EU Tech & Compliance Glossary
Welcome to the EU Tech & Compliance Glossary — your structured reference for understanding the key legal, technical and regulatory terms affecting SaaS, AI, IoT, cloud and digital platforms entering the European market.
Our glossary is designed to give international companies a clear and reliable overview of the concepts that shape EU compliance, from the AI Act and GDPR to the Cyber Resilience Act, the Data Act and CE requirements.
Use this resource to navigate EU terminology with confidence and to access detailed explanations for each regulatory concept.
Every term includes a short definition and a link to an extended detail page to help you explore deeper as needed.
A–Z Overview (by Category)
AI & Machine Learning
AI Act – The EU’s comprehensive regulatory framework for artificial intelligence systems. Read more → /glossary/ai-act
High-Risk AI – AI systems subject to the strictest compliance obligations under the AI Act. Read more → /glossary/high-risk-ai
General Purpose AI (GPAI) – AI models designed for broad applicability across tasks and sectors. Read more → /glossary/gpai
Limited-Risk AI – AI systems requiring transparency but not full regulation under the AI Act. Read more → /glossary/limited-risk-ai
AI Transparency Obligations – Requirements to inform users when AI is used. Read more → /glossary/ai-transparency
Post-Market Monitoring (PMM) – Continuous oversight of deployed AI systems. Read more → /glossary/pmm
Model Card – A structured documentation format describing an AI model’s purpose, performance and risks. Read more → /glossary/model-card
Dataset Governance – Rules for managing training, validation and testing data. Read more → /glossary/dataset-governance
Data Protection & GDPR
GDPR – The EU’s fundamental data protection regulation governing all processing of personal data. Read more → /glossary/gdpr
GDPR Representative – Required EU contact point for non-EU companies under Article 27. Read more → /glossary/gdpr-representative
Data Processing Agreement (DPA) – Mandatory contract defining controller–processor responsibilities. Read more → /glossary/dpa
Data Protection Impact Assessment (DPIA) – Required risk analysis for high-risk data processing activities. Read more → /glossary/dpia
Controller – Entity determining the purpose and means of data processing. Read more → /glossary/controller
Processor – Entity processing data on behalf of a controller. Read more → /glossary/processor
Records of Processing (RoP) – Article 30 documentation of data workflows. Read more → /glossary/rop
Data Minimization – GDPR principle requiring processing only what is strictly necessary. Read more → /glossary/data-minimization
Cybersecurity & CRA
Cyber Resilience Act (CRA) – EU regulation establishing cybersecurity requirements for software and connected devices. Read more → /glossary/cra
SBOM (Software Bill of Materials) – A detailed inventory of software components and dependencies. Read more → /glossary/sbom
Secure-by-Design – CRA principle requiring security embedded throughout development. Read more → /glossary/secure-by-design
Vulnerability Management – Required processes for identifying and handling product vulnerabilities. Read more → /glossary/vulnerability-management
24/72h Incident Reporting – CRA obligation to notify authorities about security incidents. Read more → /glossary/incident-reporting
Security Updates – Required patches addressing vulnerabilities throughout the product lifecycle. Read more → /glossary/security-updates
Platforms & DSA
Digital Services Act (DSA) – EU regulation governing online platforms, hosting providers and marketplaces. Read more → /glossary/dsa
Hosting Provider – Service storing information provided by users. Read more → /glossary/hosting-provider
Online Platform – Services enabling users to share content or sell goods. Read more → /glossary/online-platform
Marketplace – Platforms facilitating commercial transactions between users. Read more → /glossary/marketplace
Notice & Action – Process for flagging and removing illegal content. Read more → /glossary/notice-and-action
Transparency Reporting – Required disclosures on content moderation and platform risks. Read more → /glossary/transparency-reporting
DSA Legal Representative – Mandatory EU contact point for non-EU platforms. Read more → /glossary/dsa-legal-representative
Product & CE / Market Access
CE Marking – EU conformity marking required for hardware and IoT devices. Read more → /glossary/ce-marking
EU Importer – Entity responsible for placing non-EU products on the EU market. Read more → /glossary/eu-importer
Technical File – Mandatory documentation proving compliance for CE/CRA. Read more → /glossary/technical-file
Market Surveillance – EU monitoring of product safety and compliance. Read more → /glossary/market-surveillance
Conformity Assessment – Required process for assessing product compliance. Read more → /glossary/conformity-assessment
IoT Device Compliance – Security, safety and interoperability rules for connected devices. Read more → /glossary/iot-compliance
Declaration of Conformity (DoC) – Document confirming CE/CRA compliance. Read more → /glossary/declaration-of-conformity
OSS (One Stop Shop VAT) – EU VAT system for cross-border digital services. Read more → /glossary/oss