AI Act, Data Act, Cybersecurity Act and technical standardisation

On September 9, the Directorate-General for Enterprises and the Directorate-General for Competition, Consumer Affairs and Fraud Control published the highly anticipated French AI governance framework, designating the national authorities responsible for implementing the AI Act (EU AI Act). Ce schéma doit être soumis au Parlement par le biais d’un projet de loi.

The EU AI Act, together with the Data Act and the Cybersecurity Act, form a trio of European regulations designed to provide a framework for digital innovation while ensuring security, transparency and competitiveness.

Each covers a key aspect of digital technology. The AI Act regulates the risks associated with artificial intelligence (classification by risk level, transparency obligations). The Data Act facilitates access to and sharing of data by balancing user rights and business needs. The Cybersecurity Act imposes security standards for products and services. These three pieces of legislation converge on data management (quality, security, interoperability) and digital trust. For example, an AI system (AI Act) using industrial data (Data Act) must comply with cybersecurity standards (Cybersecurity Act). These three pieces of legislation are complementary and interdependent. The AI Act depends on the Data Act for data reliability and on the Cybersecurity Act to ensure secure data exchanges. They also share common requirements: transparency, accountability and compliance with penalties for non-compliance. This integrated framework, which aims to strengthen European sovereignty by providing businesses and citizens with a secure and predictable environment, also aims to stimulate innovation while limiting risks.

From an operational perspective, the implementation of these three regulatory pillars is based on the European Union’s technical standardisation work programme. For example, the work of the CEN-CENELEC JTC21 technical committees and the ETSI Data, Secured AI and Cyber technical committees plays a central role in this dynamic, in line with the 2025-2027 work programme of the Digital Europe Programme. They help to clarify the technical requirements for high-risk systems, operationalise risk management and transparency, secure and interoperable data sharing, and provide technical references for the certification of products and services, thereby strengthening the resilience of critical infrastructures and AI systems. The coordination between the work of these committees and regulations is essential to create and develop a secure, interoperable and innovative European digital ecosystem. These standards are not a constraint but a strategic lever for innovation, financing and positioning in regulated markets, while contributing to European autonomy. Mastering this continuum, this link between technical standards and AI, data and cyber regulations, is a major and essential challenge for SMEs, as well as for R&D structures and technology transfer offices.

This is what motivated Cobelty, on 9 September, to submit its application for the Small Business Standards 2026 call for experts, in line with its mission: to support and assist SMEs, research laboratories and technology transfer offices in the field of standardisation, whether in terms of contributions or information.