Glossary of EU Digital Law Terms

Key legal, institutional, procedural, and policy terms used across EU digital law, with selected examples from legislation covered on NormaGrid.

Definitions are simplified for clarity. Always refer to the relevant EU legal text for authoritative wording.

Regulation (EU): A binding legislative act that is directly applicable in all EU Member States without requiring national transposition. Examples: GDPR, AI Act, DMA.
Directive (EU): A legislative act that sets objectives Member States must achieve, but leaves them free to choose how to transpose it into national law. Examples: NIS2, Copyright Directive.
Decision (EU): A binding EU legal act addressed to specific persons, companies, or Member States, or to all of them depending on its wording.
Delegated Act: A non-legislative act adopted by the European Commission to supplement or amend non-essential elements of EU legislation, subject to European Parliament and Council oversight.
Implementing Act: An act adopted by the European Commission to ensure uniform implementation of EU legislation across Member States.
Recital: An explanatory paragraph in the preamble of EU legislation that provides context for interpreting the operative provisions but is not legally binding on its own.
Article: A numbered provision in a legal act that sets out operative rules, obligations, rights, or procedures.
Annex: A supplementary part of a legal act containing technical details, lists, templates, or additional requirements.
Official Journal of the European Union (OJ): The EU's official publication in which legislation, notices, and other legally relevant texts are published.

European Commission: The EU institution that proposes legislation, oversees the application of EU law, and adopts certain delegated and implementing acts.
European Parliament: The EU institution directly elected by citizens that shares legislative and budgetary powers with the Council.
Council of the European Union: The institution representing Member State governments that adopts legislation and coordinates policies with the European Parliament.
Court of Justice of the European Union (CJEU): The EU court that interprets EU law and ensures that it is applied consistently across Member States.
National Competent Authority: A national public authority designated to supervise, implement, or enforce legal obligations in a particular field.
National Supervisory Authority: An independent or designated national body responsible for monitoring compliance and taking supervisory action where required by law.
ENISA (European Union Agency for Cybersecurity): The EU agency that supports cybersecurity policy, operational cooperation, capacity building, and guidance across the Union.
EDPB (European Data Protection Board): The EU body that promotes consistent application of data protection rules and issues guidance, recommendations, and decisions within its mandate.

Transposition: The process by which a Member State converts the requirements of an EU directive into national law.
Entry into Force: The date on which a legal act becomes legally valid and part of the applicable legal framework.
Date of Application: The date from which the substantive provisions of a legal act must be applied in practice.
Enforcement: The use of supervisory, administrative, or judicial powers to ensure compliance with legal obligations.
Guidance: Non-binding explanatory material issued by institutions or authorities to clarify how legal rules may be interpreted or applied.
Implementing Standards: Detailed technical or procedural specifications adopted to support consistent implementation of legal requirements.
Harmonised Standard: A European standard adopted by a recognised standards body that can help demonstrate compliance with applicable EU legislation.
Conformity Assessment: A process used to verify that a product, service, or system meets applicable legal or technical requirements.

Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on data, such as collection, storage, use, disclosure, or deletion.
Interoperability: The ability of different systems, services, or organisations to exchange information and use it effectively.
Digital Services: Services delivered through electronic means, typically over networks, software platforms, or online interfaces.
Online Platform: A digital service that enables users to access, distribute, or interact with information, goods, or services through an online interface.
Risk-Based Approach: A method of applying obligations, controls, or oversight in proportion to the likelihood and severity of potential harm.
Transparency: The principle that relevant information about rules, decisions, processes, or system operation should be made clear and accessible.
Traceability: The ability to identify the origin, movement, or history of a product, process, transaction, or data flow.
Accountability: The principle that organisations must be able to explain, justify, and evidence their compliance decisions and controls.
Due Diligence: A structured process of checking, assessing, and managing legal, operational, or compliance risks before and during an activity.