EU Alignment & Digital Policy
Our Alignment with EU Digital Policy & Regulation
At BAS4ICT, EU digital policy is not an add-on. It is embedded into how we design, deliver, and sustain transformation. We ensure organisations remain compliant, resilient, and future-ready across rapidly evolving regulatory requirements. We align strategy, governance, and execution with key EU frameworks and regulations to strengthen trust, reduce risk, and enable responsible innovation. Our expertise supports both public and private sectors in translating policy into measurable outcomes without operational disruption.
Key Frameworks & Regulatory Alignment
We deliver responsible transformation aligned with the European Union's leading digital policies. Below are 20 active EU digital policies that guide our advisory and delivery approach, including AI Act, Chips Act, CRA, CSA, Data Act, DGA, DMA, DORA, DSA, EECC, EHDS, eIDAS, EMFA, GDPR, GPSR, MiCA, NIS2, PLD, among others.
European Health Data Space (EHDS)
This policy creates an EU system for accessing and reusing electronic health data, empowering individuals and enabling secondary uses for research and public health, with a focus on interoperability, security and strong safeguards.
BAS4ICT adds value by reviewing EHDS readiness, defining access and secondary-use roles, supporting interoperability and consent, and strengthening secure data use through training and adoption.
Political Advertising Regulation
This policy sets EU rules for political advertising transparency and targeting, requiring ad labelling, disclosure of sponsors and funding, and limits on targeting techniques to protect electoral processes and democratic integrity.
BAS4ICT adds value by assessing political-ads readiness, clarifying sponsor, publisher and intermediary duties, supporting labelling, disclosure and targeting controls, and strengthening compliant campaigning through training.
Product Liability Directive (PLD)
This policy modernises EU rules on product liability by extending compensation for damage caused by defective products, including software and AI-enabled systems, and clarifying responsibilities across manufacturers, importers and distributors.
BAS4ICT adds value by clarifying PLD duties, guiding liability and evidence obligations, supporting risk and defect-assessment practices, and enabling compliant product-governance adoption through targeted enablement.
Cyber Resilience Act (CRA)
This policy establishes horizontal cybersecurity requirements for all products with digital elements, ensuring secure design, vulnerability handling, and timely security updates to enhance cyber resilience across the EU digital single market.
BAS4ICT adds value by assessing CRA duties, clarifying manufacturer and distributor roles, supporting secure-by-design and vulnerability processes, and strengthening cyber-resilient adoption through targeted enablement.
Artificial Intelligence Act (AI Act)
This policy defines EU rules for artificial intelligence, restricting prohibited practices, setting obligations for high-risk systems, and supporting transparency and human-centric deployment.
BAS4ICT adds value by reviewing AI Act alignment, defining provider and deployer responsibilities, supporting high-risk AI controls, and strengthening trustworthy AI through training and adoption.
European Media Freedom Act (EMFA)
This policy strengthens EU safeguards for media independence by increasing ownership transparency, coordinating national regulators, and improving resilience against external interference to protect media pluralism.
BAS4ICT adds value by examining EMFA duties, outlining independence and governance roles, advising on transparency and regulator cooperation, and building resilience through targeted enablement.
General Product Safety Regulation (GPSR)
This policy sets modern requirements for safe design, digital elements and online sales, strengthening market-surveillance duties and improving recall and information mechanisms to protect consumers across the Union.
BAS4ICT adds value by strengthening GPSR compliance, guiding safety and digital-element duties, improving marketplace and recall processes, and enabling consistent product-safety adoption through targeted enablement.
Data Act
This policy sets EU rules on fair access to and use of data, defining rights for users and duties for data holders, enabling cross-sector sharing to support fairness, innovation, competitiveness and broader economic value.
BAS4ICT adds value by identifying Data Act gaps, shaping access and sharing roles, supporting interoperability and governance, and promoting fair data use through training and adoption.
Chips Act
This policy supports the EU semiconductor ecosystem by boosting research and production capacity, improving supply-chain resilience and crisis mechanisms, and coordinating investment to ensure secure and competitive chip manufacturing.
BAS4ICT adds value by aligning Chips Act efforts, guiding ecosystem investments, improving supply-chain measures, and enabling semiconductor resilience through targeted enablement.
Markets in Crypto-Assets (MiCA)
This policy regulates EU crypto-asset markets by setting rules for issuers and service providers, defining conduct and disclosure duties, and introducing safeguards to protect consumers and market integrity.
BAS4ICT adds value by aligning MiCA compliance, guiding issuer and service-provider duties, improving conduct and disclosure steps, and enabling trustworthy crypto-market adoption through targeted enablement.
Data Governance Act (DGA)
This policy sets EU rules on data sharing and reuse, establishing frameworks for public-sector data, intermediaries and data altruism, while promoting transparency, safeguards and wider availability across the internal market.
BAS4ICT adds value by evaluating DGA implications, developing data-sharing roles, supporting transparency for data altruism, and reinforcing responsible data use through training and adoption.
