{"id":10166,"date":"2026-01-16T17:39:13","date_gmt":"2026-01-16T16:39:13","guid":{"rendered":"https:\/\/evidency.io\/cybersecurite-reglementations-europeennes-mica-dga-cra-data-act-ia-act\/"},"modified":"2026-02-06T09:51:25","modified_gmt":"2026-02-06T08:51:25","slug":"european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act","status":"publish","type":"post","link":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/","title":{"rendered":"MiCA, DGA, CRA, Data Act, AI Act: challenges, opportunities and perspectives"},"content":{"rendered":"<p id=\"block-e4a77464-e28e-409b-bc11-8aec5f9bbc1c\"><strong>Key takeaways on these European regulations<\/strong><\/p>\n\n\n\n<ul id=\"block-307409ab-c028-4918-93d8-05e12191131f\" class=\"wp-block-list\">\n<li>The European cybersecurity strategy seeks to establish a harmonised regulatory framework that supports digital development while strengthening security, user trust and user protection.<\/li>\n\n\n\n<li>The MiCA Regulation and the Cyber Resilience Act enhance user trust by imposing strict rules on crypto-assets and on the cybersecurity of digital products throughout their lifecycle.<\/li>\n\n\n\n<li>The Digital Governance Act and the Data Act organise regulated access to and sharing of data in order to stimulate the data economy, while respecting the GDPR and European sovereignty.<\/li>\n\n\n\n<li>The AI Act introduces a risk-based approach to the regulation of artificial intelligence, with graduated obligations depending on the impact of systems on fundamental rights and security.<\/li>\n\n\n\n<li>Taken together, these instruments provide for dissuasive financial penalties and require organisations to anticipate compliance challenges through strong governance arrangements and enhanced cybersecurity measures.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"titre1\">Establishing user trust<\/h2>\n\n\n\n<p id=\"block-54e1b8ea-b8c4-48c5-a77b-fd715cf19ec0\">One of the shared features of these various regulations is their aim to promote and strengthen user trust and protection. This is notably the case with the MiCA Regulation (Markets in Crypto-Assets), which forms part of the Digital Finance Package [9]. That legislative package seeks to harmonise the issuance of, and services relating to, crypto-assets, as well as token-based fundraising, by providing a coherent and reinforced legal framework designed to enhance user protection.<br>Article 3(1)(5) of the MiCA Regulation therefore defines a crypto-asset as \u201ca digital representation of value or of a right which may be transferred and stored electronically, using distributed ledger technology or similar technology\u201d. Article 3(1)(9) adds that a utility token is \u201ca type of crypto-asset intended solely to provide access to a good or a service supplied by its issuer\u201d [10].<br>In order to enable financial markets to structure themselves, the Autorit\u00e9 des march\u00e9s financiers [11] has published an implementation timetable for the MiCA Regulation.<\/p>\n\n\n\n<p id=\"block-54e1b8ea-b8c4-48c5-a77b-fd715cf19ec0\"><\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"791\" height=\"242\" src=\"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/Schema-calendrier-reglement-MiCA.webp\" alt=\"Sch\u00e9ma calendrier reglement MiCA\" class=\"wp-image-10120\"><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p id=\"block-8d7c175e-af28-46a1-98a6-f48ef9ad2d1d\">Accordingly, from 30 December 2024, only crypto-asset service providers (CASPs) that have obtained prior authorisation may provide such services. In this context, the Autorit\u00e9 des march\u00e9s financiers warns users against the activities of unauthorised operators and supports service providers in their compliance efforts [12]. One of the objectives of this regulation is to ensure the traceability of crypto-asset transfers in the same manner as any other transaction, in order to combat market manipulation, money laundering, terrorist financing and other criminal activities.