nudgecompliant
Global compliance guide

EU Technology Compliance Hub

Plain English guide to tech regulation in the EU — updated July 2026

Start your free EU compliance audit

1. EU AI Act

What it is
A risk-based framework for developing, supplying, and using AI in the European Union.
Who it applies to
AI providers, deployers, importers, and distributors in the EU, plus overseas organisations whose AI output is used in the EU.
Key deadlines
Phased application began in 2025. Major transparency duties apply from 2 August 2026; additional high-risk duties phase in through 2027.
Penalties for non-compliance
Depending on the breach, fines can reach €35 million or 7% of worldwide annual turnover.

Not sure if this applies to you? The free audit takes 4 minutes.

Find out where you stand →

2. NIS2

What it is
Cybersecurity governance, risk-management, supply-chain, and incident-reporting rules for important and essential entities.
Who it applies to
Medium and large organisations in covered sectors, plus some critical entities regardless of size.
Key deadlines
Member states were due to transpose NIS2 by 17 October 2024. National registration and implementation dates vary.
Penalties for non-compliance
Maximum administrative fines can reach €10 million or 2% of worldwide annual turnover for essential entities.

Not sure if this applies to you? The free audit takes 4 minutes.

Find out where you stand →

3. DORA

What it is
A harmonised digital operational-resilience framework for the EU financial sector.
Who it applies to
Banks, insurers, investment firms, payment providers, crypto-asset providers, and relevant ICT suppliers.
Key deadlines
Applied from 17 January 2025; registers, contracts, testing, governance, and incident processes must remain current.
Penalties for non-compliance
Financial penalties and supervisory measures vary by member state; critical ICT providers can face periodic payments.

Not sure if this applies to you? The free audit takes 4 minutes.

Find out where you stand →

4. GDPR

What it is
The EU's core framework for lawful, fair, transparent, and secure personal-data processing.
Who it applies to
EU controllers and processors, plus overseas organisations offering goods or services to or monitoring people in the EU.
Key deadlines
Ongoing. Certain breaches must be reported within 72 hours, and data-subject requests usually within one month.
Penalties for non-compliance
Serious infringements can attract fines up to €20 million or 4% of worldwide annual turnover.

Not sure if this applies to you? The free audit takes 4 minutes.

Find out where you stand →

5. EU Machinery Regulation

What it is
Safety and conformity rules for machinery, including connected, autonomous, and AI-enabled products.
Who it applies to
Manufacturers, importers, distributors, and other economic operators placing machinery in the EU market.
Key deadlines
Regulation (EU) 2023/1230 generally applies from 20 January 2027.
Penalties for non-compliance
Member states set effective and proportionate penalties, alongside withdrawal, recall, and market-access action.

Not sure if this applies to you? The free audit takes 4 minutes.

Find out where you stand →

6. EU Data Act

What it is
Rules for access to and use of connected-product data, cloud switching, and unfair data-contract terms.
Who it applies to
Manufacturers of connected products, related service providers, data holders, users, and cloud providers.
Key deadlines
Most provisions applied from 12 September 2025, with some product-design duties applying later.
Penalties for non-compliance
Member-state penalties apply; personal-data breaches can also trigger GDPR-level sanctions.

Not sure if this applies to you? The free audit takes 4 minutes.

Find out where you stand →

Operating across borders?

Operating across multiple jurisdictions? NudgeCompliant maps your obligations across all of them in one audit.

Start your free EU compliance audit

Related regulation hubs

This guide is for information only — not legal advice. Requirements change, so confirm critical decisions with a qualified professional.

Find out where you stand. About 4 minutes.

Tell us what technology you use and where you operate. Get a plain-English readout of what matters — and what doesn't.

Check my tools →

No account. No card. Start with the obligations that matter now.