What are the key ePrivacy obligations for EU businesses?

Obtain consent for cookies and tracking. Honour opt-out for direct marketing. Protect confidentiality of communications. Notify breaches to authorities. Implement privacy by default.

What is the maximum fine for ePrivacy non-compliance?

The maximum fine under ePrivacy is Per member state (typically up to €20M).

When does ePrivacy apply or what is the enforcement deadline?

ePrivacy deadline: In force — update expected 2025-2026.

Which sectors does ePrivacy affect?

ePrivacy applies to: Telecommunications, Digital Services, E-commerce, Marketing.

ePrivacy Directive

The ePrivacy Directive governs electronic communications privacy, covering cookies, email marketing, and confidentiality of communications. Its replacement (ePrivacy Regulation) is pending but the Directive remains law.

What does ePrivacy require and when does it apply?

ePrivacy applies to Telecommunications and Digital Services organisations across all EU member states. The key deadline is In force — update expected 2025-2026. Non-compliance carries a maximum penalty of Per member state (typically up to €20M). Core obligations include obtain consent for cookies and tracking and honour opt-out for direct marketing.

Obtain consent for cookies and tracking
Honour opt-out for direct marketing
Protect confidentiality of communications
Notify breaches to authorities
Implement privacy by default

Deadline	In force — update expected 2025-2026
Max fine	Per member state (typically up to €20M)
Primary sectors	Telecommunications, Digital Services, E-commerce

Source: Official Journal of the EU — ePrivacy DirectiveReviewed: 2026-05-01

TL;DR

ePrivacy: Per member state (typically up to €20M) max fine

ePrivacy applies to Telecommunications and Digital Services organisations in all EU member states. Key deadline: In force — update expected 2025-2026.

Source: Official Journal of the European Union — ePrivacy Directive

Deadline

In force — update expected 2025-2026

Max Fine

Per member state (typically up to €20M)

Sectors Affected

Telecommunications, Digital Services, E-commerce

Per member state (typically up to €20M)maximum fine

The highest penalty for non-compliance with ePrivacy in the EU.

EU Official Journal

How do I comply with ePrivacy?

Obtain consent for cookies and tracking
Honour opt-out for direct marketing
Protect confidentiality of communications
Notify breaches to authorities
Implement privacy by default

Does ePrivacy apply to your business?

Find out in 2 minutes with our free regulation checker.

Check now — free

Related Regulations

AI Act

The EU AI Act classifies AI systems by risk level and imposes obligations on providers and deployers. High-risk systems face mandatory conformity assessments, documentation, and human oversight requirements.

GDPR

GDPR governs the processing of personal data of EU residents. It requires lawful basis for processing, data subject rights, breach notification, and accountability measures.

NIS2

NIS2 expands cybersecurity obligations to essential and important entities across critical sectors. It mandates risk management, incident reporting, and supply chain security.

Next step — classify

Classify your AI systems

Use the free regulation checker to find out exactly which ePrivacy obligations apply to your business in 2 minutes.