Register of Policies - January 2025

As their budget deficits have exceeded the EU limit of 3% of GDP, the Council of the EU has made specific recommendations to seven countries to get their public finances back on track. These measures fall under the Excessive Deficit Procedure (EDP), a corrective mechanism under the Stability and Growth Pact designed to curb government spending and thus ensure long-term economic stability. The EU requires these countries to reduce their nominal growth rate of net primary government expenditure, or simply put, to gradually slow down government spending in order to reduce their deficits over the next few years, with each country having a different deadline and spending limit to meet. Italy (-3.8% GDP deficit) will have to cut spending to reach the 3% target by 2026. Belgium (-4.2% GDP deficit), Malta (-4.5% GDP deficit) and Slovakia (-5.8% GDP deficit) will have to curb spending growth in order to bring their deficits below 3% by 2027. Poland (-5.8% GDP deficit) must make significant adjustment to reach 3% by 2028. Both France (-5.5% GDP deficit) and Romania (-8.6% GDP deficit) have the longest deadline: France must reduce its budget deficit to 3% by 2029 and to 2.4% by 2031, and Romania to 3% by 2031.

EU law: Council Recommendation

Manufacturers of heavy-duty vehicles, including trucks, buses and trailers, registered in EU Member States must monitor and report data for each new vehicle sold, registered or put into service in the Union. This data includes the CO2 emissions and fuel consumption of the vehicles, which are calculated using the Vehicle Energy Consumption Calculation Tool (VECTO). By 30 September each year, the required data must be submitted to the European Environment Agency (EEA), which is responsible for maintaining a central register of the data collected and subsequently publishes an annual report summarizing the CO2 emissions performance of heavy-duty vehicle manufacturers.

EU law: Commission Implementing Regulation (EU) 2025/35

The Digital Operational Resilience Act (DORA), adopted in December 2022, has been fully applicable since January 17, 2025. It was developed in response to the increasing number of cyber incidents (e.g. cyber attacks, system failures and IT disruptions) faced by financial players. The DORA Regulation applies to many financial entities, including banks, insurance companies, investment firms, payment institutions, crypto-asset providers, trading platforms and third-party providers of ICT services (e.g. cloud service providers, data centers). The regulation is based on several pillars. Firstly, DORA requires financial institutions to implement a rigorous risk management framework for IT security, including business continuity plans and backup strategies. Secondly, incident reporting mechanisms must be put in place and information sharing is encouraged in line with the GDPR to better identify and manage cyber incidents. Thirdly, financial actors must conduct regular testing (e.g. disaster recovery testing, penetration testing), with large entities required to conduct threat-based penetration testing (TLPT) every three years. Fourthly, the risks of external ICT service providers must be monitored and assessed by financial institutions and specific security requirements must be included in contracts. Compliance will be monitored by national financial supervisory authorities in each EU Member State, while enforcement at EU level will be coordinated by the European Supervisory Authorities (ESAs), i.e. the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA).

EU law: Regulation (EU) 2022/2554

Leave Us A Comment