Hostname: page-component-5db58dd55d-l8wb7 Total loading time: 0 Render date: 2026-06-01T10:00:37.337Z Has data issue: false hasContentIssue false
  • English
  • Français

The EU Twin Transition: Comparing Form and Substance of the Regulatory Approaches

Published online by Cambridge University Press:  07 April 2026

Paul De Hert  and
Onntje Hinrichs Open the ORCID record for Onntje Hinrichs [Opens in a new window]
Paul De Hert
Affiliation:
Research Group on Law, Science, Technology & Society (LSTS), Vrije Universiteit Brussel, Belgium Tilburg Institute for Law, Technology and Society (TILT), Tilburg University, Netherlands
Onntje Hinrichs*
Affiliation:
Research Group on Law, Science, Technology & Society (LSTS), Vrije Universiteit Brussel, Belgium
*
Corresponding author: Onntje Hinrichs; Email: onntje.marten.hinrichs@vub.be
Rights & Permissions [Opens in a new window]

Abstract

Under the notion of the twin transition, the green and digital transitions were conceptualised as a synergetic pair that should pave the way for a globally competitive green and digital Europe. But are European digital and environmental laws truly twins within the EU’s regulatory strategy, suggesting parallel approaches? In this article, we take a formal approach, focusing on regulatory instruments that are employed in both areas and their defining characteristics. While the twin transition in some respects blurs the boundaries between environmental and digital law, including through the integration of environmental considerations into digital regulations, we adopt an analytical distinction between the two domains. Through a series of steps, we identify key differences that set both regulatory approaches apart and help us understand the different trajectories the transitions have taken. Contrary to the often-invoked claim that form is substance, the analysis reveals that the choice of regulatory instruments does not inherently determine substantive policy choices, thereby underscoring the necessity of their comparative examination. Ultimately, the article argues that fostering dialogue between the two policy fields may yield valuable insights into how regulatory tools can be adapted and deployed across domains.

Keywords

Data protection lawdigital lawenvironmental lawEU digital policytwin transition

Information

Type
Articles
Information
European Journal of Risk Regulation , First View , pp. 1 - 25
Creative Commons
Creative Common License - CCCreative Common License - BY
This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted re-use, distribution and reproduction, provided the original article is properly cited.
Copyright
© The Author(s), 2026. Published by Cambridge University Press

I. Introduction: the wisdom of regulating nature like we regulate data

The concept of the “twin transition” emerged at a critical time in the European integration project. Since the 2007–2008 financial crisis, the EU’s economic recovery has been slow, particularly in comparison to global powers such as the United States. Recent reports by LettaFootnote 1 and DraghiFootnote 2 have issued strong calls to action for European policy-makers, shaping the latest European “Competitiveness Compass,”Footnote 3 which further emphasises the need for EU intervention to put the economy back on a trajectory of stronger growth.

Enabled by the gradual expansion of EU powers under the 2009 Lisbon Treaty, the twin transition constitutes a recent answer to this slow recovery, particularly with the 2019–2024 Priorities Programme, in which the “European Green Deal” and a “Europe fit for the digital age” became key ambitions for the EU.Footnote 4 Soon after, the green and digital transitions were conceptualised as a synergetic pair under the notion of the “twin transition” that should pave the way for a “globally competitive, green and digital Europe.”Footnote 5 This transition would thereby not merely refer to “two concurrent transformational trends” but also “to uniting the two transitions, which could accelerate necessary changes and bring societies closer to the level of transformation needed.”Footnote 6 What appears to unite both transitions is the belief that technology will save us – our digital rights, the environment and our competitiveness. On a second level, the choice for “twinning” is in our view not simply a trojan horse for advancing “more EU” but reflects the belief that the EU can replicate and expand its regulatory success from the digital realm to the environmental one.Footnote 7

This article asks how EU regulatory approaches in the digital and green transition have differed along five dimensions: (1) the degree and style of harmonisation (“act-ification”), (2) the respective roles of law and funding as regulatory tools, (3) the importance of critical junctures, (4) the design of enforcement architectures and (5) the organisation and prioritisation of normative objectives. It focuses on comparing regulatory form rather than substantive policy outcomes.

This article does therefore not intend to assess if the substantive provisions of recent EU legislation are up for the challenge of creating a competitive, green and digital Europe. Nor does it examine whether EU environmental law adequately protects the environment, whether privacy is doing better since the EU’s data protection laws, or whether grouping such different policy fields under the “twin transition” yields the hoped-for results. Instead, in our analysis, we adopt a formal perspective, focusing on regulatory instruments employed across both fields and their defining characteristics.Footnote 8 Contrary to the often-invoked claim that form is substance, the analysis reveals that the choice of regulatory instruments does not inherently determine substantive policy choices, thereby underscoring the necessity of their comparative examination.

A further caveat concerns the relationship between the two transitions. Although the twin transition has generated increasing points of intersection, for instance in digital law instruments that incorporate environmental objectives,Footnote 9 this article does not examine how such integration is operationalised in specific measures.Footnote 10 Instead, we compare the regulatory logics of each domain as distinct fields of EU intervention in order to render visible structural differences in regulatory form and substance without denying their growing interdependence.

An inherent difficulty when comparing regulatory approaches in the twin transition relates to the vagueness of which legal instrument fall under such a comparison given that neither the green nor digital transition relate to an equivalent legal field that exists as a distinct, systematised field of law. With regard to the digital transition, a narrower understanding of EU digital law is typically associated with the more recent waves of EU instruments regulating data flows (such as GDPR, Data Act and Data Governance Act), addressing market power and the systemic role of online platforms (such as DMA and DSA), as well as measures governing AI technologies and the safety and security of digital products (such as AI Act and Cyber Resilience Act).Footnote 11 More broadly, however, the notion of EU digital law has been employed to encompass traditional fields of law that, while not digital-specific, are increasingly shaped by digitalisation.Footnote 12 As our analysis focuses on regulatory approaches in the twin transition, we primarily refer to instruments falling within the narrower understanding of EU digital law, while generalising findings only where they reflect regulatory tensions that extend into more traditional areas of law, such as consumer law.

Similarly, with regard to the green transition, EU law operates through a constellation of instruments pursuing partly different yet increasingly interconnected objectives that together constitute what is commonly referred to as the “green” transition. Whilst the green transition is largely driven by climate objectives within EU law, the protection of, for instance, biodiversity or nature is often folded into that agenda, while continuing to rely on its own regulatory instruments. To make the comparison workable, we refer to the “green transition” as a broad umbrella term and distinguish, where necessary, more specifically between climate law and environmental law instruments,Footnote 13 depending on which aspect of the green transition is at stake.Footnote 14

This article will demonstrate that the twin transitions rest on markedly different regulatory logics. The EU has established itself as a dominant, largely unilateral norm-setter in the digital domain, whereas environmental law continues to operate within a more diverse and fragmented international landscape. Although the EU increasingly aspires to a comparable leadership role in the green transition in general and climate law more specifically, this ambition translates into a distinct regulatory strategy. Digital policy relies predominantly on highly harmonised hard-law instruments, while environmental and climate governance are characterised by a more mixed toolbox in which binding legal obligations coexist with funding-based and programmatic instruments that preserve greater national discretion. Despite a shared trend towards the adoption of prominently branded regulations (“act-ification”), the outcomes diverge: digital regulation tends towards tightly specified, top-down and centralised frameworks, whereas green regulation more often takes the form of “directive-like regulations.”Footnote 15

These differences in regulatory approaches further provide opportunities for comparative reflection, allowing the “policy twins” to explore each other’s regulatory solutions, such as the use of criminal law as a regulatory instrument in environmental policy, different paths to judicial review and enforcement, as well as to find commonalities in the unstable normative foundations that underlie both policy fields. Ultimately, fostering dialogue between the two policy fields, alongside further comparative research, may reveal insights into how different regulatory instruments could be adapted and applied across domains.

Through a series of steps, we identify key differences that set the two regulatory approaches apart and help explain the distinct trajectories the digital and green transitions have taken. Section II maps the EU’s position as a regulator in the digital, environmental and climate domains. We then shift from who regulates to how the EU regulates: Section III compares the relative reliance on binding legal acts and on funding-based governance in the digital and green transitions. Section IV examines the role of critical junctures in shaping regulatory choices and accelerating regulatory change. By “critical junctures” we refer to moments of exogenous shock or crisis that open a window for significant shifts in regulatory competences and styles, rather than merely incremental adjustments. Section V turns to act-ification, understood as the growing tendency to regulate through regulations, often framed through short, easily recognisable names. Sections VI and VII focus on enforcement architectures, examining, respectively, the role of criminal law and the importance of independent authorities in both transitions. Finally, Sections VIII and IX analyse how regulatory regimes organise and prioritise underlying normative objectives.

II. Importance of the EU as norm-setter

While the green and digital transitions are framed as complementary within the twin transition narrative, their regulatory trajectories have diverged significantly, especially once one separates EU climate law from the broader field of environmental law. The EU has emerged as a dominant norm-setter in digital regulation, with its influence often amplified by the Council of Europe’s instruments (such as Convention 108+ and the recent AI Framework Convention), which diffuse EU-compatible standards beyond the Union’s borders.Footnote 16 In contrast, its impact on traditional environmental law is much less prominent as the landscape of international regulatory actors is much more diverse.

Let us first look at the presence of traditional treaty law or conventions (accompanied or not by soft law clarification) at the global regulatory landscape of traditional environmental law. The sheer number of binding international law, de SadeleerFootnote 17 writes of 1,000 bilateral and multilateral environmental agreements clearly outnumbers and dwarfs anything comparable in international digital law. In international digital law, binding treaty instruments are scarce, and the few that do exist have largely emerged from a regional European organisation with an international vocation: the Council of Europe.

Contrast this sketch with international data law: The OECD in 1980 and the UN in 1990 both published Guidelines on the protection and free flow of data. Whereas both were important milestones that shaped emerging national data laws, they remained soft-law instruments and, therefore, merely set voluntary bases for the regulation of data.Footnote 18 The only legally binding international treaty in data protection law constitutes the 1981 Convention 108 by the Council of Europe – an island when compared to the ocean of international environmental instruments. More broadly in digital law, the Council of Europe adopted a cybercrime convention in 2004, that was “rivalled” by a UN instrument only very recently in 2024.Footnote 19 The Council of Europe’s 2024 Framework Convention on AI still remains the only legally binding international instrument on the regulation of AI.

