Glossary

EU Tech & Compliance Glossary

Welcome to the EU Tech & Compliance Glossary — your structured reference for understanding the key legal, technical and regulatory terms affecting SaaS, AI, IoT, cloud and digital platforms entering the European market.
Our glossary is designed to give international companies a clear and reliable overview of the concepts that shape EU compliance, from the AI Act and GDPR to the Cyber Resilience Act, the Data Act and CE requirements.
Use this resource to navigate EU terminology with confidence and to access detailed explanations for each regulatory concept.
Every term includes a short definition and a link to an extended detail page to help you explore deeper as needed.

A–Z Overview (by Category)

AI & Machine Learning

AI Act – The EU’s comprehensive regulatory framework for artificial intelligence systems. Read more → /glossary/ai-act

High-Risk AI – AI systems subject to the strictest compliance obligations under the AI Act. Read more → /glossary/high-risk-ai

General Purpose AI (GPAI) – AI models designed for broad applicability across tasks and sectors. Read more → /glossary/gpai

Limited-Risk AI – AI systems requiring transparency but not full regulation under the AI Act. Read more → /glossary/limited-risk-ai

AI Transparency Obligations – Requirements to inform users when AI is used. Read more → /glossary/ai-transparency

Post-Market Monitoring (PMM) – Continuous oversight of deployed AI systems. Read more → /glossary/pmm

Model Card – A structured documentation format describing an AI model’s purpose, performance and risks. Read more → /glossary/model-card

Dataset Governance – Rules for managing training, validation and testing data. Read more → /glossary/dataset-governance

Data Protection & GDPR

GDPR – The EU’s fundamental data protection regulation governing all processing of personal data. Read more → /glossary/gdpr

GDPR Representative – Required EU contact point for non-EU companies under Article 27. Read more → /glossary/gdpr-representative

Data Processing Agreement (DPA) – Mandatory contract defining controller–processor responsibilities. Read more → /glossary/dpa

Data Protection Impact Assessment (DPIA) – Required risk analysis for high-risk data processing activities. Read more → /glossary/dpia

Controller – Entity determining the purpose and means of data processing. Read more → /glossary/controller

Processor – Entity processing data on behalf of a controller. Read more → /glossary/processor

Records of Processing (RoP) – Article 30 documentation of data workflows. Read more → /glossary/rop

Data Minimization – GDPR principle requiring processing only what is strictly necessary. Read more → /glossary/data-minimization

Cybersecurity & CRA

Cyber Resilience Act (CRA) – EU regulation establishing cybersecurity requirements for software and connected devices. Read more → /glossary/cra

SBOM (Software Bill of Materials) – A detailed inventory of software components and dependencies. Read more → /glossary/sbom

Secure-by-Design – CRA principle requiring security embedded throughout development. Read more → /glossary/secure-by-design

Vulnerability Management – Required processes for identifying and handling product vulnerabilities. Read more → /glossary/vulnerability-management

24/72h Incident Reporting – CRA obligation to notify authorities about security incidents. Read more → /glossary/incident-reporting

Security Updates – Required patches addressing vulnerabilities throughout the product lifecycle. Read more → /glossary/security-updates

Platforms & DSA

Digital Services Act (DSA) – EU regulation governing online platforms, hosting providers and marketplaces. Read more → /glossary/dsa

Hosting Provider – Service storing information provided by users. Read more → /glossary/hosting-provider

Online Platform – Services enabling users to share content or sell goods. Read more → /glossary/online-platform

Marketplace – Platforms facilitating commercial transactions between users. Read more → /glossary/marketplace

Notice & Action – Process for flagging and removing illegal content. Read more → /glossary/notice-and-action

Transparency Reporting – Required disclosures on content moderation and platform risks. Read more → /glossary/transparency-reporting

DSA Legal Representative – Mandatory EU contact point for non-EU platforms. Read more → /glossary/dsa-legal-representative

Product & CE / Market Access

CE Marking – EU conformity marking required for hardware and IoT devices. Read more → /glossary/ce-marking

EU Importer – Entity responsible for placing non-EU products on the EU market. Read more → /glossary/eu-importer

Technical File – Mandatory documentation proving compliance for CE/CRA. Read more → /glossary/technical-file

Market Surveillance – EU monitoring of product safety and compliance. Read more → /glossary/market-surveillance

Conformity Assessment – Required process for assessing product compliance. Read more → /glossary/conformity-assessment

IoT Device Compliance – Security, safety and interoperability rules for connected devices. Read more → /glossary/iot-compliance

Declaration of Conformity (DoC) – Document confirming CE/CRA compliance. Read more → /glossary/declaration-of-conformity

OSS (One Stop Shop VAT) – EU VAT system for cross-border digital services. Read more → /glossary/oss

Information icon

Wir benötigen Ihre Zustimmung zum Laden der Übersetzungen

Wir nutzen einen Drittanbieter-Service, um den Inhalt der Website zu übersetzen, der möglicherweise Daten über Ihre Aktivitäten sammelt. Bitte überprüfen Sie die Details in der Datenschutzerklärung und akzeptieren Sie den Dienst, um die Übersetzungen zu sehen.