EU Tech & Privacy Glossary
Plain-language explanations of the regulations, frameworks, and concepts that shape European digital sovereignty in 2026. Bookmark this page — references to these terms appear throughout BetterInEurope's content.
GDPR (General Data Protection Regulation)
The European regulation, in force since 2018, that protects personal data of EU residents and shapes how every business worldwide handles their data.
Read definition → US Surveillance LawCLOUD Act (Clarifying Lawful Overseas Use of Data Act)
A 2018 US law that allows US authorities to compel American companies to hand over data, regardless of where the data is physically stored.
Read definition → EU Court RulingSchrems II
The 2020 European Court of Justice ruling that invalidated the EU-US Privacy Shield, making transatlantic data transfers legally precarious for European businesses.
Read definition → EU Digital IdentityeIDAS 2.0 (electronic IDentification, Authentication and trust Services 2.0)
The 2024 update to EU electronic identity regulation that mandates a European Digital Identity Wallet for every EU citizen by 2026.
Read definition → EU AI RegulationEU AI Act
The world's first comprehensive legal framework for artificial intelligence. Risk-based classification, in force since 2024, with major enforcement provisions in 2025-2026.
Read definition → EU CybersecurityNIS2 (Network and Information Security Directive 2)
EU cybersecurity directive applying to essential and important entities in 18+ sectors, with national transposition deadline October 2024.
Read definition → EU Financial RegulationDORA (Digital Operational Resilience Act)
EU regulation establishing operational resilience requirements for financial institutions, in force from January 2025.
Read definition → Strategic ConceptDigital Sovereignty
The capacity for European individuals, organizations, and states to control their digital infrastructure, data, and tools without dependency on foreign powers.
Read definition → Strategic ConceptData Sovereignty
The principle that digital data is subject to the laws of the country where it is collected, stored, or processed.
Read definition → Cloud ArchitectureCloud Sovereignty
The architectural and legal property of cloud infrastructure that ensures data, operations, and control remain under the jurisdiction of a specific country or region — typically the EU.
Read definition → EU Competition LawDMA (Digital Markets Act)
The 2022 EU regulation imposing obligations on designated "gatekeeper" platforms (Apple, Google, Meta, Amazon, Microsoft, ByteDance) to ensure fair digital markets.
Read definition → EU Content RegulationDSA (Digital Services Act)
The 2022 EU regulation establishing content moderation, transparency, and user protection requirements for online platforms operating in the EU.
Read definition → EU Cloud FederationGAIA-X
A European initiative founded in 2019 to build a federated, secure, sovereign data and cloud infrastructure for Europe based on common standards and shared values.
Read definition → EU Privacy LawePrivacy Regulation
The proposed EU regulation that would replace the 2002 ePrivacy Directive, governing electronic communications privacy including cookies, tracking, and unsolicited communications.
Read definition → EU-US Data TransferPrivacy Shield
The 2016 EU-US data transfer framework invalidated by the Court of Justice of the EU in 2020 (Schrems II ruling). Replaced in 2023 by the EU-US Data Privacy Framework.
Read definition → EU-US Data TransferEU-US Data Privacy Framework
The 2023 successor to the invalidated Privacy Shield, establishing a new legal basis for transatlantic data transfers between the EU and US.
Read definition → EU Strategic ConceptEuroStack
A 2024-2026 political concept advocating coordinated EU investment in end-to-end European tech stack sovereignty — from semiconductors through cloud to applications.
Read definition → EU Industrial PolicyEU Chips Act
The 2023 EU regulation aimed at doubling Europe's share of global semiconductor production to 20% by 2030, mobilizing €43 billion in public and private investment.
Read definition → EU Data RegulationData Act
The 2024 EU regulation establishing rights to access and use data generated by IoT devices and connected products, addressing non-personal data alongside GDPR's personal data focus.
Read definition → EU CybersecurityCyber Resilience Act (CRA)
The 2024 EU regulation establishing cybersecurity requirements for products with digital elements throughout their lifecycle, with full applicability by 2027.
Read definition → EU-US Data TransferTransfer Impact Assessment (TIA)
A documented assessment European data exporters must conduct under Schrems II requirements, evaluating whether destination jurisdictions provide adequate data protection equivalent to GDPR.