In data law in particular, it is the EU that has become one of the most influential actors in shaping European and global data protection norms. It has and is achieving a Europeanisation of data protection norms beyond the EU’s borders not through legally binding international instruments but through what Bradford coined as the “Brussels Effect,” referring to its unilateral power to regulate global markets.Footnote 20 Through market-driven harmonisation,Footnote 21 the EU has successfully exported its standards and legal institutions globally without resorting to international institutions (and global political harmonisation).Footnote 22 The regulation of the digital economy in general and the regulation of data with the EU’s regulatory “flagship” the GDPR, in particular, would thereby constitute a perfect example, according to Bradford, for the unilateral regulatory globalisation of the EU.Footnote 23

Moreover, the EU’s norm-setting capacity in the digital has not been limited to the Brussels Effect. It further extends, albeit indirectly, through the Council of Europe, which frequently functions as a “regulatory ambassador” of EU standards in the realm of international law. With 27 of the 46 Council of Europe Members also being EU Member States, a conscious effort is necessary to ensure consistency and compatibility between Council of Europe Conventions and EU law.Footnote 24 EU Member States thus ensure that the regulatory regimes of the Council of Europe do not hamper EU law in one way or another. The modernisation of Convention 108, which coincided with the overhaul of Europe’s data protection framework, exemplified the reciprocal influence between both institutions.Footnote 25 A similar narrative explains the EU-dimension of the Council of Europe Framework Convention on Artificial Intelligence (AI Convention): The EU was among the early signatories of the Convention. Its AI Act, adopted first, strongly influenced the negotiation of the Convention whose design promotes global participation while aligning with, and effectively transmitting, the content of the EU AI Act.Footnote 26

The EU and the Council of Europe therefore pursue complementary regulatory strategies in digital policy. Council of Europe conventions are based on general principles, whose flexibility, when implemented in national law, makes them appealing to both Member States and interested third countries.Footnote 27 In contrast, EU digital legislation, particularly since the 2009 Lisbon Treaty, aspires to fully harmonise national law and has consistently reduced the possibility of national regulatory heterogeneity.Footnote 28 For instance, with the Lisbon Treaty, a new sector-specific legal basis was created, which positioned the EU as the (almost) uncontested norm-setter for the regulation of personal data.Footnote 29 It was subsequently used as a legal basis for the GDPR, which was presented with the bold claim of putting an end to the fragmented European digital market, leaving regulatory discretion to Member States only in limited situations.Footnote 30

The previous teaches us that the EU has increasingly established itself as the dominant norm-setter in the digital sphere, with other sources of regional and international law playing a comparatively peripheral role. This stands in sharp contrast to the pre-Green Deal regulatory landscape in environmental law, where the EU’s norm-setting capacity has been shaped and constrained by an already dense web of multilateral treaties and soft law instruments. As a result, EU environmental law has generally developed in coexistence with, rather than in the absence of, international environmental law. By contrast, in certain environmental sub-fields where international governance is less developed – EU chemicals regulation under REACH being the most prominent example – the EU has assumed a much more assertive regulatory role.Footnote 31

The picture becomes more nuanced when turning to climate law. Whilst strong impetus for EU climate action is traced to the 1997 Kyoto Protocol, the EU soon sought to position itself as a central actor in the global fight against climate change.Footnote 32 The Lisbon Treaty, again, reinforced this ambition by explicitly recognising international climate action as a priority of EU environmental policy. The 2015 Paris Agreement was subsequently regarded as one of the EU’s major foreign environmental achievements as already prior to that agreement, it had agreed on a long-term strategy to reduce greenhouse gas emissions, thereby signalling its willingness to steer the direction of international climate governance.Footnote 33 The European Green Deal continues this trajectory: the Commission explicitly declared that it “wants to use its economic weight to shape international standards,”Footnote 34 directly alluding to Bradfords Brussels effect and signalling its aspiration to become a global norm setter in climate law. Yet, unlike in the digital sphere, this leadership does not unfold in isolation from international structures. Rather, it both relies upon and contributes to a broader multilateral framework, within which EU unilateral initiatives are intended to catalyse broader collective action.

The explanations for this differentiated norm-setting role of the EU are manifold. They may be traced, inter alia, to the expansion of the Union’s legal mandate following the Lisbon Treaty, which has facilitated more assertive regulatory intervention in certain policy areas; or to an increasing awareness of the transnational and economic nature of digitalisation that explains why the matter seems to flow naturally to the EU’s agenda and reinforces its capacity to act as a unilateral norm-setter – rooted in a project originally developed as an economic integration project centred on the creation and functioning of the internal market. This underlying dynamic is unlikely to change in the foreseeable future, as the internal market continues to operate as a powerful engine of regulatory harmonisation and norm-setting. Moreover, the emerging de-regulatory turn may prompt the EU to reassert its core economic and internal market objectives, with the consequence that more socially oriented goals – such as the protection of privacy or the environment – risk becoming ancillary, or even marginal, to market integration.Footnote 35 A trend that might reinforce the EU’s role as a norm-setter in market-embedded domains such as digital regulation, while limiting its normative ambition in the environmental field.Footnote 36

The next section shifts from “who regulates” to “how the EU regulates,” contrasting the relative reliance on binding legal acts and on funding‑based governance in the digital and green transitions. Bringing in non-legislative options to regulation, like grants and subsidies, taxes or tradable permits, allows a better assessment of the EU’s action in the green and the digital.

III. Importance of EU money-based policy making

The previous section has shown that international environmental law is characterised by a dense and mature multilateral architecture, within which the EU has traditionally operated as one actor among many. By contrast, the scarcity of binding international instruments in the digital field has enabled the EU to assume a far more unilateral and assertive norm-setting role. While in environmental law EU action thus typically coexists with pre-existing international frameworks, climate law illustrates that the Union has nonetheless sought to reposition itself as a leading regulatory force, hoping that its unilateral initiatives would catalyse broader multilateral cooperation.Footnote 37

Shifting the focus from who regulates to how regulation is pursued, this section examines whether the Green Deal’s explicit aspiration to assume a norm-setting role translates into a more assertive regulatory model akin to that adopted in the digital sphere. As the following three observations demonstrate, however, the EU’s regulatory approach in the green transition diverges in important respects from its digital counterpart.

First, framed as a new growth strategy, the European Green Deal prioritises massive investmentsFootnote 38 to steer market activity towards the objectives of green growth and climate neutrality. Whereas a growing but heavily contested legislative programme has emerged over the past years, a significant share of the Green Deal’s implementation relies therefore on a broad ecosystem of investment and funding instruments, including the RRF, InvestEU, the Social Climate Fund or the Innovation Fund. Funding thus holds an important place to steer transformative processes in the green transition. The use of governance through funding mechanisms to drive change at the national level has, however, raised concerns in the literature as to whether spending-based forms of governance are subject to a degree of judicial review comparable to that attached to classic regulatory instruments.Footnote 39 Whereas similar instruments exist in the digital transition, such as the 2021 Chips ActFootnote 40 that should enhance Europe’s digital sovereignty by strengthening semiconductor supply chains, these mechanisms operate alongside extensive “traditional” forms of hard-law regulation pursuing policy objectives independently of financial incentives.

Second, the foregoing (the green agenda’s reliance on money, rather than binding law) does, of course, not suggest that the Green Deal is without regulatory ambitions. Several of its key proposals, however, have faced strong resistance throughout the legislative process and were on the verge of failure,Footnote 41 withdrawn,Footnote 42 or watered down. Footnote 43,Footnote 44 This dynamic has been reinforced by the growing electoral strength of populist parties at national level and in recent European elections, which has made ambitious environmental measures more politically costly and has incentivised both national governments and EU institutions to dilute or delay proposals perceived as economically or socially burdensome.Footnote 45 Taken together, these developments place pressure on the overall trajectory of the Green Deal and call into question the EU’s capacity to assert itself as a strong regulator in the green transition.

This trajectory stands in contrast to its “digital twin,” where the EU has successfully advanced a comprehensive regulatory framework that spans from data governance and big tech oversight to AI regulation, enshrining what some scholars have described as “Europe’s digital constitution” into binding law.Footnote 46 Recent developments nonetheless indicate that this contrast unfolds within a more complex political context, as ongoing discussions surrounding digital “omnibus” initiatives, including proposals to postpone AI Act obligations,Footnote 47 suggest that digital regulation too remains exposed to political pressures capable of shaping its future trajectory.

Third and finally, while EU digital policy seemingly adopts a rigid top-down approach striving for fully harmonised legal frameworks, leaving Member States with virtually no flexibility, EU environmental law takes a more cooperative route as it grants considerable discretion to national lawmakers in achieving its objectives. We write “seemingly” since, although instruments such as the DMA, DSA or the AI Act centralise enforcement in the Commission to varying degrees, EU digital laws do not entirely remove Member State flexibility. In instruments such as the GDPR, the DA or the DGA, national authorities remain responsible for interpreting and enforcing abstract legal concepts, thereby giving rise to coordination and enforcement challenges.Footnote 48

Nevertheless, the divergence in regulatory approaches that we do see between the green and the digital can be exemplified by the GovernanceFootnote 49 or Nature Restoration Regulation,Footnote 50 which require Member States to develop “national plans,” “restoration targets” and “appropriate and effective measures” to meet objectives set by EU environmental law.Footnote 51 The significant discretion granted by these instruments is further reflected in criticism by some environmental scholars who observe how “[e]nvironmental ‘plans’ and ‘programmes,’ ‘best available technique,’ reports and monitoring obligations are not defined with the necessary rigidity” and which would make effective monitoring and application of the law “difficult, if not impossible.”Footnote 52 With regard to the Green transition, Křepelka observes a trend towards adopting regulations but with directive-like provisions.Footnote 53 Furthermore, others note that, since Member States must bear the “lion’s share of the financial costs associated with the green transition,” progress in divisive environmental matters is likely to be conditioned by fiscal constraints and the ambition of national policymakers.Footnote 54

Taken together, our analysis highlights a marked divergence in the regulatory strategies underpinning the twin transitions. In the digital domain, the EU has relied primarily on highly harmonised hard-law instruments, with funding mechanisms playing a largely complementary role, for instance in supporting infrastructure or industrial capacity. From the perspective of regulatory theory, this approach closely resembles traditional forms of command-based regulation, characterised by centralised rule-setting and limited national discretion.Footnote 55 In climate and environmental policy, by contrast, binding regulatory instruments coexist with, and are often mediated by, powerful budgetary and investment-based governance tools that leave Member States greater formal discretion while also requiring them to bear a significant share of the associated costs. This configuration aligns more closely with incentive-based regulatory techniques, in which compliance is steered through financial and programmatic mechanisms rather than uniform legal commands. As a result, the EU’s regulatory assertiveness in the green transition remains more fragmented and politically contingent than in its digital counterpart.

