%20(A2%20(Landscape))%20(5).png)
EU Level
New rules for cross-border GDPR enforcement :The EU adopted procedural rules (Regulation (EU) 2025/2518) that will reshape how cross-border GDPR cases are handled. It applies from 2 April 2027, so there is runway, but the direction is clear.
Data Act Legal Helpdesk launches : On 16 December 2025, the Commission launched a Legal Helpdesk for practical questions on the Data Act.
DSA becomes a test-bed for AI-driven influence ops: Poland has asked the Commission to investigate TikTok after AI-generated “Polexit” content went viral. Poland frames it as systemic risk and foreign interference, and points to TikTok’s VLOP duties under the DSA.
Sweden Level
GDPR in Sweden, expect sharper “enforcement vs guidance” separation : IMY reorganised on 1 Jan into one division for supervision/complaints and one for guidance/innovation/tech. That should improve routing, but it also makes the enforcement track more explicit.
NIS2 is no longer “coming”. It starts 15 January : Sweden’s Cybersäkerhetslag (SFS 2025:1506) enters into force on 15 Jan 2026. The practical pain points will be whole-entity scope, minimum measures, and incident reporting timelines.
%20(A2%20(Landscape))%20(4).png)
%20(A2%20(Landscape))%20(6).png)
%20(A2%20(Landscape))%20(7).png)
