Navigate 19+ regulatory frameworks with structured, queryable access to every article, recital, and amendment — sourced verbatim from EUR-Lex.
The European Union has the most comprehensive regulatory framework in the world. Every business operating in or serving EU customers must navigate a complex web of regulations covering data protection, cybersecurity, AI governance, financial services, sustainability, product safety, and digital markets. These regulations overlap, interact, and evolve constantly — making compliance a continuous challenge.
The GDPR (EU) 2016/679 is the cornerstone of data protection in the EU. It governs how organizations collect, process, and store personal data of EU residents, with fines up to €20M or 4% of global turnover.
The NIS2 Directive (EU) 2022/2555 strengthens cybersecurity requirements for essential and important entities across the EU, with fines up to €10M or 2% of global turnover and management liability.
The CRA (EU) 2024/2847 establishes mandatory cybersecurity requirements for all products with digital elements sold in the EU, covering design, development, production, and the entire product lifecycle.
The EU AI Act (EU) 2024/1689 is the world's first comprehensive AI regulation, establishing a risk-based framework for AI systems placed on the EU market with fines up to €35M or 7% of global turnover.
DORA (EU) 2022/2554 establishes uniform ICT risk management requirements for the EU financial sector, covering banks, insurers, investment firms, and their ICT third-party providers.
The DSA (EU) 2022/2065 establishes obligations for digital services providers in the EU, with specific rules for online platforms, marketplaces, and very large online platforms (VLOPs).
The eIDAS Regulation establishes a legal framework for electronic identification, authentication, and trust services across the EU, enabling cross-border digital transactions.
eIDAS 2.0 amends the original eIDAS to introduce the EU Digital Identity Wallet, enabling citizens and businesses to store and share identity credentials across the EU.
The Digital Markets Act imposes ex-ante obligations on gatekeepers — large platforms controlling core platform services — to ensure fair and contestable digital markets in the EU.
The EU Data Act establishes rules on fair access to and use of data generated by connected products and related services, empowering users and enabling data sharing.
The Data Governance Act creates a framework for data intermediaries, data altruism, and re-use of protected public sector data, fostering trust in voluntary data sharing across the EU.
The CER Directive establishes obligations for EU Member States and critical entities to enhance the physical resilience of essential services across 11 sectors.
PSD2 regulates payment services in the EU, introducing open banking through mandatory access to bank accounts for third-party providers and strong customer authentication.
MiCA establishes a comprehensive regulatory framework for crypto-asset issuers and service providers in the EU, covering stablecoins, utility tokens, and CASPs.
The EU Cybersecurity Act establishes a permanent mandate for ENISA and creates an EU-wide cybersecurity certification framework for ICT products, services, and processes.
The ePrivacy Directive governs privacy in electronic communications, establishing rules on cookies, direct marketing, traffic data, and confidentiality of communications.
The Radio Equipment Directive sets essential requirements for radio equipment placed on the EU market, including cybersecurity, privacy, and interoperability obligations.
The CSRD expands mandatory ESG disclosure requirements for EU companies, requiring detailed sustainability reporting aligned with European Sustainability Reporting Standards.
EU regulations don't operate in isolation. A single business may be subject to obligations under GDPR for data protection, NIS2 for cybersecurity, the AI Act for automated systems, the DSA for online services, and the CSRD for sustainability reporting. The real challenge isn't just complying with one regulation — it's understanding how they interact and where obligations overlap.
There are 19+ active EU regulatory frameworks relevant to businesses, including GDPR, NIS2, AI Act, DORA, CRA, DSA, CSRD, MiCA, eIDAS, DMA, Data Act, Data Governance Act, CER, PSD2, ePrivacy, RED, CSA, and more. The exact number depends on your sector and activities.
Every business processing EU personal data must comply with GDPR. Cloud services face NIS2. AI systems fall under the AI Act. Financial entities comply with DORA. Connected products must meet CRA requirements. Online platforms face DSA obligations. Law4Devs helps you identify exactly which regulations apply to your specific activities.
Compliance costs vary by regulation and business size. Law4Devs provides access to all 19+ frameworks starting at €29/month — significantly less than the cost of separate legal consultations for each regulation.
One platform. Every regulation. Structured JSON from EUR-Lex — updated automatically.