The EU’s Proposed Digital Networks Act: A New Framework for Connectivity

With ambitious targets such as universal gigabit connectivity and full 5G coverage in populated areas by 2030, the Commission views advanced, resilient, and secure digital networks as essential infrastructure. As such, the DNA seeks to address perceived shortcomings in the current regulatory regime, particularly market fragmentation and barriers to cross‑border operations, while ensuring alignment with parallel EU initiatives in areas such as cloud computing, artificial intelligence, data governance, cybersecurity, and digital resilience

The Digital Decade Policy Programme sets out the EU’s long‑term vision for digital infrastructure, emphasising that robust and high‑capacity networks are prerequisites for digital skills development, innovation in areas such as AI and cloud services, and the delivery of essential public services, including e‑government and digital health.

This assessment has been reinforced by several high-level analyses, including the Letta, Draghi and Niinistö reports, as well as the Commission’s recent communication "A Competitiveness Compass for the EU". These analyses consistently emphasise that state-of-the-art digital infrastructure serves multiple strategic objectives, namely, to enhance economic performance, strengthening security capabilities, and supporting social objectives.

At the same time, these reports highlight some structural weaknesses. Despite harmonisation efforts over the past decade, the EU’s electronic communications market remains fragmented. Operators continue to face regulatory and administrative barriers when operating across borders, limiting their ability to scale, invest, and compete with global players. The DNA is the newest attempt from the EU to accommodate these challenges. 

The DNA is designed as a regulation, rather than a directive, with the explicit aim of simplifying and better coordinating the existing legal framework. It would fully or partially replace several existing legislative instruments governing the EU’s connectivity ecosystem, including:

• the EECC,
• the BEREC Regulation,
• the Radio Spectrum Policy Programme,
• parts of the Open Internet Regulation (OIR), and
• elements of the ePrivacy Directive.
   

By merging (parts of) these instruments into a single regulation, the Commission aims to create greater legal certainty and enable providers to operate more seamlessly within the internal market.

Net neutrality and the open internet

The Digital Networks Act (DNA) updates and refines the EU’s net neutrality framework, largely preserving the principles of the Open Internet Regulation while clarifying key concepts and procedures. Internet access providers must continue to treat all traffic equally, without discrimination based on content, sender, service or application.

The DNA maintains the prohibition on blocking, throttling or other interference, while more clearly defining when “reasonable traffic management” is permitted. Such measures must be transparent, non‑discriminatory, proportionate, and based solely on objective technical quality‑of‑service requirements. They may be used only as long as necessary and only for limited purposes: complying with legal obligations, protecting network integrity and security, and preventing or mitigating exceptional or temporary congestion. Equivalent categories of traffic must always be treated equally.

The proposal also clarifies the rules for specialised or optimised services. Providers may offer services tailored to specific content or applications where this optimisation is technically necessary to meet a required quality level, and only where sufficient network capacity exists alongside general internet access. These services cannot replace or degrade standard internet access. The Commission is empowered to adopt implementing acts further defining the conditions for such services.

While the Commission frames the amendments as a way to strengthen legal certainty and support innovation, digital rights and consumer groups have warned that the consolidation of recitals and adjustments to the structure may weaken interpretative safeguards and shift the balance of net neutrality protections.

The DNA also introduces regular reporting obligations: providers must submit information to national regulators every two years on their network capacity management and any traffic management measures. BEREC will publish biannual reports based on this information and issue updated guidelines on quality‑of‑service parameters and monitoring.

These changes form part of the broader end‑user rights framework in Part VI, which modernises universal service obligations, strengthens contract and transparency rules, ensures non‑discriminatory switching and portability, and includes updated protections for users with disabilities, emergency communications, fraud prevention and essential digital services.

A “single passport” for providers

The DNA introduces a fully harmonised EU “Single Passport” for providers of electronic communications networks and services, addressing long‑standing fragmentation under the EECC. Under this framework, providers may operate across the EU on the basis of a single notification to one national regulatory authority, without needing separate authorisations in each Member State. 

The notification procedure must follow a uniform BEREC template, and Member States are barred from imposing additional procedural requirements. Once the notification is confirmed—within one week—the provider may begin operating across the Member States concerned.