NIS 2 Directive
This policy strengthens EU cybersecurity by imposing risk-management measures, incident-reporting duties, and coordinated oversight on essential and important entities to ensure resilient network and information systems.
BAS4ICT adds value by guiding NIS2 governance, improving risk and supply-chain controls, streamlining incident reporting, and enabling resilient cybersecurity adoption through targeted enablement.
Digital Operational Resilience Act (DORA)
This policy reinforces financial-sector resilience by setting EU-wide rules for ICT risk management, incident reporting, resilience testing and oversight of critical third-party providers to ensure secure and continuous operations.
BAS4ICT adds value by enhancing DORA readiness, guiding ICT-risk and continuity controls, streamlining incident and testing processes, and enabling resilient operational adoption through targeted enablement.
Digital Services Act (DSA)
This policy sets EU rules for digital services, requiring platforms to tackle illegal content, enhance transparency and accountability, and manage systemic risks to protect users and support a safer online environment.
BAS4ICT adds value by assessing DSA readiness, defining platform and intermediary roles, supporting transparency and risk duties, and enabling safer adoption through targeted enablement.
Digital Markets Act (DMA)
This policy applies to large platforms designated as gatekeepers to ensure fair, contestable digital markets by curbing unfair practices, improving business-user access, and supporting data portability and interoperability.
BAS4ICT adds value by mapping DMA obligations, clarifying gatekeeper conduct and business-user rights, supporting access, portability and interoperability, and reinforcing compliant practices.
Cybersecurity Act (CSA)
This policy strengthens the EU’s cybersecurity framework by reinforcing ENISA’s mandate and introducing a European certification system that boosts the security, reliability and trustworthiness of ICT products, services and processes.
BAS4ICT adds value by advancing CSA alignment, guiding certification governance, supporting conformity processes, and enabling trusted cybersecurity adoption through targeted enablement.
Copyright Directive
This policy modernises EU copyright rules for the digital environment, setting rights for press publishers, clarifying platform responsibilities, and enabling text and data mining while supporting fair remuneration for creators.
BAS4ICT adds value by reviewing implementation gaps, clarifying publisher, platform and licensing responsibilities, supporting TDM and remuneration processes, and strengthening compliant adoption through training.
European Electronic Communications Code (EECC)
This policy harmonises frameworks for network access, spectrum use, service provision and high-capacity broadband deployment to support competitive, secure and inclusive connectivity across the Union.
BAS4ICT adds value by advancing EECC alignment, guiding access and spectrum duties, improving broadband and interconnection measures, and enabling compliant connectivity adoption via targeted enablement.
General Data Protection Regulation (GDPR)
This policy provides an EU-wide framework for personal data protection, defining lawful processing, enhancing individual rights, and requiring strict accountability and security from organisations handling personal data.
BAS4ICT adds value by evaluating GDPR readiness, defining governance roles, supporting DPIAs and security-by-design, and embedding GDPR through communication, training and adoption.
eIDAS Regulation
This policy establishes EU rules for electronic identification and trust services by enabling secure digital authentication, signatures and transactions to support reliable cross-border digital interactions.
BAS4ICT adds value by aligning eIDAS compliance, guiding identification and trust-service duties, improving signature and authentication steps, and enabling reliable cross-border adoption through targeted enablement.
Recognised EU-Level Expertise
BAS4ICT draws on the expertise of EU-recognised specialists whose extensive experience fosters confidence, demonstrating our ability to deliver transformation fully aligned with European standards, regulations, and funding frameworks.
Luc Masson, Founder of BAS4ICT, is a registered External Expert with the European Commission and a contributor to Horizon Europe. His 15+ years of EU-level experience include leading transformation work on the European Union Funds Management System (SFC2021), the Digital Workplace End-User Support Service, the EUROPA 2nd Generation web portal, and corporate platforms such as Ares, Decide, the Research Participant Portal, Participant Data Management and the Sharing of Audit Results suite, demonstrating our team's strong expertise and credibility.
Fédia Mattarelli, EU Legal, Contract & Funding Expert, brings 15+ years of experience within the European Commission, supporting major EU initiatives across Horizon 2020 and FP6/FP7 grant management, Structural Funds instruments such as the ESF and EGF, Framework Partnership Agreements and Specific Grant Agreements, SESAR and Clean Sky Joint Undertakings, GDPR and data-protection governance, as well as access-to-documents and multi-beneficiary legal procedures, ensuring our programmes meet EU legal, funding, and accountability standards.
BAS4ICT SRL is officially registered with the European Commission under the Participant Identification Code (PIC) 872241558, reinforcing our credibility and reassuring our audience of our reliability in participating in EU-funded programmes and consortia.
Meet the BAS4ICT Team
Discover How We Enable EU-Compliant Legal, Funding and Governance
Read BAS4ICT Position Paper on the Next Multiannual Financial Framework (PDF)