<br>Regarding digital products (software and hardware), the European Commission has also opted for a regulatory instrument. The recently adopted Cyber Resilience Act is intended to establish the framework required for the development of secure products, by ensuring that they are placed on the market with fewer vulnerabilities and that manufacturers remain responsible for their security throughout their lifecycle. To that end, the regulation introduces cybersecurity requirements for products (both hardware and software) covering their entire lifecycle. It sets out a series of specific criteria with which products containing digital elements that are manufactured or distributed within the internal market must comply. All economic operators in the supply chain are subject to these requirements, including manufacturers, distributors and importers. This comprehensive approach represents a new regulatory method. The provisions of this regulation interact with other European instruments, in particular the so-called <a href=\"https:\/\/evidency.io\/en\/nis-2-directive-compliance\/\">NIS 2 Directive<\/a>, which aims to raise the overall level of security within the Member States [13]. NIS 2 establishes cybersecurity requirements, including supply-chain security measures and incident notification obligations, for essential and important entities, with a view to increasing the resilience of the services they provide. As a result, improving the cybersecurity level of products containing digital elements facilitates compliance for entities within the scope of the NIS 2 Directive and strengthens security across the entire supply chain.<br>Finally, the Cyber Resilience Act seeks to create the conditions under which users can make cybersecurity a genuine factor in the selection and use of products containing digital elements. It therefore constitutes a key regulatory instrument for user trust.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"titre2\">A regulated transparency<\/h2>\n\n\n\n<p id=\"block-c2f5787b-3b6b-45f5-849d-5e9d9167feae\">The Digital Governance Act and the Data Act both seek to promote access to, sharing and re-use of data within the EU, while respecting the protection of personal data, in particular under the <a href=\"https:\/\/evidency.io\/en\/gdpr-consent-proof-qualified-timestamping-electronic-seal\/\">General Data Protection Regulation (GDPR) <\/a>[14]. These two instruments form part of the European data strategy [15], which aims to strengthen the EU\u2019s competitiveness and sovereignty. In other words, their purpose is to establish a harmonised framework enabling economic operators and EU Member States to harness the potential of data and to foster innovation, notably in areas such as health, mobility and climate change adaptation.<br>On the one hand, one of the principal objectives of the DGA is to encourage public sector bodies to allow the re-use of data and to provide a framework to improve the availability of such data, by fostering trust in data intermediaries and strengthening existing data-sharing mechanisms. The DGA also allows companies to re-use data held by public sector bodies, including so-called \u201cprotected data\u201d. Such data may, however, only be re-used subject to certain conditions, in particular that it has been processed in advance so that it no longer contains personal data (anonymisation obligation), and that it does not undermine trade secrets or intellectual property rights. It should be recalled that, under the Regulation, data altruism refers to the voluntary sharing of data by individuals or companies for purposes of general interest (for example, public health or the fight against climate change).<br>On the other hand, according to the CNIL [16], the objective of the Data Act is to ensure a fairer distribution of the value generated from the use of personal and non-personal data among participants in the data economy, particularly in connection with the use of connected devices and the development of the Internet of Things. In addition, Article 25 of the Data Act seeks to promote competition in the cloud market by reducing barriers to switching from one cloud service provider to another. In this respect, it provides for the complete removal of data egress fees and provider switching charges three years after its entry into force [17].<br>These two instruments reflect a broader intention to define a harmonised regulatory framework for access to, sharing and (re-)use of data, aligned with the GDPR and the purpose for which the data is used. They must also be considered alongside the European regulation on artificial intelligence and its risk-based approach.