To better understand the different trajectories that both policy areas have taken, the following section examines why this regulatory shift towards a fully harmonised data protection framework that subsequently spilled over into the broader field of EU digital policy was able to occur. It shows how external shocks, such as the Snowden revelations or Brexit, constituted critical juncturesFootnote 56 in the EU’s aspiration to become the dominant norm setter in the digital, and contrasts this trajectory with environmental and climate law-making, where comparable critical events have had a different, and often more limited, integrative effect at EU level.

IV. Importance of critical junctures driving EU policy making

On the basis of its Priorities Programme 2019–2024, creating a “Europe fit for the digital age” with a myriad of legislative proposals became a central objective. However, the EU’s regulatory efforts in the digital domain began already several decades ago with the adoption of the 1995 Data Protection Directive, which was followed by several legislative instruments that can be associated with the regulation of digital technologies, but which did not form part of a comprehensive policy approach to regulate the emerging digital sphere.Footnote 57

This scattered approach changed with the 2010 Digital Agenda for Europe.Footnote 58 Whereas the creation of the (“analogue”) single market had constituted the core of the regulatory efforts of the European integration project of the past decades, the 2010 Digital Agenda announced that it was time “for a new single market to deliver the benefits of the digital era” by addressing legal fragmentation of the patchwork of national online markets.Footnote 59 Yet, some instruments proposed under this agenda met starkly contrasting outcomes. The 2011 proposal for a Common European Sales LawFootnote 60 was ultimately abandoned due to Member States’ resistance to the harmonisation of their national contract law,Footnote 61 illustrating that full harmonisation in pursuit of the (digital) single market was far from inevitable. In contrast, the 2012 proposal to reform the European Data Protection frameworkFootnote 62 succeeded as it was adopted four years later and provided for a fully harmonised legal framework. This transformation was not only facilitated by the 2009 Lisbon reform but also by external shocks – critical junctures in the path taken by EU digital policy.

The legislative process of the data protection reform package, subject to intense lobbying activity, was far from smooth.Footnote 63 It were the 2013 Snowden revelations on surveillance practices by US agencies which constituted a turning point.Footnote 64 As the revelations showcased the invisible handshakeFootnote 65 between US agencies and online intermediaries, concerns for the protection of data through regulation related not only to privacy concerns for EU citizens but also economic concerns for data by European companies that was accessed across the Atlantic. These revelations thus served as a wake-up call, emphasising the need for a strong European data protection framework to counter foreign digital surveillance and strongly impacted the position of policy-makers.Footnote 66 The impact of the Snowden revelations went beyond Europe’s reformed data protection law as they were equally pivotal to understanding Europe’s digital policy shift towards digital sovereignty since 2015. Digital sovereignty denotes “a form of strategic autonomy from third countries and re-orienting relations with ‘Big Tech’, notably through the creation of EU’s own digital infrastructures”Footnote 67 with the ultimate objective of preserving European core values, rights and principles.Footnote 68 The Snowden revelations illustrated the challenges of enforcing EU law and protecting fundamental rights of EU citizens if it lacks sovereignty over technological infrastructure.

Three years after the Snowden revelations, Brexit and the 2018 Cambridge Analytica Scandal marked yet another critical juncture. They further heightened concerns that the misuse of data collected by Big Tech companies could not only infringe fundamental rights of EU citizens and harm economic interests of EU companies but also undermine the democratic foundations of Member States and the cohesion of the EU through disinformation online. Stronger regulatory oversight of digital platforms to strengthen democratic resilience in light of digital transformation was added to the EU digital policy agenda.Footnote 69

Together, the Snowden Revelations and Cambridge Analytica exposed Europe’s vulnerabilities in the digital sphere, as framed in much of the policy discourse, particularly its dependence on foreign companies due to a critical lack of innovation. This diagnosis grounded emerging digital policy initiatives in the pursuit of digital and technological sovereignty.Footnote 70 As put drastically by Lehdonvirta, the “EU has a digital single market today, but it wasn’t made in Brussels: it was made in Silicon Valley.”Footnote 71 This diagnosis of an EU that is structurally vulnerable and late in the digital race strengthened political support for a more assertive, sovereignty-oriented regulatory turn. Concerns about innovation deficits thus became intertwined not only with digital sovereignty and the fight against disinformation, but also with a core promise of the European integration project: ensuring prosperity through the progress of creating an ever-closer Union.

EU digital policy has attempted to address these challenges comprehensively with several detailed regulatory frameworks over the past years. The breadth of this emerging digital acquis can be illustrated by grouping some of the instruments along several functional dimensions. First, a set of instruments centres on the protection of fundamental rights, most prominently in form of the European data protection framework. Second, in the aftermath of the European Strategy for Data,Footnote 72 a series of instruments focused on unlocking the economic value of data such as the 2022 Data Governance Act, the 2023 Data Act or sectoral instruments such as the 2025 European Health Data Space Regulation.Footnote 73 Third, measures that target the market power and systemic influence of Big Tech and online platforms. Most notably, the DMA, described as a “turning point in the economic regulation of digital markets,”Footnote 74 seeks to promote innovation through competition by enabling disruptive firms to challenge dominant gatekeepers. The DSA, in turn, updates the 25-year-old conditional immunity framework,Footnote 75 which granted liability exemptions to providers of certain internet intermediaries, with due diligence obligations that are particularly severe for very large online platforms and search engines.Footnote 76 Finally, instruments that address AI technology and the safety and security of digital products, such as the 2024 AI Act or the 2024 Cyber Resilience Act, which seek to foster technological innovation while subjecting it to a clearly structured regulatory framework. Taken together, these instruments illustrate how the EU has responded to critical junctures by constructing an increasingly comprehensive regulatory architecture for the digital sphere.

In EU environmental policy, critical events have certainly also played an important role in shaping EU regulation. One may point, for instance, to the 1976 Seveso disaster in a chemical manufacturing plant that resulted in the adoption of the Seveso Directives, which lay down EU-wide rules on the prevention and control of major industrial accidents involving dangerous substances. However, we do not identify critical junctures in EU environmental policy that have produced a comparable reconfiguration of regulatory style across the policy field to that extent observed in EU digital policy. For instance, recent weather extremes, such as floods in different parts of Europe or rising temperatures, were indeed dramatic events for the concerned populations but did not trigger a similarly centralising EU response and did not result in broad political coalition mobilised around the protection of Europe against an identifiable “external opponent.”Footnote 77 An identifiable “adversary” that is absent in EU environmental policy but present in EU digital policy in the form of, for instance, foreign states or large technology companies.

The following section takes a closer look at the regulatory instruments themselves in the twin transition. While both fields show a growing reliance on regulations, their substantive design and regulatory logic differ significantly.

V. Importance of act-ification and choice of regulatory instruments

We have seen how the EU has adopted divergent regulatory approaches in the twin transition. Environmental law that emerges from a variety of fora (international and European) and gives considerable leeway to national implementations. Contrasted with digital law that emerges (almost) exclusively from the European legislator and seeks to eliminate any variety on the national level. Critical junctures further help us understand how the EU has been able to position itself as the dominant norm-setter in digital policy and push through a series of directly applicable regulations. In environmental and climate law, critical events such as Seveso have certainly driven important regulatory innovations, but they have not (so far) generated a comparable wave of highly detailed, centralising “acts” across the whole field. Whilst regulations equally form part of the European environmental law acquis, they appear to be much less common and in the pre-Green Deal era more characteristic in fields that involve the control of risks of, for instance, toxic substances or products.Footnote 78

From that perspective, more recent instruments such as the European Climate LawFootnote 79 and Governance Regulation are notable outliers for two reasons. First, the legislator opted for regulations in a policy area in which directives had traditionally constituted the dominant instrument. Second, rather than establishing detailed and directly applicable regulatory frameworks, typically associated with regulations, both instruments primarily set long-term policy objectives and goals to be achieved by Union institutions and Member States. Such goalsetting, however, is more commonly associated with directivesFootnote 80 than with regulations. Along similar lines, Křepelka observes a recent tendency in EU climate law towards the use of regulations but characterises instruments such as the LULUCF RegulationFootnote 81 as “a regulation with directive-like provisions.”Footnote 82 Taken together, this trend blurs the traditional distinction between regulations and directives.

Whereas we therefore observe a similar tendency of releasing regulations with popular, easy to remember names (act-ification) in both EU climate/environmental (“European Climate Law,” “Nature Restauration Law,” “Critical Raw Materials Act,” “Net-Zero Industry Act”) and digital law (“Digital Markets Act,” “Data Act,” “Artificial Intelligence Act”), it is their imposition of detailed regulatory frameworks with marked downplaying of national (legislative) discretion (regulatory brutality) what sets them apart. None of the recent instruments in EU digital law could be qualified as “regulations with directive-like provisions” – despite their reliance in practice on national authorities that are assigned a key role for providing guidance and enforcing them. It is thus this regulatory brutality that remains unique to EU digital policy and that has not been emulated by EU environmental or climate policy.Footnote 83 Although we acknowledge that, similar to the digital field, the EU’s ambition in environmental and climate policy has evolved towards becoming a (global) norm setter, and although the adoption of almost 160 legislative acts under the Green Deal has been described as “the greatest shock wave since the creation of the single market,”Footnote 84 this remarkable legislative surge has nevertheless not resulted in an equivalently tightly harmonised regulatory framework. Instead, environmental and climate policy continue to rely more strongly on framework legislation, programmatic objectives and national discretion than its digital counterpart.

