EU Regulators Focus on Cross-Regulatory Cooperation for Digital Laws

IAPP Privacy News

Published March 19th, 2026

Detected March 20th, 2026

Summary

The European Data Protection Board (EDPB) is increasing focus on cross-regulatory cooperation for EU digital laws, including the GDPR, AI Act, and Digital Markets Act. The EDPB is developing joint guidance with the European Commission on these interactions and on data protection and competition, aiming for consistent interpretation and enforcement.

View original document View source feed page

What changed

The European Data Protection Board (EDPB) has organized a workshop and established an expert subgroup to address the complex interplay between various EU digital regulations, including the GDPR, AI Act, and Digital Markets Act. This initiative aims to foster cross-regulatory cooperation and ensure consistent interpretation and enforcement of these laws, recognizing that the digital economy requires a unified approach. Joint guidance is being developed with the European Commission on the interactions between data protection and the AI Act, and the Digital Markets Act, with further guidance on data protection and competition expected soon.

This focus on regulatory harmony implies a need for regulated entities to understand how these different legal frameworks will be interpreted and enforced in conjunction. Companies should anticipate clearer guidelines on how data protection principles intersect with competition law and AI regulations. The emphasis on consistency suggests that enforcement actions may become more coordinated across different regulatory bodies, potentially leading to more comprehensive investigations and a greater need for robust compliance programs that address multiple regulatory domains simultaneously. The development of joint guidance indicates a move towards a more integrated regulatory landscape for digital services within the EU.

What to do next

Review upcoming joint guidance from the EDPB and European Commission on GDPR, AI Act, and DMA interactions.
Assess current data protection and competition compliance programs for potential overlaps and inconsistencies.
Monitor public consultation for joint guidelines on data protection and competition.

Source document (simplified)

OPINION Published

19 March 2026

Subscribe to IAPP Newsletters

Contributors:

Laura Pliauškaitė

European Operations Coordinator

IAPP

Editor's note

The IAPP is policy neutral. We publish contributed opinion pieces to enable our members to hear a broad spectrum of views in our domains.

The European Data Protection Board organized a 17 March workshop on cross-regulatory interplay and cooperation in the European Union, focusing on the data protection perspective.

EDPB Chair Anu Talus noted in her opening speech that the "digital economy does not operate in silos so nor should we." She stated the EDPB is taking the current EU digital regulatory complexity very seriously and recognizes the need for clarification and consistency.

Hence, the EDPB has set up an expert subgroup on cross-regulatory interplay and cooperation and is working on developing joint guidance with the European Commission on interactions between the EU General Data Protection Regulation and the AI Act, as well as the Digital Markets Act.

Guidance on the latter is expected to be published before the end of this year. Recently, the EDPB has also started working on another project with the Commission — joint guidelines on the interplay between data protection and competition, which will be open for public consultation soon.

Talus underlined that for different EU digital legal frameworks to work harmoniously, regulators must focus on shared interpretation, the three key principles of which are consistency, consistency and once again, consistency. She explained that to successfully navigate today's digital environment, frameworks must be mutually reinforced — authorities must be able to retain their mandates and at the same time have structured dialogues.

The EDPB workshop was divided into three panels, the first focusing on reaping the synergies between data protection and competition. During this panel, speakers discussed different approaches to cross-regulatory cooperation in the context of data protection and competition, comparing: the structured U.K. system, established through the Joint Statement of 2021; the case-by-case system in Germany, where authorities cooperate as issues arise; as well as the example of the Polish platform, which discusses all EU digital frameworks and their coherence.

Covington and Burling Partner Claudia Berg, who previously worked at the U.K. Information Commissioner's Office and the U.K. Competition and Markets Authority, highlighted that a key synergy shared by the frameworks is a wish for user choice and control, concluding that the more users understand what is happening to data, the more companies see data protection as a competitive advantage.

Head of European Competition Network and Private Enforcement Unit in the European Commission Massimiliano Kadar confirmed Berg's conclusion. "If data protection is valued by consumers, companies will develop products to respond to the needs of consumers," he said.

He also spoke about areas of interplay between the two frameworks, including the different focuses on consumer protection — fundamental freedoms versus contestable markets — and siloed remedies — competition investigations not interfering with data protection rights.

The speakers agreed the key to consistency is communication between regulators. It was also noted that the various enforcement authorities have something to learn from each other, mentioning the benefits of the EDPB's pooling of resources in cross-border cases.

Panelists recognized that for enforcement to work, clear priorities need to be set but authorities encounter certain issues, including resource allocation. It was also acknowledged that more needs to be done from each framework's side for personal data to work well for the market.

The second discussion followed the first panel's topic, but zoomed in on the relationship between the GDPR and the DMA. A key point raised was the importance of applying both instruments compatibly. There was a general agreement that joint DMA and GDPR guidelines are a good step toward clarification of the interplay between the two.

The final panel looked at the interplay between the GDPR and the Digital Services Act. Here, the Commission noted that the goal is to provide a consistent regulatory approach to industry. Among the challenges, a representative of the French Regulatory Authority for Audiovisual and Digital Communication mentioned different levels of maturity of the GDPR and the DSA, with some member states still falling behind when it comes to fully empowering their Digital Services Coordinators.

Moreover, the different governance structures were highlighted, with equal national regulators in each EU member state under the GDPR, and the Commission having the primary power to directly enforce the DSA for very large online platforms and very large online search engines.

An industry representative from the European Tech Alliance explained that organizations want to comply with digital EU laws — they dedicate 30% of their workforce to compliance issues. However, they also want to be competitive, and for that there is a need for clarity between texts and enforcement, and a true single market.

The event also featured two keynote speeches from the European Commission Executive Vice-President Henna Virkkunen and the European Parliament Committee on Civil Liberties, Justice and Home Affairs Chair Javier Zarzalejos.

The EDPB's workshop is part of its efforts to focus on cross-regulatory competition, a goal raised in its 2024-27 strategy as well as last year's Helsinki Statement. Talus concluded the event with a promise to continue guidance on the interplays between different pieces of EU digital legislation.

This article originally appeared in the Europe Data Protection Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.

This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.

Submit for CPEs