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"titre3\">A systematised risk-based approach<\/h2>\n\n\n\n<p id=\"block-7de589ff-dfa1-4209-864a-a9050c9bde18\">The use of artificial intelligence (AI) has increased significantly in recent years and continues to expand across all sectors and types of activity. These uses are not without risk and raise legal issues, particularly in relation to fundamental rights (non-discrimination, respect for private life), the protection of personal data, intellectual property rights and related matters. By establishing a harmonised legal framework within the EU, the European regulation on artificial intelligence (the <a href=\"https:\/\/evidency.io\/en\/ia-act-eu-compliance-risks\/\">AI Act<\/a>) seeks to promote the development of \u201ctrustworthy\u201d AI and innovation in the field of AI within the European Union, while respecting its fundamental rights and values (\u201cincluding democracy, the rule of law and environmental protection [\u2026]\u201d) [18]. These objectives are consistent with those of the Council of Europe and of the Council of Europe Framework Convention on Artificial Intelligence [19], which aims to ensure that activities carried out throughout the lifecycle of AI systems are fully compatible with human rights.<br>The Regulation is based on a risk-based approach to AI and introduces a distinction between AI systems according to the risks they pose to \u201cthe health, safety or fundamental rights of persons\u201d: unacceptable risk, high risk, and limited or minimal risk. Depending on the risks involved, AI systems are either prohibited outright [20] or permitted subject to specific obligations.<br>By way of illustration, the AI Regulation sets out specific requirements applicable to high-risk AI systems. In order to be placed on the market, such systems must in particular meet the following requirements:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Appropriate systems for risk assessment and risk mitigation;<\/li>\n\n\n\n<li>High-quality datasets used to train the system, in order to minimise risks and discriminatory outcomes;<\/li>\n\n\n\n<li>Logging of activities to ensure traceability of results;<\/li>\n\n\n\n<li>Detailed documentation providing all information necessary about the system and its intended purpose to enable authorities to assess <a href=\"https:\/\/evidency.io\/en\/reliable-audit-trail\/\">compliance<\/a>;<\/li>\n\n\n\n<li>A high level of reliability, security and accuracy; etc.<\/li>\n<\/ul>\n\n\n\n<p id=\"block-0c468f0f-8aa1-4641-bdd1-608117b035ee\">Entities will therefore need to adapt both at the design stage and throughout their internal processes, and to implement a range of mechanisms to remain compliant.<\/p>\n\n\n\n<p id=\"block-0c468f0f-8aa1-4641-bdd1-608117b035ee\">As regards limited-risk AI systems, these are subject to specific transparency obligations, in particular:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Informing users when they are interacting with AI systems such as chatbots, so that they are aware of the use of AI;<\/li>\n\n\n\n<li>Ensuring that <a href=\"https:\/\/evidency.io\/en\/ai-proof-human-intervention\/\">AI-generated content<\/a> is identifiable by providers;<\/li>\n\n\n\n<li>Labelling AI-generated text published for the purpose of informing the public on matters of public interest as artificially generated.<\/li>\n<\/ul>\n\n\n\n<p id=\"block-4f245395-7613-4d5a-acb1-9694cc79156d\">Finally, minimal-risk or no-risk AI systems account for the vast majority of AI systems currently used within the EU (for example, AI-based gaming applications or spam filters). This ambitious regulation will be implemented over several years, and the European Commission intends to secure the support of the various stakeholders. The AI Pact therefore encourages the adoption of this approach within organisations [21].<br>Thus, although the European approach is based on the adoption of a number of legislative instruments, forming the pieces of a broader regulatory framework, another common feature can be identified: all of these texts provide for significant administrative penalties, following an initial period allowing organisations to achieve compliance with guidance and support from the authorities.<br>For example, the Cyber Resilience Act provides that, in the event of non-compliance, economic operators may be subject to fines of up to EUR 15 million or 2.5% of total worldwide annual turnover for the preceding financial year, whichever is higher. In addition, a product deemed non-compliant or presenting a risk may be subject to restrictive measures, including withdrawal from the market, imposed by the market surveillance authorities designated by the Member States.