This does not suggest that the relative lack of regulatory “brutality” in EU environmental and climate law should necessarily be regarded as a shortcoming or deficiency. On the contrary, less stringent regulation may offer several advantages, including greater scope for experimentation, a better fit with territorialised harms and smoother integration with existing national regimes. Again, the comparison with the digital transition is instructive. Although the EU digital regulatory framework remains in a phase of consolidation, the move towards more stringent regulation has already given rise to concerns about fragmentation and insufficient integration with existing law in post-GDPR lawmaking.Footnote 85

Neither, however, does the current lack of regulatory brutality in EU environmental and climate policy suggest that the EU constitutional framework would prevent a more stringent regulatory approach. After all, environmental challenges are, just like their digital counterpart, inherently transnational and would therefore naturally call for a strong supranational approach. Furthermore, we have seen in the past how the division of competences between EU and Member States is not set in stone but ultimately politically malleable.Footnote 86 What seems to count most is strong political support that pushes for regulations, although, as Křepelka warns, the heightened visibility associated with act-ified EU climate law may become problematic once political support erodes and enforcement costs materialise.Footnote 87 Furthermore, highly stringent and act-ified regulatory frameworks may ultimately undermine democratic legitimacy by constraining meaningful political choice at national level once public support for climate measures erodes.Footnote 88

VI. Importance of criminal law norms and sanctions

Striking is the different place which criminal law holds in both policy areas. The GDPR leaves the imposition of criminal sanctions entirely to the discretion of Member States, requiring only that they establish “effective, proportionate, and dissuasive” penalties for infringements not covered by its administrative fines.Footnote 89 In practice, the main sanctioning tool used under the GDPR and related instruments has been administrative fines.Footnote 90 This organised silenceFootnote 91 is noteworthyFootnote 92 from a comparative EU-law perspective and this for two reasons. First, prior to the GDPR, when enforcement was left almost entirely to the discretion of Member States, approaches differed: some relied primarily on civil or administrative sanctions, others adopted a more extensive set of data protection crimes, and some, such as Belgium, exclusively opted for criminal law.Footnote 93 As such, the use of criminal law as a tool to address data protection infringements is therefore not alien to European legal systems.

Second, leaving criminal law sanctions entirely to the discretion of Member States not only misses out on an enforcement tool, at least if one assumes that criminal enforcement would in fact be used and coordinated, but fails to address the issue of legal fragmentation, which the GDPR was supposed to solve.Footnote 94 That the EU did have the competence to include criminal law provisions was already established in the 2005 Environmental Crime CaseFootnote 95 and put in black letter law with the Lisbon Treaty.

One might object that, if both administrative and criminal procedures overwhelmingly result in monetary penalties, the formal label of “criminal” adds little. However, administrative sanctioning regimes have traditionally been reserved for conduct that does not threaten the essential values of society and is therefore considered to warrant only a low degree of societal condemnation.Footnote 96 Criminal law, by contrast, is often understood to have a distinct expressive and symbolic function and to trigger specific procedural safeguards and social meanings that may be normatively important when core democratic processes are at stake. Against this background, the EU’s reluctance to move more decisively into the territory of criminal law in the field of digital regulation is therefore noteworthy, especially considering that infringements of EU digital law can amount to attacks on fundamental societal values, such as democratic processes, as exemplified by Cambridge Analytica. If such attacks are not adequately addressed through the “moral condemnation” and the corresponding deterrent effect associated with criminal law, whose sanctioning tools such as prison sanctions clearly carry “a stronger message-sending role or expressive function than civil or administrative enforcement,”Footnote 97 it could ultimately erode the legitimacy of EU digital policy.Footnote 98

This risk becomes especially pronounced when serious wrongs done by powerful actors are not addressed adequately. While we can acknowledge the successes of the GDPR in strengthening enforcement mechanisms,Footnote 99 and while we are well aware of the dangers of over-criminalisation, there remains a need to reflect on whether certain violations in the realm of EU digital policy warrant the scrutiny of a criminal approach at EU level. This message was picked up recently by two scholars in the context of the AI Act (also lacking criminal law provisions). They show that the idea of criminalising data protection wrongdoing is neither completely new nor can it also be applied to wrongs related to AI. In 2019, this matter was preliminarily scrutinised by the EU Council: “It could be appropriate to carry out a full and thorough examination/analysis of the necessity and advisability of establishing (further) minimum rules concerning the definition of criminal offences and sanctions in specific areas. The following areas were suggested by one or more Member States, or the Commission, as areas that could be looked into: … crimes relating to artificial intelligence, subject to further defining the issue at stake and subject to involving other relevant stakeholders.”Footnote 100

The contrast to EU environmental law, considered as the most relevant area of law to the development of EU criminal lawFootnote 101 could hardly be more pronounced. The recent Environmental Crime Directive 2024/1203 described as a “revolution” in EU environmental lawFootnote 102 exemplifies how EU environmental law, as opposed to its digital twin, has embraced a criminal law approach to protect the environment and foster compliance with EU law. Neither international nor European environmental law has limited its enforcement arsenal by excluding criminal law. Instead, it has served as a driving force for achieving policy objectives – to such an extent that environmental crime has become the fourth largest criminal sector worldwide.Footnote 103 Proposals to criminalise serious breaches of due diligence obligations as a tool to enhance collective deterrence, as recently suggested by a committee of the European Parliament when discussing the proposal of the Environmental Crime Directive, would currently be unfathomable in digital policy. Part of the reason may lie in the different spatial and causal structures of harm: environmental harms are tied to territory and material degradation in a way that fits traditional criminal-law imaginaries, whereas many digital harms (privacy violations, disinformation, data-driven manipulation) are diffuse, cross-border and often perceived as less tangible, which invites administrative rather than criminal responses.

At the very least, a more explicit debate is warranted on whether certain categories of digital wrongs – for instance systematic, large-scale interference with electoral processes – should remain in the domain of administrative fines alone, or whether a carefully delimited EU-level criminal law response could be justified, drawing on the environmental law experience. Different parts of digital law (such as platform/intermediary regulation, market and competition rules for gatekeepers or privacy and cybersecurity frameworks) would of course need to be interrogated separately, as proportional criminal law making requires. The questioning would need to be thorough and go beyond moral considerations. Michal Czerniawski and Anamaria Stoia, for example, stress the need for criminal law to improve extraterritorial enforcement of European norms and values. Platforms outside Europe might therefore be a target of a criminal law policy, to give an example.Footnote 104

VII. Importance of judicial and administrative enforcement

Whereas criminal law is largely absent from the EU digital policy corpus, a comparatively strong and comprehensive (public and private) enforcement framework is being incorporated into EU digital policy. By contrast, environmental and climate law enforcement relies more heavily on a mix of domestic administrative and criminal mechanisms, Aarhus-based access to justice and Commission infringement proceedings, with far less EU-level institutionalisation of specialised authorities.

Public enforcement in the digital holds a particularly important space due to Article 8 Charter of Fundamental Rights of the EU and Article 16 TFEU, which attach to the right to data protection an obligation to establish an independent authority overseeing compliance with data protection law. Both provisions insist on the independence of these data protection authorities (DPAs). This constitutional anchoring makes DPAs paradigmatic examples of institutional “proxy advocates” for a fundamental right, something that has no obvious counterpart in EU environmental law. Art 52(1) GDPR adds that such independence must be “complete,” a requirement broadly interpreted both by the CJEU and the EU Commission.Footnote 105 This way, a real new watchdog with a direct constitutional foundation was added to the three traditional Montesquieuian branches to provide additional layers of accountability in the digital realm.Footnote 106

There are other new branches in Europe, but the data protection authorities stand out. The combination of their independence, a broad mandate over both public and private sectors and dense EU-level cooperation in the form of the European Data Protection Board is distinctive when compared to environmental enforcement structures.Footnote 107 Their constitutional mandate is explicit: all compliance or non-compliance is subject to their control. The processing power of public and private parties might be legitimate in many cases, but even in these cases, its concrete deployment and compliance need to be systematically watched over by individual rights holders and official agencies, acting as “proxy advocates” or “offices of goodness.”Footnote 108

Furthermore, we have been witnessing (at least) four significant developments in the area of enforcement of digital law: First, the CJEU in its case law increasingly gives shape to GDPR provisions on enforcement, for instance, with regard to the possibility of representative actions.Footnote 109 Second, complementarities between different fields of law have been recognised by Courts, enabling, for example, consumer protection associations to enforce data protection as consumer law.Footnote 110 Third, regulatory overlaps that result not only from different fields of law but also different enforcement authorities, such as data protection and competition authorities, are increasingly being addressed in both literature and case law to address risks of lack of coherency and fragmentation through cross-regime cooperation.Footnote 111 Finally, a new legislative proposal seeks to enhance efficiency and consistency in the enforcement of the GDPR in cross-border cases.Footnote 112

By contrast, in EU environmental and climate law, the architecture of enforcement looks different: rather than creating dedicated, independent authorities at EU and national level, the system relies on a combination of Aarhus-based access to justice, domestic administrative and criminal enforcement and Commission infringement proceedings. The Aarhus Convention and its EU implementation have indeed generated a rich body of case law, especially on environmental impact assessment and access to information, but they do not entail the creation of specialised “environmental authorities” comparable to DPAs. The Aarhus Convention, seeks to empower NGOs by granting them access to an effective review procedure – without, however, specifying how this should be achieved.Footnote 113 EU secondary law and CJEU case law have gradually specified some of these procedural guarantees, and NGOs frequently invoke Aarhus-based rights before national courts and the CJEU, particularly with regard to environmental impact assessments and planning disputes. Yet, standing (whose rights are infringed when the environment is damaged?) remains “the most serious stumbling block for applicants seeking to achieve environmental protection through court action.”Footnote 114 Although there have been meaningful improvements in access to justice for environmental NGOs, questions regarding standing and consistent national implementation therefore continue to pose challenges.Footnote 115

Could environmental law find inspiration in its digital twin? Building on debates about an “EU Environmental Agency with teeth,” one could imagine a constitutional mandate for independent environmental protection authorities, analogous to Article 8(3) for data protection, coupled with a cooperative body mirroring the European Data Protection Board. What if Article 37 of the Charter would, mirroring Article 8(3), enshrine the creation of independent authorities tasked with ensuring compliance with European environmental law – put differently, how would environmental protection fair if proxy advocates in the form of specialised state bodies constituted an additional enforcement player in environmental law?Footnote 116 What if there were not only independent national Data Protection Authorities but also national Environmental Protection Authorities with an institutionalised cooperative mechanism mirroring the European Data Protection Board? Such authorities could interact with, rather than replace, Aarhus-based access to justice, potentially easing standing obstacles by acting as institutional claimants or by supporting NGO litigation.

