Your EU digital compliance briefing | Edition #004 | Monday, February 2, 2026

Every workday, we keep you current on EU digital regulation in 4 minutes.

Top Stories

AI Act High-Risk Classification Guidelines Due Today — 2 min read

Today is the Commission's statutory deadline under Article 6 of the AI Act to publish guidelines on classifying high-risk AI systems, together with a comprehensive list of practical examples of use cases that qualify as high-risk and those that do not. The guidelines must clarify two pathways to high-risk classification: AI that serves as a safety component in products covered by existing EU legislation (Annex I), and AI deployed in sensitive areas such as recruitment, healthcare, law enforcement, and critical infrastructure (Annex III). Crucially, Article 6(3) introduced an exception allowing Annex III systems to avoid the high-risk label if they do not materially influence decision-making outcomes — the guidelines should specify how that exception works in practice. Organizations deploying AI in these domains should monitor the AI Office's publication channels closely. The guidelines will shape compliance strategies ahead of the August 2, 2026 enforcement date for high-risk obligations, though the Digital Omnibus proposal could push that deadline to December 2027 for Annex III systems.

First Harmonised DSA Transparency Reports Due This Month — 1 min read

All intermediary service providers covered by the Digital Services Act face the end of February as the deadline for their first harmonised transparency reports. The Commission's implementing regulation, in effect since July 1, 2025, standardised reporting templates and periods after years of inconsistent, incomparable filings across the EU. Very large online platforms (VLOPs) and very large online search engines (VLOSEs) must cover the period from July 1 to December 31, 2025. Reports must be machine-readable and include content moderation actions taken, automated system accuracy rates, account terminations, and moderation team staffing. Non-compliance carries fines of up to 6% of global annual turnover.

Stat of the Day

<1%

The share of Facebook and Instagram users who opted for Meta's paid ad-free subscription when presented with the "consent or pay" choice between November 2023 and November 2024 — a figure the Commission cited in its April 2025 DMA non-compliance decision. (Source)

Data & Privacy

Meta's New Ad Consent Model Rolling Out to EU Users — Following its €200M DMA fine in April 2025, Meta began rolling out a new consent model in January giving Facebook and Instagram users a choice between fully personalised ads or limited personalisation with less data sharing. The Commission is actively monitoring whether the implementation complies with Article 5(2) of the DMA, after consumer group BEUC flagged dark patterns in Meta's earlier consent flows.

Digital Omnibus Proposes GDPR Changes for AI Training — The Commission's Digital Omnibus package, now before Parliament and Council, would introduce AI model training as a "legitimate interest" under the GDPR and create a new legal basis for processing special category data for AI purposes. Privacy advocates warn this could weaken data subject rights, while industry groups argue it is necessary for European AI competitiveness.

Cybersecurity

NIS2 Transposition Accelerates Across EU — Germany, Portugal, and Austria have now adopted national NIS2 implementing laws, while Spain, France, and Poland are nearing completion — all over a year past the October 2024 transposition deadline. Germany's Act, in force since December 6, 2025, introduces mandatory registration with the BSI and extensive operational and governance requirements for affected organizations.

DORA Year One: Compliance Gaps Persist — One year after DORA became applicable, most financial entities have established foundational compliance, but subcontracting rules and the Register of Information obligations remain the weakest areas. The ESAs are now focused on operationalizing oversight of designated critical third-party providers, with the first list of designations issued in November 2025.

Quick Hits

AI Act Transparency Code of Practice: Second Draft Underway — The feedback period for the first draft Code of Practice on AI-generated content closed on January 23, drawing 187 written submissions; the second version is now being developed ahead of a June 2026 finalisation target.

Digital Networks Act Proposed to Overhaul EU Telecoms Rules — The Commission on January 21 proposed the Digital Networks Act, merging four existing laws into a single regulation with a "Single Passport" authorization for pan-European operators and an EU-level satellite spectrum framework.

Compliance Calendar

Dates sourced from official EU publications and regulatory trackers. Verify with legal counsel before relying on deadlines.

Enforcement Tracker

Next edition: Tuesday, February 3, 2026

Was this useful? Forward to a colleague who needs to stay compliant.

Subscribe | Unsubscribe