<br>As regards the AI Regulation, Article 99 provides that, in relation to prohibited AI practices, administrative fines may reach up to EUR 35 million or, where the infringer is an undertaking, up to 7% of its total worldwide annual turnover for the preceding financial year, whichever is higher. Non-compliance with provisions of the Regulation other than those set out in Article 5 may result in an administrative fine of up to EUR 15 million or, where the infringer is an undertaking, up to 3% of its total worldwide annual turnover for the preceding financial year, whichever is higher.<br>In addition, the provision of inaccurate, incomplete or misleading information to notified bodies or competent national authorities in response to a request may give rise to an administrative fine of up to EUR 7.5 million or, where the infringer is an undertaking, up to 1% of its total worldwide annual turnover for the preceding financial year, whichever is higher.<\/p>\n\n\n\n<p><strong>Conclusion<\/strong><\/p>\n\n\n\n<p id=\"block-4f245395-7613-4d5a-acb1-9694cc79156d\">In conclusion, notwithstanding its complexity, regulatory harmonisation is underway, with clearly defined scopes of application. Taken together, these instruments seek to establish an overarching regulatory framework that ensures citizens and market participants have access to secure digital services, fair competition, enhanced cybersecurity, and respect for fundamental rights, personal data protection and sustainability objectives. Training and awareness-raising across all stakeholders are therefore imperative in order to address effectively the challenges and business opportunities pursued by these texts.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-background wp-element-button\" href=\"https:\/\/evidency.io\/en\/contact-evidency\/\" style=\"background-color:#0c0171\">Anticipate European requirements: speak with our experts<\/a><\/div>\n<\/div>\n\n\n\n<p><strong>References<\/strong><\/p>\n\n\n\n<p>[1] Les Assises de la cybers\u00e9curit\u00e9 (France)<br>Annual French cybersecurity conference<br>https:\/\/www.lesassisesdelacybersecurite.com\/<\/p>\n\n\n\n<p>[2] Directive (EU) 2022\/2555 on measures for a high common level of cybersecurity across the Union (NIS 2 Directive)<br>https:\/\/eur-lex.europa.eu\/legal-content\/FR\/TXT\/PDF\/?uri=CELEX:32022L2555<\/p>\n\n\n\n<p>[3] Regulation (EU) 2022\/2554 on digital operational resilience for the financial sector (DORA Regulation)<br>https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32022R2554&amp;from=FR<\/p>\n\n\n\n<p>[4] Regulation (EU) 2023\/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets (MiCA Regulation), OJ L 150\/40, 9 June 2023<\/p>\n\n\n\n<p>[5] Regulation (EU) 2022\/868 on European data governance (Data Governance Act \u2013 DGA)<br>https:\/\/eur-lex.europa.eu\/legal-content\/FR\/TXT\/PDF\/?uri=CELEX:32022R0868<\/p>\n\n\n\n<p>[6] Regulation (EU) 2023\/2854 of 13 December 2023 on harmonised rules on fair access to and use of data (Data Act), amending Regulation (EU) 2017\/2394 and Directive (EU) 2020\/1828<br>https:\/\/eur-lex.europa.eu\/legal-content\/FR\/TXT\/PDF\/?uri=OJ:L_202302854<\/p>\n\n\n\n<p>[7] Regulation on cybersecurity requirements for products with digital elements (Cyber Resilience Act)<br>Council of the European Union \u2013 press release<br>https:\/\/www.consilium.europa.eu\/fr\/press\/press-releases\/2024\/10\/10\/cyber-resilience-act-council-adopts-new-law-on-security-requirements-for-digital-products\/<\/p>\n\n\n\n<p>[8] Regulation laying down harmonised rules on artificial intelligence (Artificial Intelligence Act \u2013 AI Act)<br>https:\/\/eur-lex.europa.eu\/legal-content\/FR\/TXT\/PDF\/?uri=OJ:L_202401689<\/p>\n\n\n\n<p>[9] European Commission \u2013 Digital Finance Package<br>https:\/\/finance.ec.europa.eu\/publications\/digital-finance-package_en<\/p>\n\n\n\n<p>[10] Non-fungible tokens (NFTs) are excluded from the scope of the MiCA Regulation.<\/p>\n\n\n\n<p>[11] Autorit\u00e9 des march\u00e9s financiers (AMF \u2013 France)<br>MiCA implementation timetable<br>https:\/\/www.amf-france.org\/fr\/actualites-publications\/dossiers-thematiques\/mica#Calendrier_dapplication_du_rglement_MiCA<\/p>\n\n\n\n<p>[12] Autorit\u00e9 des march\u00e9s financiers (AMF \u2013 France)<br>Public warning regarding unauthorised crypto-asset activities<br>https:\/\/www.amf-france.org\/fr\/actualites-publications\/communiques\/communiques-de-lamf\/crypto-actifs-lautorite-des-marches-financiers-met-en-garde-le-public-contre-les-activites-de-0<\/p>\n\n\n\n<p>[13] The NIS 2 Directive, which will apply from 17 October 2024, is currently being transposed into national law by the Member States. Definitions of key concepts such as \u201cvulnerability\u201d and \u201cincident\u201d derive from this Directive and serve as reference points for defining product security criteria.