VIII. Importance of conflicting policy objectives

This section builds on the previous analysis of instruments, funding and enforcement to ask how these different regulatory styles mediate the tension between competitiveness/innovation and the protection of environmental and digital commons. Both environmental and digital policies in the EU are confronted with a recurring dilemma: how to sustain competitiveness and economic growth while protecting shared environmental and informational commons.Footnote 117 Take the green agenda: If international or Union law clearly prioritised one of these objectives, regulatory design could simply follow that hierarchy.Footnote 118 Instead, international environmental lawFootnote 119 tends to embed open-ended balancing clauses and procedural obligations that leave much of the reconciliation to implementing authorities and courts. In European climate law, this is visible too in the emphasis on framework targets, planning, reporting and impact-assessment duties,Footnote 120 while more rigid, risk-based standards are less frequent and mainly reserved for specific high-hazard domains such as chemicals, industrial accidents and certain product-safety regimes.Footnote 121

A similar tension between conflicting or competing policy goals arises when the digital agenda affects the data economy, where the pursuit of data-driven growth collides with the fundamental rights to privacy and data protection.Footnote 122 The tension has been addressed in the various EU data laws over the past decade through detailed regulatory frameworks, however, with a seemingly different balancing and weighing of the interests involved. In the GDPR, the protection of personal data is architecturally central and framed as a condition for trust in digital markets; subsequent data-sharing instruments, by contrast, are more explicitly oriented towards unlocking data for innovation, industrial policy and the functioning of the internal market.Footnote 123 Critics of the GDPR often attack its substantive provisions as overly precautionary and compliance-heavy (thwarting innovation),Footnote 124 claiming that they raise transaction and storage costs and complicate access to large, integrated datasets for training AI systems.Footnote 125

This critique mirrors long-standing complaints in environmental law that the precautionary principle is deployed in ways that slow technological development or impose disproportionate regulatory burdens.Footnote 126 Recent policy initiatives, such as the Commission’s “Competitiveness Compass,” make this recalibration explicit by positioning competitiveness, innovation and security as central organising objectives for the next regulatory cycle, accompanied by commitments to reduce administrative burdens and streamline existing rules. Read together with the withdrawal of several regulatory proposals in the digital field, this signals a political climate in which environmental and data-protection objectives are increasingly mediated through a competitiveness lens rather than treated as simple constraints on growth.Footnote 127

IX. Importance of organising normative foundations

Connected to the tensions between policy objectives in the twin transition are parallel normative debates on the commodification of nature and data. What should we think about regulatory strategies that rely on property rights, market instruments and pricing to discipline the use of environmental resources? Some critics warn that such approaches risk hollowing out intrinsic values and accelerating ecological degradation. Is commodification of nature necessary to prevent the tragedy of the commonsFootnote 128 and an acceptable strategy to reach certain environmental goals,Footnote 129 or not?Footnote 130 EU environmental and climate law reflects this ambivalence: market-based instruments such as emissions trading and biodiversity offsetting coexist with regimes that treat certain environmental goods as non-substitutable and subject to strict public-law protection.

In the digital field, a similar controversy has unfolded around the status of personal and non-personal data and its potential for commodification.Footnote 131 Early calls to treat data as an object of property have largely been rejected in favour of a fundamental-rights-based data protection model,Footnote 132 yet recent legislative initiatives seek to construct a “genuine single market for data” and encourage data sharing as a production factor for competitiveness and innovation. This produces a deliberately ambiguous stance towards commodification:Footnote 133 instruments such as the 2019 Digital Content Directive insist that personal data cannot be reduced to a commodity, yet it implicitly recognises that digital content is effectively exchanged for access to consumer data, and more recent EU data laws seem to embrace a more economic view of data that can be contractualised.Footnote 134 High-profile disputes over “pay-or-consent” models and their compatibility with the GDPR’s requirement of freely given consent further expose the unresolved tension between treating data as a manifestation of fundamental rights and as tradable consideration. The commodification of data therefore remains an ambiguous issue in both law and policy.

Finally, the transformative impact of what are often framed as potential “existential crises” underscores that both environmental and digital law continue to grapple with deeply anthropocentric assumptions. Expanding deployment of AI systems and robotics in work, care and governance contexts prompts questions about human agency, vulnerability and the conditions under which non-human entities might acquire some form of legal personhood or rights-bearing status.Footnote 135 At the same time, the accelerating effects of climate change and biodiversity loss challenge legal orders that still centre human interests and short-term economic welfare and stimulate debates about rights of nature, intergenerational equity and ecological constitutionalism.Footnote 136

Placing humans firmly at the centre of legal protection is therefore being questioned in both literatures and areas of practice, as discussions about standing for natural entities, animals or automated agents illustrate.Footnote 137 For the twin transition, these normative debates are not an abstract afterthought: they shape which interests count in impact assessments, who can appear before courts and how far regulatory frameworks can move beyond compensating human losses to safeguarding the conditions of life for future generations and non-human entities. Leaving these foundational questions unarticulated risks entrenching ad hoc solutions, fragmented across sectors and instruments, that generate contradictions when environmental, consumer, competition and data-protection rules intersect.Footnote 138

X. Conclusion: disconnecting forms of regulation from substantive choices

Our introduction highlighted the frequently asserted link between form and substance. The metaphor of the “twin” transition likewise evokes resemblance and shared defining characteristics. Yet, as this article has shown, its two “twins” rest on markedly different regulatory logics.

Our analysis began by asking who has emerged as the dominant norm setter in fields associated with the digital and green transitions. It highlighted the importance of international law in environmental regulation and its comparative absence in the digital domain. While the EU has established itself as a dominant, largely unilateral norm setter in digital regulation, environmental law continues to operate within a more diverse and fragmented international landscape, notwithstanding the EU’s growing ambition to assume a comparable leadership role in the green transition, particularly in climate law.

Shifting from the question of who sets the norms to how regulation is pursued, Section III explored the prevalence of incentive-based policy making. Digital policy relies predominantly on highly harmonised hard-law instruments, while environmental and climate governance remain characterised by a more mixed toolbox, in which binding obligations coexist with funding-based and programmatic instruments that preserve greater national discretion. Section IV compared the existence of critical junctures in the twin transition, understood as moments of exogenous shock or crisis that open a window for significant shifts in regulatory competences and styles, rather than merely incremental adjustments. While critical events have undeniably impacted EU environmental regulation, we identified critical junctures, such as the Snowden revelations, only in the digital policy where they enabled a broader and more fundamental shift in regulatory approach across the field.

Section V focused on the phenomenon of “act-ification,” understood as the increasing reliance on prominently named EU regulations. At first glance, both transitions appear to converge on this trend. Yet, this formal convergence masks a deeper divergence in regulatory substance, revealing a disconnect between regulatory form and substantive regulatory choices. While regulations in EU digital law tend to impose highly harmonised, top-down frameworks with limited national discretion, regulations adopted in the context of the green transition often retain a more “directive-like”Footnote 139 character. As a result, instruments deployed in the digital transition largely resemble traditional forms of command-based regulation, whereas the green transition exhibits a stronger reliance on incentive-based regulatory techniques, notably through the extensive use of funding-based mechanisms.

These differences further generate instructive points of comparison across the twin transitions. Differences in enforcement architectures are particularly salient. Sections VI and VII highlighted how environmental law has embraced criminal law as a means of fostering compliance with EU law, while digital regulation has generally relied on administrative enforcement, coupled with institutional innovation through independent supervisory authorities. From a comparative perspective, we suggested that each transition could draw lessons from the other. EU digital policy could engage more seriously with the potential role of criminal law in addressing serious digital wrongs, such as large-scale interference with electoral processes. Conversely, independent authorities modelled on data protection authorities could be explored as a means of strengthening compliance in EU environmental and climate law.

Finally, Sections VIII and IX identified commonalities with regard to the unstable normative foundations that underlie both transitions and how the recent de-regulatory turn in EU policy mediates the tension between competitiveness/innovation and the protection of environmental and digital commons. In the aftermath of initiatives such as the Commission’s “Competitiveness Compass,” the recalibration of EU policy has made explicit the repositioning of competitiveness and innovation as central organising objectives for the next regulatory cycle, with implications for both the digital and green transition.

Future research will therefore need to examine whether ambitions under the green transition risk vanishing as competitiveness concerns regain prominence, or whether, for instance, the dense international legal framework of environmental law may operate as a safeguard against the EU’s current de-regulatory turn.Footnote 140 Similarly, in the digital domain, the absence of comparable international constraints raises the question of whether the EU will retain its role as a unilateral norm setter or instead yield to pressure from third countries to scale back its regulation of Big Tech companies.Footnote 141 Beyond such existential concerns for the twin transition, comparative research could further explore whether regulatory techniques developed in one field, such as the risk-based approach in digital lawFootnote 142 or the precautionary principle in environmental law,Footnote 143 can meaningfully inform governance choices in the other, particularly as both transitions are exposed to increasing political contestation and shifting regulatory priorities.

Acknowledgements

The authors would like to thank Paweł Hajduk, Enrique Santamaría Echeverría, Alberto Quintavalla and Chiara Angiolini for their valuable feedback on earlier drafts, as well as the anonymous reviewers for their helpful comments.

