The interstices of EU digital responsibility

Within a stone wall, interstices are the spaces that allow flexibility and the ability for it to withstand damage. Within the wall of digital legislation that the EU has constructed, the intervening gaps between laws can bring stability to the regulation of the digital realm. 

As new digital laws continue to come into force and undergo reform, from the proposals of the Digital Omnibus and Digital Omnibus on AI aimed at overall simplification to the proposed Digital Fairness Act's combatting of dark patterns and addictive design, the regulatory landscape is becoming more complex. It is worth taking a step back to look at how the interstices of the EU's digital acquis are creating spaces for new modes of compliance to emerge. 

The EU Digital Laws Report 2025 and the mapping of these various digital interplays found consequential interactions between the rules of the EU General Data Protection Regulation and requirements of these new digital laws regarding data access and use, transparency, data portability, profiling and legal bases for the processing of personal data, among other issues.

The GDPR cornerstone

What began with the GDPR's focus on the protection of personal data as a fundamental human right now also encompasses nonpersonal and business data. In addition, the scope of regulation has expanded from controllers and processors to now include a broad swathe of new entities — gatekeepers, data intermediaries, data altruism organizations, manufacturers of connected products, online platforms, and providers and deployers of AI systems and models.