<\/p>\n\n\n\n<p>[14] Regulation (EU) 2016\/679 (General Data Protection Regulation \u2013 GDPR)<br>https:\/\/eur-lex.europa.eu\/legal-content\/FR\/TXT\/?uri=CELEX%3A32016R0679<\/p>\n\n\n\n<p>[15] European Commission \u2013 European Data Strategy<br>https:\/\/commission.europa.eu\/strategy-and-policy\/priorities-2019-2024\/europe-fit-digital-age\/european-data-strategy_fr#gouvernance-des-donn%C3%A9es<\/p>\n\n\n\n<p>[16] Commission nationale de l\u2019informatique et des libert\u00e9s (CNIL \u2013 France)<br>Position on the European data strategy and the Data Governance Act<br>https:\/\/www.cnil.fr\/fr\/strategie-europeenne-pour-la-donnee-la-cnil-et-ses-homologues-se-prononcent-sur-le-data-governance<\/p>\n\n\n\n<p>[17] The Data Act will enter into force in 2025. On 6 September 2024, the European Commission published a set of FAQs to assist stakeholders in understanding the scope and implications of the Regulation.<br>https:\/\/digital-strategy.ec.europa.eu\/en\/library\/commission-publishes-frequently-asked-questions-about-data-act<\/p>\n\n\n\n<p>[18] Recital 1, Artificial Intelligence Act<\/p>\n\n\n\n<p>[19] Council of Europe \u2013 Framework Convention on Artificial Intelligence<br>https:\/\/rm.coe.int\/1680afae3d<\/p>\n\n\n\n<p>[20] Article 5 of the Artificial Intelligence Act (prohibited AI practices)<\/p>\n\n\n\n<p>[21] European Commission \u2013 AI Pact<br>https:\/\/digital-strategy.ec.europa.eu\/fr\/policies\/ai-pact<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p id=\"block-9afd0a5f-c385-4d58-940d-54b92facab74\"><em><strong>Disclaimer<\/strong><\/em><\/p>\n\n\n\n<p id=\"block-e56be5f1-a16c-4cbe-b81c-2d5d4c233df4\"><em>The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.<\/em><\/p>\n\n\n\n<p id=\"block-e56be5f1-a16c-4cbe-b81c-2d5d4c233df4\"><em>The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Evidency. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.<\/em><\/p>\n\n\n\n<p id=\"block-cd17b970-125b-4a14-9906-85ca2d8199ae\"><\/p>\n\n\n\n<p><\/p>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Key takeaways on these European regulations Establishing user trust One of the shared features of these various regulations is their aim to promote and strengthen user trust and protection. This is notably the case with the MiCA Regulation (Markets in Crypto-Assets), which forms part of the Digital Finance Package [9]. That legislative package seeks to [&hellip;]<\/p>\n","protected":false},"author":246879328,"featured_media":10502,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[6495],"tags":[],"ppma_author":[6498,6531],"class_list":["post-10166","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-regulations","author-myriam-quemener","author-garance-mathias"],"acf":{"profil":"","bio":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>European cybersecurity: MiCA, DGA, CRA, Data Act &amp; AI Act<\/title>\n<meta name=\"description\" content=\"MiCA, DGA, CRA, Data Act, AI Act: understand the challenges of European cybersecurity, the business opportunities and the associated compliance obligations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"European cybersecurity: MiCA, DGA, CRA, Data Act &amp; AI Act\" \/>\n<meta property=\"og:description\" content=\"MiCA, DGA, CRA, Data Act, AI Act: understand the challenges of European cybersecurity, the business opportunities and the associated compliance obligations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/\" \/>\n<meta property=\"og:site_name\" content=\"Evidency\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-16T16:39:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-06T08:51:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/MiCA-DGA-CRA-Data-Act-IA-Act.