Competing interests

The authors have no competing interests to declare.

References

1 E Letta, “Much More Than A Market” (2024).

2 M Draghi, “The future of European competitiveness” (2024).

3 European Commission, “A competitiveness compass for the EU” (2025) COM (2025) 30 final Where the Commission announces a series of measures that should in particular “close the innovation gap” and provide a roadmap for “decarbonisation and competitiveness.”

4 European Commission, “Political guidelines of the commission 2019–2024” (2019).

5 European Commission, “Making Europe’s Businesses future-ready: a new industrial strategy for a globally competitive, green and digital Europe” (2020) Press release <https://ec.europa.eu/commission/presscorner/detail/en/ip_20_416>.

6 S Muench et al., Towards a Green & Digital Future (European Commission Joint Research Centre 2022) <https://doi.org/10.2760/977331>.

7 For more “neutral” justifications and expected synergies of the twin transition see, e.g., E Celeste and G Dominioni, “Digital and Green: Reconciling the EU Twin Transitions in Times of War and Energy Crisis” in F Fabbrini and C A Petit (eds), Research Handbook on Post-Pandemic EU Economic Governance and NGEU Law (Elgar 2024).

8 As experts in EU digital law and policy, our analysis is evidently more in-depth when it comes to the digital twin, and we acknowledge that it may at times be imbalanced but believe that other authors in this special issue will shed more light on the “green” twin. For recent publications on EU digital policy see, e.g., P De Hert, “Post-GDPR Lawmaking in the Digital Data Society: Mimesis without Integration. Topological Understandings of Twisted Boundary Setting in EU Data Protection Law” in D Curtin and M Catanzariti (eds), Data at the Boundaries of European Law (Oxford University Press 2023); V Papakonstantinou and P De Hert, The Regulation of Digital Technologies in the EU: Act-Ification, GDPR Mimesis and EU Law Brutality at Play (Routledge 2024).

9 Whereas instruments such as the Data Governance Act and the Data Act remain largely silent on environmental protection, the AI Act explicitly includes environmental protection among the values guiding its application. See Enrique Santamaría Echeverría, “Integrating Environmental Sustainability into EU Data Law and Governance: The Case of Health Data” (2025) Review of European, Comparative & International Environmental Law.

10 See also A P Victorio, E Celeste and A Quintavalla, “Greening AI? The New Principle of Sustainable Digital Products and Services in the EU” (2024) 61 Common Market Law Review 1019.

11 See, e.g., M Eckardt, “EU Digital Law and the Digital Platform Economy – An Inquiry into the Co-Evolution of Law and Technology” (2025) 6 Review of Evolutionary Political Economy 183.

12 Such as in the case of consumer law, see, e.g. R Schulze and D Staudenmayer, EU Digital Law (2nd Edition, Nomos 2025) who group under the title of EU digital law commentaries on both consumer law directives as well as the more recent Digital Markets Act and Digital Services Act.

13 Such a distinction is warranted, as climate and environmental policy are addressed separately at the institutional level of the European Commission, notably through distinct Directorate-Generals (DG CLIMA and DG ENV).

14 As a necessary methodological choice to further delimit the scope of comparison, our analysis does therefore not extend to EU energy law, despite its central role in decarbonisation and its importance as a regulatory field where both transitions intersect in practice through, for instance, smart energy systems. The energy sector could provide a particular interesting case study to analyse how both transitions are merged in regulatory frameworks. See, e.g., on how AI technologies are increasingly viewed as promising tools to facilitate the transition towards a low-carbon energy system within the EU’s green transition. B E Apráez and M Noorman, “Regulating AI in the “Twin Transitions”: Significance and Shortcomings of the AI Act in the Digitalised Electricity Sector” (2024) 33 Review of European, Comparative & International Environmental Law 367.

15 F Křepelka, “Instruments of the EU Climate Policy” in A Sikora and I Kawka (eds), The European Green Deal and the Impact of Climate Change on the EU Regulatory Framework (Presses universitaires Saint-Louis Bruxelles 2024) pp 29–30.

16 Treaties by the Council of Europe are typically open to accession to non-member States upon formal invitation, see, e.g., the 2001 Convention on Cybercrime by the Council of Europe which has been ratified by non-Member States such as the United States, Colombia, Morocco, or Australia.

17 N De Sadeleer, “The Rule of Law: A Core Premise for the Effectiveness of International Environmental Law” (2024) 15 European Journal of Risk Regulation 572 <https://doi.org/10.1017/err.2024.16>.

18 See, e.g., P De Hert and V Papakonstantinou, “Three Scenarios for International Governance of Data Privacy: Towards an International Data Privacy Organization, Preferably a UN Agency?” (2013) 9 I/S: A Journal of Law and Policy 271, 275–8.

19 United Nations Convention Against Cybercrime, 2024.

20 A Bradford, “The Brussels Effect” (2012) 107 Northwestern University Law Review 1.

21 Bradford argues how global corporations would first adjust their goods to the standards of EU law (“de facto Brussels effect”) and subsequently lobby domestic governments to adopt EU standards to ensure a level playing field with domestic competitors (“de jure Brussels Effect”).

22 Bradford, ‘The Brussels Effect’ (n 17) 43–8.

23 Ibid, 22–6; A Bradford, The Brussels Effect – How the European Union Rules the World (Oxford University Press 2020).

24 P de Hert and V Papakonstantinou, “Framing Big Data in the Council of Europe and the EU Data Protection Law Systems: Adding “Should” to “Must” via Soft Law to Address More than Only Individual Harms” (2021) 40 Computer Law & Security Review 105496, 5.

25 C de Terwangne, “Council of Europe Convention 108 +: A Modernised International Treaty for the Protection of Personal Data” (2021) 40 Computer Law & Security Review 105497, 2.

26 The EU AI Act was adopted earlier than the Council of Europe Framework Convention on AI. The AI Act received final approval from the European Parliament on 13 March 2024 and the Council on 21 May 2024, while the CoE Convention was adopted on 17 May 2024. On the Convention and its wide scope of flexibility and high level of abstraction to ensure wider participation of States, see V Stoyanova, “Council of Europe Framework Convention on Artificial Intelligence: Context, Regulatory Approach and Scope of Obligations” (2025) European Journal of Risk Regulation 1 <https://doi.org/10.1017/err.2025.10070>.

27 On how the 2024 Framework Convention on AI was drafted to appeal not only to European but to as many states worldwide as possible, see, e.g., J Ziller, “The Council of Europe Framework Convention on Artificial Intelligence vs. the EU Regulation: Two Quite Different Legal Instruments” (CERIDAP 2024) <https://ceridap.eu/the-council-of-europe-framework-convention-on-artificial-intelligence-vs-the-eu-regulation-two-quite-different-legal-instruments/?lng=en#post-5410-footnote-ref-22> citing Lorenzo Cotino Hueso, El Convenio sobre inteligencia artificial, derechos humanos, democracia y Estado de Derecho del Consejo de Europa. On the potential worldwide impact of the modernised Convention on data Protection 108+due to its “regulatory appeal” and the “attractive aura” see L A Bygrave, “The “Strasbourg Effect” on Data Protection in Light of the “Brussels Effect”: Logic, Mechanics and Prospects” (2021) 40 Computer Law & Security Review 105460.

28 On the importance of the Lisbon reform for the European data protection framework, see, e.g., H Hijmans, The European Union as a Constitutional Guardian of Internet Privacy and Data Protection: The Story of Article 16 TFEU (2016). On the choice of regulatory instruments in the twin transition, see Sections II and IV of this article.

29 See, e.g., Hijmans (n 25) 122,162 who observes how the broad competence conferred to the EU with article 16(2) TFEU would in principle leave no room for national law.

30 J P Albrecht, “How the GDPR Will Change the World Forword” (2016) 2 European Data Protection Law Review (EDPL) 287.

31 See also with regard to the European Emissions Trading System (ETS) A Bradford, The Brussels Effect - How the European Union Rules the World (Oxford University Press 2020) 227, who argues that through the adoption of the ETS, “the EU hoped to gain the support of the United States and thus to pave the way for subsequent multilateral cooperation,” using EU-level action as a strategic first step to stimulate regulatory developments in international fora.

32 E Woerdman, M Roggenkamp and M Holwerda (eds), Essential EU Climate Law (Second Edition, Edward Elgar Publishing 2021) 25.

33 Ibid, 26.

34 European Commission, “The European Green Deal” (2019) Communication COM(2019) 640 final 22.

35 Advocating in favour of returning “the Union back to its original intent, as a federal body dedicated to economic development through a common and free market”, see L Garicano, B Holmström and N Petit, “The constitution of innovation: a new European renaissance” (The Constitution of Innovation, 10 November 2025) <https://constitutionofinnovation.eu>.

36 See further Section VII. The importance of conflicting policy objectives.

37 Notably, Bradford uses not only European data protection but also branches of EU environmental law to exemplify the Brussels effect – especially in fields were stringent legal standards force exporting companies to comply with the “European” standard across their global production to save production costs: both the regulation of chemicals (Regulation 1907/2006) and hazardous substances and electronic waste (Directive 2011/65) would exemplify this norm-setting capacity of EU environmental policy. At the same time, however, other examples such as the EU emissions-trading mechanism would showcase the limits of the norm-setting capacity of EU environmental policy, i.e., “when the EU pursues aggressive unilateralism in an area that is simultaneously economically salient for foreign jurisdictions and politically controversial.” A Bradford, The Brussels Effect – How the European Union Rules the World (Oxford University Press 2020) 231; See also E P Maat, “How to Be a Green Global Standard-Setter – The EU’s Externalization of the Environmental Integration Principle” in R A Wessel et al. (eds), EU External Relations Law and Sustainability – The EU, Third States and International Organizations (TMC Asser Press 2025) discussing the institutional and policy conditions, and their limits, under which EU environmental measures can operate as tools of external norm diffusion.

38 The European Commission, “European Green Deal Investment Plan” (2020) Communication COM(2020) 21 final should mobilise at least 1 trillion of sustainable investments until 2030.

