The GDPR is the EU's comprehensive data protection law governing how personal data of individuals in the EU is collected, processed, and secured. It has applied since 25 May 2018 and sets binding rules on lawful basis, consent, individual rights, security, and accountability. It is the global benchmark for privacy regulation.

eIDAS 2.0 establishes the European Digital Identity Framework, centered on the EU Digital Identity Wallet (EUDI Wallet) that lets citizens, residents, and businesses identify themselves and share verified attributes across the EU. It entered into force on 20 May 2024 and requires every Member State to offer at least one wallet by 2026.

NIS2 is the EU's cybersecurity directive raising security and incident-reporting obligations for essential and important entities across many critical sectors. Member States had to transpose it by 17 October 2024 and apply the measures from 18 October 2024. It significantly expands the scope of the original 2016 NIS Directive.

DORA is an EU regulation that strengthens the digital operational resilience of the financial sector, ensuring firms can withstand, respond to, and recover from ICT-related disruptions. It has applied since 17 January 2025 and harmonizes ICT risk management, incident reporting, resilience testing, and oversight of third-party providers.

PSD2 modernizes EU payment services and introduced Strong Customer Authentication (SCA) to reduce fraud in electronic payments. The SCA technical standards applied from 14 September 2019. SCA requires verifying the payer using at least two independent authentication factors plus dynamic linking for transactions.

The EU AI Act is the world's first comprehensive horizontal law governing artificial intelligence, using a risk-based approach that bans some uses outright, tightly regulates high-risk systems, and imposes transparency duties on others. It is especially relevant to identity because many of its strictest controls target biometric systems used to identify, categorize, or infer information about people. It entered into force on 1 August 2024 and applies in phases.