Read definition → EU-US Data TransferStandard Contractual Clauses (SCCs)
EU-approved contractual templates that establish a legal basis for personal data transfers from the EU to non-EU countries lacking adequacy decisions.
Read definition → EU-US Data TransferBinding Corporate Rules (BCRs)
Internal data protection policies adopted by multinational groups to enable intra-group transfers of personal data outside the EU under approved frameworks.
Read definition → EU Compute InfrastructureEuroHPC (European High Performance Computing Joint Undertaking)
EU joint undertaking pooling resources to develop and deploy high-performance computing and quantum computing infrastructure across European member states.
Read definition → EU Data StrategyData Spaces
EU concept for federated, cross-organizational data exchange ecosystems with shared governance and technical standards, addressing both personal and non-personal data.
Read definition → EU Court RulingSchrems I
The 2015 Court of Justice of the EU ruling (Case C-362/14) that invalidated the original EU-US Safe Harbor framework, prefiguring the later Schrems II ruling.
Read definition → EU Privacy LawEU Adequacy Decisions
European Commission decisions confirming that a non-EU country provides essentially equivalent data protection standards to GDPR, enabling free data flow without additional safeguards.
Read definition → EU Sovereign CloudCloud de Confiance (Trusted Cloud (FR))
French government certification scheme designating cloud providers structurally immune to foreign law (notably US CLOUD Act). Foundation for the broader EU sovereign-cloud pattern.
Read definition → EU CybersecurityBSI C5 (Cloud Computing Compliance Criteria Catalogue)
German federal cybersecurity standard for cloud services. The de facto baseline for serving German public-sector and regulated enterprise buyers.
Read definition → EU CybersecurityEUCS (European Cybersecurity Certification Scheme for Cloud Services)
Proposed pan-EU cloud cybersecurity certification scheme. Politically contested over sovereignty requirements; still in development as of 2026.
Read definition → EU CybersecurityENISA (European Union Agency for Cybersecurity)
EU agency responsible for cybersecurity policy, certification schemes, threat-landscape monitoring, and cross-border incident coordination. Headquartered in Athens.
Read definition → EU Sovereign CloudSecNumCloud (ANSSI Cloud Security Qualification)
French national cybersecurity agency cloud qualification combining high security baseline with strict sovereignty requirements. The technical foundation underlying the Cloud de Confiance label.
Read definition → US Surveillance LawFISA 702 (Foreign Intelligence Surveillance Act, Section 702)
US surveillance law authorizing bulk collection of non-US persons' communications from US-domiciled providers. The structural reason behind the Schrems-line invalidations of EU-US data transfer frameworks.
Read definition → Corporate GovernanceSteward Ownership (Verantwortungseigentum / Foundation Ownership)
Corporate ownership model where voting control is held in trust by parties bound to the company's mission, rather than by shareholders seeking value extraction. Patagonia, Bosch, Zeiss and (from May 2026) Infomaniak use this structure.
Read definition → EU CybersecurityCyber Solidarity Act (EU Cyber Solidarity Act)
EU regulation, adopted late 2024, creating a coordinated cross-Member-State mechanism for detecting, preparing for, and responding to large-scale cybersecurity incidents. Funds the European Cybersecurity Shield, a Cyber Emergency Mechanism, and the EU Cybersecurity Reserve of vetted private providers.
Read definition → EU Cybersecurity CertificationEUCC (European Cybersecurity Certification scheme on Common Criteria)
The first EU-wide cybersecurity certification scheme adopted under the Cybersecurity Act. For ICT products (hardware, software, components), based on Common Criteria, with substantial and high assurance levels. Sister to EUCS, which addresses cloud services.
Read definition → EU Data RegulationData Governance Act (Regulation (EU) 2022/868 (DGA))
EU regulation, in force since September 2023, establishing the framework for trustworthy data re-use, regulated data intermediation services, and data altruism. The governance-infrastructure layer beneath the Data Act and sectoral data spaces.
Read definition → EU Health DataEHDS (European Health Data Space (Regulation EU 2025/327))
EU regulation adopted March 2025 creating the European Health Data Space — harmonised rules for primary use (healthcare) and secondary use (research, policy, innovation) of electronic health data. The first operational sectoral data space under the DGA framework.