Further, the DNA fully harmonises the list of authorisation conditions. Providers must comply with resilience and preparedness obligations, rules governing emergency and disaster communications, cybersecurity requirements (including strengthened ICT supply‑chain security under the revised Cybersecurity Act), lawful interception and data‑retention obligations under EU‑compliant national law, interconnection and interoperability rules, and spectrum and numbering conditions where applicable. These conditions cannot be supplemented or “gold‑plated” nationally, though Member States may restrict service provision only on TFEU Article 52 grounds (public policy, security or health), subject to notification to the Commission.

Although the notification process is centralised, enforcement remains shared. The authority receiving the initial notification may impose penalties, including withdrawal of the right to operate in serious cases. Authorities in host Member States may also intervene where breaches pose serious risks to national security or public interest. BEREC, together with the Commission and designated national contact points, will issue guidelines to ensure coherent application of the authorisation conditions and to structure cooperation, mutual assistance and information‑exchange mechanisms across the EU.

Spectrum use and the limits of market integration

The DNA aims to bring more consistency to how radio spectrum and numbering resources are managed across the EU. It sets common rules for how spectrum should be planned, assigned, renewed and shared, and stresses that licences should be technology‑ and service‑neutral.

The proposal also seeks to make spectrum use more efficient. It introduces more harmonised authorisation procedures, encourages investment‑friendly award designs and places clearer duties on licence holders to use their frequencies effectively. New EU‑level tools, including a “spectrum single market” procedure, common authorisation conditions and one‑stop‑shop processes, are meant to reduce differences between national systems. Spectrum sharing is promoted where workable, alongside stronger cross‑border coordination and clearer rules for dealing with harmful interference. Licences can be withdrawn if operators fail to show active use.

A major change concerns satellite communications. Today, each Member State authorises satellite spectrum separately, which the Commission warns creates fragmentation and risks for Europe’s ability to build pan‑European satellite networks and meet international obligations. The DNA would replace these national procedures with a single EU‑level satellite authorisation, supported by coordinated ITU filings and rules to ensure satellite and terrestrial services can coexist. 

More broadly, the Commission links slow 5G rollout to uneven national licence rules and auction practices. To fix this, the DNA proposes unlimited licence duration as the default—subject to safeguards—with an alternative maximum of 40 years plus near‑automatic renewal. It also provides for EU‑level scrutiny of national procedures, greater transparency on when spectrum will become available and a more consistent timeline for releasing bands needed for future 6G networks.

Large technology companies and ecosystem cooperation

A long‑running policy dispute in Brussels—whether major online platforms should be required to contribute financially to telecoms network costs—has ultimately been left out of the DNA. The Commission has not pursued any form of mandatory “network fee” system. Instead, the proposal introduces a lighter mechanism focused on resolving disagreements between industry players rather than imposing new financial obligations.

Under the DNA, operators and large digital service providers may enter into commercial negotiations on issues such as IP‑level interconnection and traffic‑routing practices. These negotiations remain voluntary, but the framework adds procedural support: BEREC will develop guidance on how such discussions should be conducted, and a conciliation mechanism is offered for cases where parties reach an impasse. 

Telecom operators had pushed for far more—specifically, a binding contribution regime obliging high‑traffic platforms to help fund infrastructure. Their disappointment is matched by caution from the platform side, where some worry that the conciliation tool could, over time, evolve into a de facto pathway toward more formalised fees. The Commission’s choice of a negotiated approach appears to reflect concerns about legal overlap with the Digital Markets Act and the risk of fragmenting existing competition‑law frameworks.

Whether the voluntary mechanism will have practical impact remains uncertain. Some observers note that complex interconnection disputes may be better handled with the involvement of specialised regulatory bodies rather than left to national courts, which often struggle with the technical nuances

Cybersecurity and resilience

Cybersecurity and resilience are recurring themes throughout the DNA. The proposal complements existing and forthcoming EU cybersecurity legislation, including NIS2 and the revised Cybersecurity Act, and introduces new obligations related to ICT supply‑chain security.

These provisions have raised concerns among certain market participants, particularly mobile virtual network operators, who may be indirectly affected by restrictions on high‑risk suppliers.

Although Norway is not an EU Member State, the DNA is likely to be relevant through the EEA framework once adopted. From a Norwegian perspective, the proposal highlights a familiar challenge: while the EU continuously adopt and revise legal frameworks governing digital infrastructure, Norway risks continuing to lag behind in these areas of legal development.