39 See, e.g., I Gambardella, “EU Governance through Funding: What Consequences for the Scope of Application of EU Fundamental Rights?” (2024) 31 Maastricht Journal of European and Comparative Law 215 <https://doi.org/10.1177/1023263X241283035> observing how “[d]espite the important role that EU funds may play in shaping national policies, the link between EU funds and national measures may not be always sufficient to trigger the application of EU fundamental rights and judicial review before the Court of Justice.”

40 Regulation 2023/1781 establishing a framework of measures for strengthening Europe’s semiconductor ecosystem.

41 L O’Carroll, “EU Nature Restoration Laws Face Collapse as Member States Withdraw Support” The Guardian (25 March 2024) <https://www.theguardian.com/world/2024/mar/25/eu-nature-restoration-laws-in-balance-as-member-states-withdraw-support> accessed 15 January 2025.

42 See European Parliament, “Proposal for a Regulation on the Sustainable Use of Plant Protection Products” <https://www.europarl.europa.eu/legislative-train/theme-a-european-green-deal/file-sustainable-use-of-pesticides-%E2%80%93-revision-of-the-eu-rules>.

43 Stefano Valentino, “EU Poised to Water down New Car Pollution Rules after Industry Lobbying” The Guardian (7 November 2023) <https://www.theguardian.com/environment/2023/nov/07/eu-poised-to-water-down-new-car-pollution-rules-after-industry-lobbying> accessed 15 January 2025.

44 See K Arabadjieva and S Bogojević, “The European Green Deal: Climate Action, Social Impacts and Just Transition Safeguards” (2024) Yearbook of European Law yeae004, 1–2.

45 See in that context the Omnibus proposal amending the Corporate Sustainability Due Diligence Directive (COM[2025] 80 final) which would postpone and alleviate obligations resulting from recent environmental law instruments. See further D N de Sadeleer, “The European Green Deal: Greenwashing Compounded by Deregulation (Omnibus Law) or a Genuine Paradigm Shift?” (2025) European Journal of Risk Regulation 1, 28–30 <https://doi.org/10.1017/err.2025.20> on how political pressure within the EU risk endangering the implementation of the green deal.

46 A Bradford, “Europe’s Digital Constitution” (2023) 64 Virginia Journal of International Law 1.

47 Proposal for a Digital Omnibus on AI regulation (COM(2025) 836 final).

48 See, e.g., J Arnal, “AI at Risk in the EU: It’s Not Regulation, It’s Implementation” (2025) 16 European Journal of Risk Regulation 1168 <https://doi.org/10.1017/err.2025.19>.

49 Regulation 2018/1999 on the Governance of the Energy Union and Climate Action.

50 Regulation 2024/1991 on Nature Restoration.

51 See also L Krämer and C Badger, Krämer’s EU Environmental Law (9th edition, Bloomsbury Publishing 2024) 497 who observe how several EU environmental law instruments, such as the 2000/60/EC Freshwater Directive or Directive 2009/128/EC on the sustainable use of pesticides, would be so vague and general in their content, that an effective protection of the environment would ultimately depend on the political will of each Member State.

52 Ibid, 499 noting how “everybody in the EU knew what a car was and understood the term in the same sense, [but] there would be no uniform definition of hazardous waste.”

53 Křepelka (n 15).

54 Sadeleer (n 45) 21 Referencing a report by the European Court of Auditors which, amongst others, concluded that there would be limited evidence that the Circular Economy Action Plans had influenced circular-economy activities in the Member States; See European Court of Auditors, “Circular Economy: Slow Transition by Member States despite EU Action” 17/2023.

55 See, in general, K Yeung and S Ranchordás, An Introduction to Law and Regulation (Second Edition, Cambridge University Press 2024) 168–75.

56 See G Capoccia and R D Kelemen, “The Study of Critical Junctures: Theory, Narrative, and Counterfactuals in Historical Institutionalism” (2007) 59 World Politics 341, 348 who define critical junctures “as relatively short periods of time during which there is a substantially heightened probability that agents’ choices will affect the outcome of interest.”

57 Examples of such measures are Directive 96/9 on the legal protection of data bases created new copyright protections for databases as a response to the increasing use of digital technology; Directive 2000/31 on electronic commerce which most notably demanded from Member States to ensure that their legal frameworks for offline transactions should equally apply to online transactions and which created specific rules on liability for intermediaries of online services which have been recently replaced by the 2022 Digital Services Act (Regulation 2022/2065); Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector.

58 European Commission, “A Digital Agenda for Europe” (2010) COM(2010)245 final.

59 Ibid, 7.

60 “Proposal for a Regulation on a Common European Sales Law” (2011) COM/2011/0635 final.

61 R Schulze and F Zoll, European Contract Law (Third edition, Nomos 2021) 30.

62 European Commission, “Safeguarding Privacy in a Connected World – A European Data Protection Framework for the 21st Century” (2012) COM(2012) 9 final.

63 Former EU Commissioner Viviane Reding, who spearheaded the GDPR proposal, described the process as resulting in one of the fiercest battles with US tech lobbies Europe had ever seen J Levy-Abegnoli, “Viviane Reding: Data Protection Regulation One More Step towards Digital Single Market” The Parliament Magazine (2016) <https://www.theparliamentmagazine.eu/news/article/viviane-reding-data-protection-regulation-one-more-step-towards-digital-single-market>; This intensity of lobbying is further exemplified by the nearly 4,000 amendments tabled in the European Parliament, see European Commission, “LIBE Committee Vote Backs New EU Data Protection Rules” MEMO/13/923 <https://ec.europa.eu/commission/presscorner/api/files/document/print/en/memo_13_923/MEMO_13_923_EN.pdf>.

64 A Rossi, “How the Snowden Revelations Saved the EU General Data Protection Regulation” (2018) 53 The International Spectator 95 <https://doi.org/10.1080/03932729.2018.1532705>.

65 M D Birnhack and N Elkin-Koren, “The Invisible Handshake: The Reemergence of the State in the Digital Environment” (2003) 8 Virginia Journal of Law & Technology 1.

66 Rossi (n 64).

67 R Bellanova, H Carrapico and D Duez, “Digital/Sovereignty and European Security Integration: An Introduction” (2022) 31 European Security 337, 338.

68 E Celeste, “Digital Sovereignty in the EU: Challenges and Future Perspectives” in F Fabbrini, E Celeste and J Quinn (eds), Data Protection Beyond Borders: Transatlantic Perspectives on Extraterritoriality and Sovereignty (Bloomsbury Publishing 2021).

69 M Husovec, “Rising Above Liability: The Digital Services Act as a Blueprint for the Second Generation of Global Internet Rules From the DMCA to the DSA – A Transatlantic Dialogue on Online Platform Liability and Copyright Law” (2023) 38 Berkeley Technology Law Journal 883 further pinpoints towards the run-up of the 2016 U.S. elections or the European migration crisis leading to increasing hate speech on social media and putting into question Europe’s approach to liability for certain internet intermediaries which had existed since the year 2000.

70 Over the past years, EU digital policy documents consistently evoke Europe’s technological and digital sovereignty. See, e.g., “A European Strategy for Data” COM(2020) 66 final, “White Paper on Artificial Intelligence – A European approach to excellence and trust” COM(2020) 65 final, Decision 2022/2481 establishing the Digital Decade Policy Programme 2030. On the rise of digital sovereignty in European policy discourse, see in general J Thumfart, The Liberal Internet in the Postliberal Era: Digital Sovereignty, Private Government, and Practices of Neutralization (Springer Nature Switzerland 2024) 109–28 <https://doi.org/10.1007/978-3-031-63426-0>.

71 V Lehdonvirta, Cloud Empires: How Digital Platforms Are Overtaking the State and How We Can Regain Control (The MIT Press 2022) <https://doi.org/10.7551/mitpress/14219.001.0001>; Cited by Thumfart (n 70) 112.

72 European Commission, “A European Strategy for Data” (2020) COM(2020) 66 final.

73 For instance, the Data Governance Act should facilitate data sharing through a new framework for “data intermediation services” and “data altruism organizations”; the Data Act creates mandatory access rules to data held by private actors; Common European Data Spaces in sectoral fields, such as health, should facilitate the emergence of “innovative data-driven ecosystems.”

74 I Graef, “Regulating Digital Platforms: Streamlining the Interaction between the Digital Markets Act and National Competition Regimes” in I Graef and B Van Der Sloot (eds), The Legal Consistency of Technology Regulation in Europe (Hart Publishing 2024).

75 For a brief overview of the development of liability exemptions for online intermediaries and how the EU found regulatory inspiration from the US model, see, e.g., Husovec (n 69).

76 Due to their strong influence on the shaping of public opinion and discourse, the DSA stipulates that very large online platforms and search engines may cause societal risks (recital 76) and thus obliges them to assess and take mitigating measures for “any systemic risks (…) stemming from the design or functioning of their services.” New transparency obligations of the DSA are further complemented by Regulation 2024/900 on the transparency and targeting of political advertising which expands categories of information that have to be disclosed in the context of political advertising and by imposing additional obligations on very large online platforms and search engines.

77 This paper does not explore further why climate change has not triggered a similar response. However, this may be linked to the different modalities of policymaking. Environmental events are inherently local, affecting different populations in varying ways – some experiencing rising temperatures, others facing floods. This fragmentation makes it difficult to identify clear critical junctures, unlike in the digital sphere, where issues tend to impact individuals independently of their geographical location.

78 For example, Regulation 1907/2006 concerning the Registration, Evaluation, Authorisation and Restriction of Chemicals (REACH), Regulation 1013/2006 on shipments of waste, or Regulation 2024/590 on substances that deplete the ozone layer. The EU thus seems to mirror a regulatory approach in international environmental law. As observed by De Sadeleer (n 17) 575–6 international environmental treaties “that control the risks associated with trade in a particular category of toxic products (…) have been drafted in a much more precise way.”

79 Regulation 2021/1119 establishing the framework for achieving climate neutrality (“European Climate Law”).

80 See Consolidated Version of the Treaty on the Functioning of the European Union (TFEU) art 288 (“a directive shall be binding, as to the result to be achieved, upon each Member State to which it is addressed, but shall leave to the national authorities the choice of form and methods”).