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"950\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Myriam Qu\u00e9m\u00e9ner, Garance Mathias\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nicolas Peigner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/\"},\"author\":{\"name\":\"Nicolas Peigner\",\"@id\":\"https:\/\/evidency.io\/en\/#\/schema\/person\/c4fba2cace4e9303d552b60ebdc0618d\"},\"headline\":\"MiCA, DGA, CRA, Data Act, AI Act: challenges, opportunities and perspectives\",\"datePublished\":\"2026-01-16T16:39:13+00:00\",\"dateModified\":\"2026-02-06T08:51:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/\"},\"wordCount\":2399,\"publisher\":{\"@id\":\"https:\/\/evidency.io\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/MiCA-DGA-CRA-Data-Act-IA-Act.webp\",\"articleSection\":[\"Regulations\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/\",\"url\":\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/\",\"name\":\"European cybersecurity: MiCA, DGA, CRA, Data Act & AI Act\",\"isPartOf\":{\"@id\":\"https:\/\/evidency.io\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/MiCA-DGA-CRA-Data-Act-IA-Act.webp\",\"datePublished\":\"2026-01-16T16:39:13+00:00\",\"dateModified\":\"2026-02-06T08:51:25+00:00\",\"description\":\"MiCA, DGA, CRA, Data Act, AI Act: understand the challenges of European cybersecurity, the business opportunities and the associated compliance obligations.\",\"breadcrumb\":{\"@id\":\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#primaryimage\",\"url\":\"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/MiCA-DGA-CRA-Data-Act-IA-Act.webp\",\"contentUrl\":\"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/MiCA-DGA-CRA-Data-Act-IA-Act.webp\",\"width\":950,\"height\":500,\"caption\":\"MiCA, DGA, CRA, Data Act, IA Act r\u00e9glementations europ\u00e9ennes enjeux\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Evidency\",\"item\":\"https:\/\/evidency.io\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"MiCA, DGA, CRA, Data Act, AI Act: challenges, opportunities and perspectives\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/evidency.io\/en\/#website\",\"url\":\"https:\/\/evidency.io\/en\/\",\"name\":\"Evidency\",\"description\":\"Sp\u00e9cialiste de la preuve num\u00e9rique\",\"publisher\":{\"@id\":\"https:\/\/evidency.io\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/evidency.io\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/evidency.io\/en\/#organization\",\"name\":\"Evidency\",\"url\":\"https:\/\/evidency.io\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/evidency.io\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/evidency.io\/wp-content\/uploads\/2024\/09\/header-logo.svg\",\"contentUrl\":\"https:\/\/evidency.io\/wp-content\/uploads\/2024\/09\/header-logo.svg\",\"width\":275,\"height\":58,\"caption\":\"Evidency\"},\"image\":{\"@id\":\"https:\/\/evidency.io\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/evidency-io\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/evidency.io\/en\/#\/schema\/person\/c4fba2cace4e9303d552b60ebdc0618d\",\"name\":\"Nicolas Peigner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/evidency.io\/en\/#\/schema\/person\/image\/a071e9b393d0615a4fc88b28477f483e\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e715d858349a05f43035c04618d0dd510a10a05de09616ec2dac22d1fc3f8c1b?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e715d858349a05f43035c04618d0dd510a10a05de09616ec2dac22d1fc3f8c1b?s=96&d=identicon&r=g\",\"caption\":\"Nicolas Peigner\"},\"description\":\"Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus aliquet dolor vel molestie pellentesque. Curabitur vitae condimentum lectus, ac laoreet magna. Nullam eu tortor odio.\",\"url\":\"https:\/\/evidency.io\/author\/nicolas2805\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"European cybersecurity: MiCA, DGA, CRA, Data Act & AI Act","description":"MiCA, DGA, CRA, Data Act, AI Act: understand the challenges of European cybersecurity, the business opportunities and the associated compliance obligations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/","og_locale":"en_US","og_type":"article","og_title":"European cybersecurity: MiCA, DGA, CRA, Data Act & AI Act","og_description":"MiCA, DGA, CRA, Data Act, AI Act: understand the challenges of European cybersecurity, the business opportunities and the associated compliance obligations.","og_url":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/","og_site_name":"Evidency","article_published_time":"2026-01-16T16:39:13+00:00","article_modified_time":"2026-02-06T08:51:25+00:00","og_image":[{"width":950,"height":500,"url":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/MiCA-DGA-CRA-Data-Act-IA-Act.webp","type":"image\/webp"}],"author":"Myriam Qu\u00e9m\u00e9ner, Garance Mathias","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Nicolas