EuroComply
Konto erstellen
💻

EU Compliance for SaaS & Software

EU regulations directly affecting SaaS & Software organisations — including obligations, deadlines, and maximum fines. Use our regulation checker to map your exact exposure.

Which EU regulations apply to SaaS & Software businesses?

SaaS & Software organisations operating in the EU are subject to 10 key regulations, including AI Act, NIS2, CRA and 7 more. The most significant obligations cover Classify AI systems by risk tier; Implement cybersecurity risk management measures. Use the regulation checker to map your exact exposure in under 2 minutes.

  • AI Act: max fine €35M or 7% of global turnover — Classify AI systems by risk tier
  • NIS2: max fine €10M or 2% of global turnover — Implement cybersecurity risk management measures
  • CRA: max fine €15M or 2.5% of global turnover — Implement security by design
  • Data Act: max fine Per member state (effective, proportionate, dissuasive) — Ensure data accessibility for users
Regulations applicable10
Key regulationsAI Act, NIS2, CRA
Highest fine€35M or 7% of global turnover
Source: EUR-Lex — EU Regulatory FrameworkReviewed:

Regulations that apply to SaaS & Software

AI Act

The EU AI Act classifies AI systems by risk level and imposes obligations on providers and deployers. High-risk systems face mandatory conformity assessments, documentation, and human oversight requirements.

Max fine: €35M or 7% of global turnover

NIS2

NIS2 expands cybersecurity obligations to essential and important entities across critical sectors. It mandates risk management, incident reporting, and supply chain security.

Max fine: €10M or 2% of global turnover

CRA

The CRA establishes cybersecurity requirements for products with digital elements sold in the EU. Manufacturers must ensure security by design and provide vulnerability handling.

Max fine: €15M or 2.5% of global turnover

Data Act

The Data Act ensures fair access to and use of data generated by connected products and related services. It establishes rules for data sharing between businesses and with public bodies.

Max fine: Per member state (effective, proportionate, dissuasive)

EAA

The EAA sets accessibility requirements for products and services to ensure people with disabilities can fully participate in the digital economy.

Max fine: Per member state

ePrivacy

The ePrivacy Directive governs electronic communications privacy, covering cookies, email marketing, and confidentiality of communications. Its replacement (ePrivacy Regulation) is pending but the Directive remains law.

Max fine: Per member state (typically up to €20M)

DSA

The DSA creates obligations for online platforms and search engines to tackle illegal content, protect users, and ensure algorithmic transparency. Very large platforms face enhanced obligations.

Max fine: €20M or 6% of global turnover

Pay Transparency

The Pay Transparency Directive requires employers to disclose salary ranges in job postings, report on gender pay gaps, and enable employees to compare pay. Targets the gender pay gap across the EU.

Max fine: Per member state (compensation + penalties)

eIDAS 2.0

eIDAS 2.0 updates the framework for electronic identification and trust services, introducing the EU Digital Identity Wallet. It enables cross-border digital identity verification and expands recognised trust services.

Max fine: Per member state

PLD

The revised PLD modernises liability rules for defective products, extending coverage to software, AI systems, and digital services. Shifts some burden of proof to manufacturers for complex cases.

Max fine: No cap — civil liability for all damage caused

Which regulations apply to your SaaS & Software business?

Answer 5 questions and get a personalised compliance map — free.

Run the regulation checker

Explore by regulation

For informational purposes only. This is not legal advice — consult qualified legal counsel.