Read definition → EU AI RegulationAI Liability Directive (EU AI Liability Directive (proposed COM/2022/496))
Proposed EU directive that would harmonise non-contractual civil liability rules for damage caused by AI systems. Status as of 2026 is politically contested; closely related to the revised Product Liability Directive (in force October 2024).
Read definition → EU AI RegulationAI Office (European AI Office)
EU body responsible for implementing and enforcing the AI Act, particularly for general-purpose AI models. Established within DG CNECT, operational since 2024. Powers include GPAI classification, Codes of Practice development, sandbox coordination, and direct enforcement.
Read definition → EU Industrial PolicyCritical Raw Materials Act (EU Critical Raw Materials Act (Regulation 2024/1252, CRMA))
EU regulation, in force since May 2024, establishing a framework for secure and sustainable supply of strategic and critical raw materials. Lists 34 materials, sets 2030 benchmarks for domestic extraction (10%), processing (40%), and recycling (25%).
Read definition → EU Financial RegulationMiCA (Markets in Crypto-Assets Regulation (Regulation EU 2023/1114))
EU regulation establishing the framework for crypto-asset issuance, trading, and service provision. Adopted 2023, fully applicable since end-2024. Creates EU-wide regulated categories for crypto-asset service providers (CASPs) and significantly tightens stablecoin rules.
Read definition → EU Sustainability RegulationCSRD (Corporate Sustainability Reporting Directive (Directive EU 2022/2464))
EU directive expanding and strengthening corporate sustainability reporting requirements. Replaced the 2014 NFRD. Phased applicability since 2024, expanding to roughly 50,000 EU companies by 2028. Requires audited reporting against the ESRS standards on environmental, social, and governance impact.
Read definition → EU Digital IdentityEUDI Wallet (European Digital Identity Wallet (eIDAS 2.0 implementation))
Operational implementation of the digital-identity provisions of eIDAS 2.0. Every EU Member State must provide a free, voluntary digital wallet for citizens by end-2026 that holds identity attributes, qualified signatures, attestations and credentials usable across the EU.
Read definition → EU Consumer ProtectionRight to Repair Directive (EU Right to Repair Directive (Directive EU 2024/1799))
EU directive in force since May 2024, establishing the consumer right to demand repair from manufacturers beyond legal warranty for specific product categories. Combined with the Ecodesign for Sustainable Products Regulation, creates the EU circular-economy framework for consumer goods.
Read definition → EU AI RegulationAI Pact (EU AI Pact (voluntary AI Act compliance framework))
Voluntary EU framework launched by the AI Office in 2024 enabling AI providers and deployers to commit to early AI Act compliance ahead of mandatory deadlines. Over 100 signatories by 2026 including major foundation-model providers and European AI deployers.
Read definition → EU Critical InfrastructureCER Directive (Critical Entities Resilience Directive (Directive EU 2022/2557))
EU directive establishing harmonised rules to strengthen the resilience of entities providing essential services in 11 critical sectors. Sister regulation to NIS2 — where NIS2 addresses cybersecurity, the CER Directive addresses broader physical, hybrid, and operational resilience.
Read definition → EU Cybersecurity FrameworkEU Cybersecurity Act (EU Cybersecurity Act (Regulation EU 2019/881))
The 2019 EU regulation establishing the foundational framework for EU cybersecurity certification (under which EUCC, EUCS, and other sectoral schemes are adopted) and permanently establishing ENISA as the EU cybersecurity agency. The constitutional layer beneath the entire EU cybersecurity-certification architecture.
Read definition → EU Cloud SovereigntyEU Data Boundary (Microsoft EU Data Boundary (and similar US-hyperscaler offerings))
Microsoft commercial offering committing to store and process EU customer data within EU data centres. Similar arrangements offered by AWS (European Sovereign Cloud) and Google (Sovereign Controls). Important: data residency in EU does NOT change the underlying corporate jurisdiction of the US-domiciled service provider.
Read definition → EU Sustainability RegulationESPR (Ecodesign for Sustainable Products Regulation (Regulation EU 2024/1781))
EU regulation replacing the 2009 Ecodesign Directive. Establishes product-level sustainability requirements (durability, repairability, recyclability, energy efficiency) and creates the Digital Product Passport. Combined with the Right to Repair Directive, forms the operational core of EU circular-economy product policy.
Read definition →More entries are added as European tech and policy evolve. Have a term you'd like us to cover? Email hello@betterineurope.eu.