, organisational and functional. Financial organisations will need to set up necessary resources, communication routes and, for the first time, we are seeing a whole article within a piece of legislation about backup requirements. With the ever-increasing threat of cyber attacks taking key institutions and even whole countries offline, DORA favours on-premises backup, rather than connection-reliant cloud backup options. Take note: ‘Preparations to comply with this legislation will involve reviewing legacy IT systems to ensure that they meet regulations and potential investment in new software, so it may be costly in the short term,’ says Jakub. ‘Yet, in the long term, the level of cybersecurity will be raised, limiting attacks, reducing downtime and, according to the EU, saving up to €290 billion annually. Any business which has connections to the EU market will have to comply with DORA’s regulations, so I predict that the UK will soon follow suit with similar regulations. These preparations take time, so work should begin now to ensure compliance in plenty of time for the inevitable conformity deadline. ‘It may still be a while until we have to take decisive action to ensure compliance with the Cyber Resilience Act, as it has just entered the initial consultation process. It is likely to be a year or two before it is finalised and then organisations will be given a 24-month transition period to comply. However, it is never too soon to be aware of upcoming changes. Regularly monitoring for updates will ensure that businesses are prepared for the changes in good time.’

You need to be ready for… incoming changes to flexible working regulation What is it: ‘Employees are to be given greater flexibility from the moment they commence employment with new legislation that will introduce a day one right for them to be able to make up to two flexible working requests in any 12-month period,’ explains Lupton Fawcett’s Glenn Jaques. ‘A flexible working request can be to work from home, job-sharing, flexitime and compressed hours requests.’ What is on the way: ‘This is a significant change from the existing position, which allows employees to make only one request after having worked for their employer for at least 26 weeks. It is not clear when the legislation will come into effect but employers need to be ready for the changes.’ Take note: ‘The proposed changes make no changes to the existing eight reasons that an employer can rely on to refuse a request. The financial penalty for breaching the flexible working rules is up to eight weeks’ pay but the larger risk comes from an unreasonable refusal, which may result in a discrimination claim. To minimise the risk employers should ensure that they give careful consideration as to alternative options to rejecting a request in order to ensure that employees are fully supported where a request cannot be fulfilled,’ advises Glenn.

For more moves in the world of politics, check out Vuelio’s Political Monitoring services.

bottom of page