Peigner","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#article","isPartOf":{"@id":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/"},"author":{"name":"Nicolas Peigner","@id":"https:\/\/evidency.io\/en\/#\/schema\/person\/c4fba2cace4e9303d552b60ebdc0618d"},"headline":"MiCA, DGA, CRA, Data Act, AI Act: challenges, opportunities and perspectives","datePublished":"2026-01-16T16:39:13+00:00","dateModified":"2026-02-06T08:51:25+00:00","mainEntityOfPage":{"@id":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/"},"wordCount":2399,"publisher":{"@id":"https:\/\/evidency.io\/en\/#organization"},"image":{"@id":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#primaryimage"},"thumbnailUrl":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/MiCA-DGA-CRA-Data-Act-IA-Act.webp","articleSection":["Regulations"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/","url":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/","name":"European cybersecurity: MiCA, DGA, CRA, Data Act & AI Act","isPartOf":{"@id":"https:\/\/evidency.io\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#primaryimage"},"image":{"@id":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#primaryimage"},"thumbnailUrl":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/MiCA-DGA-CRA-Data-Act-IA-Act.webp","datePublished":"2026-01-16T16:39:13+00:00","dateModified":"2026-02-06T08:51:25+00:00","description":"MiCA, DGA, CRA, Data Act, AI Act: understand the challenges of European cybersecurity, the business opportunities and the associated compliance obligations.","breadcrumb":{"@id":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#primaryimage","url":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/MiCA-DGA-CRA-Data-Act-IA-Act.webp","contentUrl":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/MiCA-DGA-CRA-Data-Act-IA-Act.webp","width":950,"height":500,"caption":"MiCA, DGA, CRA, Data Act, IA Act r\u00e9glementations europ\u00e9ennes enjeux"},{"@type":"BreadcrumbList","@id":"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Evidency","item":"https:\/\/evidency.io\/en\/"},{"@type":"ListItem","position":2,"name":"MiCA, DGA, CRA, Data Act, AI Act: challenges, opportunities and perspectives"}]},{"@type":"WebSite","@id":"https:\/\/evidency.io\/en\/#website","url":"https:\/\/evidency.io\/en\/","name":"Evidency","description":"Sp\u00e9cialiste de la preuve num\u00e9rique","publisher":{"@id":"https:\/\/evidency.io\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/evidency.io\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/evidency.io\/en\/#organization","name":"Evidency","url":"https:\/\/evidency.io\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/evidency.io\/en\/#\/schema\/logo\/image\/","url":"https:\/\/evidency.io\/wp-content\/uploads\/2024\/09\/header-logo.svg","contentUrl":"https:\/\/evidency.io\/wp-content\/uploads\/2024\/09\/header-logo.svg","width":275,"height":58,"caption":"Evidency"},"image":{"@id":"https:\/\/evidency.io\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/evidency-io\/"]},{"@type":"Person","@id":"https:\/\/evidency.io\/en\/#\/schema\/person\/c4fba2cace4e9303d552b60ebdc0618d","name":"Nicolas Peigner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/evidency.io\/en\/#\/schema\/person\/image\/a071e9b393d0615a4fc88b28477f483e","url":"https:\/\/secure.gravatar.com\/avatar\/e715d858349a05f43035c04618d0dd510a10a05de09616ec2dac22d1fc3f8c1b?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e715d858349a05f43035c04618d0dd510a10a05de09616ec2dac22d1fc3f8c1b?s=96&d=identicon&r=g","caption":"Nicolas Peigner"},"description":"Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus aliquet dolor vel molestie pellentesque. Curabitur vitae condimentum lectus, ac laoreet magna. Nullam eu tortor odio.","url":"https:\/\/evidency.io\/author\/nicolas2805\/"}]}},"modified_by":"Cl\u00e9a Guinaudeau","authors":[{"term_id":6498,"user_id":0,"is_guest":1,"slug":"myriam-quemener","display_name":"Myriam Qu\u00e9m\u00e9ner","avatar_url":{"url":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/02\/Myriam-Quemener-1.webp","url2x":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/02\/Myriam-Quemener-1.webp"},"author_category":"1","first_name":"Myriam","description_complete":"Myriam Qu\u00e9m\u00e9ner is an honorary magistrate and holds a doctorate in law. She is recognised as one of France\u2019s leading experts in cybercrime and digital law. Appointed to the judiciary in 1986, she has held numerous senior positions within the Ministry of Justice and the Ministry of the Interior. Her