ZVEI
Inconsistencies in EU digital regulation
A ZVEI position paper reveals considerable ambiguities and overlaps, for example between the GDPR and the Data Act, the Cyber Resilience Act (CRA) and the Ecodesign Regulation (ESPR), as well as between the Radio Equipment Directive (RED) and the CRA. The ZVEI is calling for these to be cleared up.
"Europe must now also start the efficiency turnaround in the digital sector," demands Wolfgang Weber, Chairman of the ZVEI Executive Board. "It is now up to the future EU Commission to implement the many laws that have been introduced over the past five years, to check for inconsistencies and duplications and, if necessary, to clean them up." This is particularly necessary in the area of EU digital regulations. A ZVEI position paper published on 11.9.24 lists the sometimes considerable ambiguities and overlaps between the GDPR and the Data Act, as well as the Cyber Resilience Act (CRA) and the Ecodesign Regulation and also between the Radio Equipment Directive (RED) and the CRA.
Contrasts between the GDPR and the Data Act - an example
"Due to such legal uncertainties and ambiguities, the affected companies will face a high burden when the legal acts gradually come into force," explains Weber. In case of doubt, there will be double conformity assessments or compliance with the requirements of one law will result in a breach of the requirements of another, which will be subject to a fine. "At best, this is simply unnecessary bureaucracy and, at worst, bad regulation that companies can hardly comply with. This has nothing to do with competitive framework conditions to promote digital business models."
The maintenance of a networked coffee machine in the office serves as an example of the conflicting requirements of the GDPR and the Data Act in the B2C sector in multi-person relationships. According to the GDPR, the owner or operator of the machine, i.e. the data controller, would have to obtain consent from all users - including potential users - to the use of the data for maintenance by third parties. This is not only impractical, but also generates unnecessary bureaucracy. Weber comments: "The Data Act was actually intended to promote the exploitation of such data treasures for business models, such as the predictive and efficient maintenance of machines. Currently, however, this is already being slowed down in such everyday applications." The ZVEI is therefore calling for a pragmatic adaptation of the GDPR to 'enabling data protection'.
Further examples of inconsistency can be seen in security updates for smartphones. The CRA stipulates that security vulnerabilities must be closed via security updates. However, the ESPR states that the performance of a product must not be impaired by software and firmware updates. Manufacturers are caught between a rock and a hard place, says Weber, and are (currently) having to weigh up security against usability themselves. "This ambiguity must be resolved in the sense that the CRA specifications on security vulnerabilities take precedence over the ESPR specifications on product functionalities and performance."
Attractiveness of the location for investments must be increased
The digital single market is an important factor for competitiveness and holds enormous potential for value creation - especially with regard to Europe's sustainability goals. In the view of the ZVEI, the key regulatory elements in the area of digitalization have now been comprehensively covered. "Now the efficient, legally compliant interlocking of these packages must be ensured," says Weber. "So that new innovation spaces are created and the attractiveness of the location for investments is increased."