career has included roles within the Directorate of Criminal Affairs and Pardons (DACG), the criminal division of the Versailles Court of Appeal, as well as appointments as Deputy Public Prosecutor and Advocate General. She has also provided legal expertise to public authorities involved in combating cyber threats. In addition, she served as Project Director and Data Protection Officer (DPO) at the Digital Health Agency (Agence du Num\u00e9rique en Sant\u00e9). An expert to the Council of Europe, a former auditor of the IHEDN, recipient of the Falcone Prize for Justice and a Knight of the Legion of Honour, she is the author of numerous authoritative works addressing the legal, criminal and societal dimensions of digital transformation.","domaine_dexpertise":"<ul>\r\n \t<li>Digital Law &amp; Cybercrime<\/li>\r\n \t<li>Cybersecurity &amp; Information Security<\/li>\r\n \t<li>European Law &amp; Regulation<\/li>\r\n \t<li>Intellectual Property &amp; Technology<\/li>\r\n<\/ul>","last_name":"Qu\u00e9m\u00e9ner","user_url":"","job_title":"Honorary magistrate, Doctor of Law","linkedin":"","description":"Myriam Qu\u00e9m\u00e9ner is an honorary magistrate and holds a doctorate in law. She is recognised for her extensive expertise in cybercrime and digital law. With nearly forty years of experience acquired within the highest French and European judicial and administrative institutions, she has made a substantial contribution to legal doctrine through the publication of numerous authoritative works devoted to cyberspace."},{"term_id":6531,"user_id":0,"is_guest":1,"slug":"garance-mathias","display_name":"Garance Mathias","avatar_url":{"url":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/02\/Garance-Mathias-1.webp","url2x":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/02\/Garance-Mathias-1.webp"},"author_category":"1","first_name":"Garance","description_complete":"Garance Mathias is a partner and founder of the law firm Mathias Avocats, a practice specialising in innovative technology law, personal data protection and intellectual property. For more than twenty years, she has advised organisations of all sizes, from start-ups to large corporate groups, as well as public sector bodies, on the legal structuring and security of their digital projects. Her expertise includes regulatory compliance, in particular GDPR compliance, cybersecurity, and the negotiation and drafting of complex agreements such as SaaS contracts and mechanisms for data transfers outside the European Union. Recognised for her pragmatic and operational approach, she also acts in crisis situations and in disputes relating to cyberattacks and cybercrime. Committed to knowledge sharing, she regularly teaches on specialised training programmes and is co-author of several reference works, including Le D\u00e9l\u00e9gu\u00e9 \u00e0 la Protection des Donn\u00e9es en action.","domaine_dexpertise":"<ul>\r\n \t<li>IT &amp; Cybersecurity<\/li>\r\n \t<li>Intellectual Property<\/li>\r\n \t<li>Media<\/li>\r\n \t<li>Business Law<\/li>\r\n<\/ul>","last_name":"Mathias","user_url":"","job_title":"Partner and Founder, Mathias Avocats","linkedin":"https:\/\/www.linkedin.com\/in\/garance-mathias\/","description":"Garance Mathias is a partner and founder of the law firm Mathias Avocats. A specialist in digital law, data protection and cybersecurity, she has advised companies and public institutions for more than twenty years on the management of complex legal issues and regularly publishes authoritative analyses on compliance and innovative technologies."}],"_links":{"self":[{"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/posts\/10166","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/users\/246879328"}],"replies":[{"embeddable":true,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/comments?post=10166"}],"version-history":[{"count":5,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/posts\/10166\/revisions"}],"predecessor-version":[{"id":11347,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/posts\/10166\/revisions\/11347"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/media\/10502"}],"wp:attachment":[{"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/media?parent=10166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/categories?post=10166"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/tags?post=10166"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/ppma_author?post=10166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}