81 Regulation 2018/841 on the inclusion of greenhouse gas emissions and removals from land use, land use change and forestry in the 2030 climate and energy framework.

82 Křepelka (n 15) 29–30.

83 On those phenomena in EU digital law see Papakonstantinou and De Hert (n 9).

84 Sadeleer (n 45) 3.

85 J. Arnal, “AI at Risk in the EU: It’s Not Regulation, It’s Implementation” (2025) 16(3) European Journal of Risk Regulation 1168–1177. doi: 10.1017/err.2025.19 See, e.g., on the lack of integration between GDPR and DGA De Hert, “Post-GDPR Lawmaking in the Digital Data Society: Mimesis without Integration. Topological Understandings of Twisted Boundary Setting in EU Data Protection Law” (n 9).

86 See, e.g., Directive 76/160/EEC concerning the quality of bathing water which was adopted under the internal market legal basis since the Treaty of Rome did not provide for a legal basis on environmental policy. Authors have thus concluded how in the name of market-making EU legislation has obtained a re-regulatory dimension in areas that lie typically outside its regulatory competences, see, e.g., S Weatherill, “The Limits of Legislative Harmonization Ten Years after Tobacco Advertising: How the Court’s Case Law Has Become a “Drafting Guide”” (2011) 12 German Law Journal 827 <https://doi.org/10.1017/S2071832200017120>; R Schütze, “EU Competences – Existence and Exercise” in A Arnull and D Chalmers (eds), The Oxford Handbook of European Union Law (Oxford University Press 2015); More recently the EU adopted with Regulation 2018/1805 on the mutual recognition of freezing order and confiscation orders not a directive but a regulation in the area of criminal law – a remarkable choice for an area that was traditionally dominated by national law. On the political significance of the regulation and its legal basis see A M Maugeri, “Regulation (EU) 2018/1805: Mutual Recognition of Freezing and Confiscation Orders between Efficiency and Safeguards. “Proceedings in Criminal Matters” and Non-Conviction Based Confiscation” (2024) 15 New Journal of European Criminal Law 164, 167–9 <https://doi.org/10.1177/20322844241239781>.

87 Křepelka (n 15) 30–1.

88 Such lack of involvement is not only problematic in the case of lack of implementation measures, but also when EU law does not allow for future derogations on the national level. See, e.g., P De Hert, “Data Protection’s Future without Democratic Bright Line Rules. Co-Existing with Technologies in Europe after Breyer” (2017) 3 European Data Protection Law Review 20, 28–30 observing how clarifying data protection via democratic deliberation in Member States has become virtually impossible.

89 GDPR, Art. 84(1).

90 The GDPR provisions on administrative sanctions that read as a criminal code with provisions about how administrative sanctions should be determined and a list of administrative data protection wrongs with the amounts of fines going up in relation to the increasing seriousness of the wrong. See P De Hert, “EU Sanctioning Powers and Data Protection: New Tools for Ensuring the Effectiveness of the Gdpr in the Spirit of Cooperative Federalism” in EU Law Enforcement (Routledge 2021).

91 Even in EU cybersecurity law the role criminal law remains limited, an exception being Directive 2013/40/EU on attacks against information systems.

92 For an early analysis of this omission see P De Hert, “The EU Data Protection Reform and the (Forgotten) Use of Criminal Sanctions” (2014) 4 International Data Privacy Law 262.

93 For an overview see P De Hert and G Boulet, “The Co-Existence of Administrative and Criminal Law Approaches to Data Protection Wrongs” in D Wright and P De Hert (eds), Enforcing Privacy. Regulatory, Legal and Technological Approaches (Springer International 2016).

94 De Hert (n 90).

95 CJEU case C-176/03 Commission v Council ECLI:EU:C:2005:542.

96 H Korka-Knuts, “Evaluating Corporate Accountability for Human Rights Violations: The (Uncertain) Efficacy of Administrative Sanctions under the EU Sustainability Due Diligence Directive” (2024) 35 European Business Law Review 498.

97 De Hert (n 90) 378 citing; W Wils, “Is Criminalization of EU Competition Law the Answer?” in K Cseres, M Schinkel and V Floris (eds), Criminalization of Competition Law Enforcement (Edward Elgar 2006).

98 See also H Korkka-Knuts and S Melander, “Contours of a Principled Corporate Sanction Policy in the EU: Exploring a Constitutionally Justified Balance between Criminal and Administrative Sanctions” (2025) 16 New Journal of European Criminal Law 31, 40 <https://doi.org/10.1177/20322844241311108> highlighting the risk that value-neutral monetary sanctions may lead corporations to view compliance purely in economic terms as ‘morally empty sanctioning mechanisms are unlikely to encourage moral and value-based behavioural constraints’; See further H Korkka-Knuts, E Paukku and J Markus, “Reassessing Deterrence: The Effectiveness of Administrative Sanctions across Three EU Regulatory Frameworks” (2025) 50 European Law Review 436.

99 A trend that can be exemplified by a recent CJEU ruling that the fear of misuse of personal data following a cyberattack may constitute non-material damage, giving rise to claims for compensation, CJEU case C-340/21 Natsionalna agentsia za prihodite ECLI:EU:C:2023:986.

100 M Czerniawski and A Stoia, “From the General Data Protection Regulation to the Artificial Intelligence Act: Improving Extraterritorial Enforcement Through Criminal Law” in R Bieda et al. (eds), Legal Challenges of Disruptive Technologies (Nomos 2025) 134–5 with reference to EU Council, The future of EU substantive criminal law – Policy debate, Brussels, 28 May 2019, document 9726/19, p 9.

101 G M Vagliasindi, “The Relationship between EU Criminal Law and Environmental Law” in V Mitsilegas, M Bergström and T Quintel (eds), Research Handbook on EU Criminal Law (Elgar 2024).

102 M G Faure, “The EU Environmental Crime Directive 2024: A Revolution in EU Environmental Criminal Law?” (2024) 36 Journal of Environmental Law 323. Directive (EU) 2024/1203 introduces unlawful ship recycling as a new criminal offence. This offence covers the illegal dismantling or recycling of ships, which was not explicitly listed in the prior 2008 Directive, expanding the scope to address serious breaches in maritime environmental protection. Member States must impose minimum penalties including at least 3 years imprisonment for natural persons in serious cases and fines for legal persons up to €40 million or 5% of global annual turnover, alongside enhanced judicial cooperation across EU state.

103 See B Albuquerque, “The Interplay between Environmental Crime and Corporate Sustainability Due Diligence” (2024) 15 New Journal of European Criminal Law 209, 211 referencing UNEP and Interpol Rapid Response Assessment, “The rise of environmental crime. A growing threat to natural resources, peace, development and security” (UNEP 2016).

104 M Czerniawski and A Stoia (n 100).

105 More in detail on this profound innovative dimension of anchoring data protection authorities in the primary texts, see P De Hert and C Cocito, “The Added Value of Data Protection within the Framework of Digital Constitutionalism in Europe” in G De Gregorio, O. Pollicino and P Valcke (eds), The Oxford Handbook of Digital Constitutionalism (online edn, Oxford Academic, 19 Sept. 2024), section V and also section VI on the possible role of data protection authorities with regard to Dyzenhaus’s grey holes and Cohn’s fuzzy reality.

106 See M Tushnet, The New Fourth Branch: Institutions for Protecting Constitutional Democracy (Cambridge University Press 2021) 186 & 25–41. Tushnet defends adding new branches to the constitutional pallet. The New Fourth Branch: Institutions for Protecting Constitutional Democracy offers theoretical and functional arguments for this development in today’s constitutional world. How can you preserve the Constitution and uphold the laws if new actors and power assemblages surface that the traditional branches cannot control, such as in party-political systems (19th century) and in the global economy with its global IT firms (20th century)? Tushnet focuses on the eroding impact of the party-political system: neither the legislature nor the executive can be trusted to safeguard respect for constitutional and legal provisions since legislatures controlled by one party would not investigate threats to the constitution posed by an executive of their own party, and would exaggerate the threats posed by an executive of the opposition party – and conversely, with executive oversight of threats posed by the legislature. Hence, there is a need for constitutional courts and new branches that, by concentrating within themselves distinctive forms of expertise, deploy that expertise more effectively than the traditional branches can do.

107 See further on the extraordinary position of DPAs and their institutionalised corporation mechanism in form of the European Data Protection Board (the former Article 29 Working Party) S Gutwirth and Y Poullet, “The Contribution of the Article 29 Working Party to the Construction of a Harmonised European Data Protection System”, Défis du droit à la protection à la vie privée (Bruylant 2008).

108 Both terms refer to government officials who are charged with representing disempowered interests in administrative decision-making processes, see D J Levinson, “Looking for Power in Public Law” (2016) 130 Harvard Law Review 33, 117.

109 See, e.g., CJEU Case C-757/22 Meta v VZBV ECLI:EU:C:2024:59 where the court ruled that a breach of the GDPR’s information obligations can serve as grounds for a representative action under article 80(2) GDPR.

110 In CJEU case C-40/17 Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW e.V. it concluded that the Data Protection Directive does not preclude national legislation which allows consumer associations to bring proceedings against a person infringing data protection law. In CJEU C-319/20 Meta v vzbv it further stated that the infringement of a rule relating to the protection of personal data may at the same time give rise to an infringement of consumer unfair commercial practices law. This interaction goes both ways as consumer associations increasingly rely on unfair commercial practices and unfair contract terms law to challenge data collection practices by companies, see P Rott, “Data Protection Law as Consumer Law – How Consumer Organisations Can Contribute to the Enforcement of Data Protection Law” (2017) 6 Journal of European Consumer and Market Law.

111 P de Hert and P Hajduk, “EU Cross-Regime Enforcement, Redundancy and Interdependence. Addressing Overlap of Enforcement Structures in the Digital Sphere after Meta” (2024) 2024 Technology and Regulation 291 In CJEU case C-252/21 Meta v Bundeskartellamt ECLI:EU:C:2023:537 the Court held that authorities other than DPAs may incidentally assess GDPR compliance but should do so in close cooperation with DPAs.

112 Proposal (COM[2023] 348 final) for a Regulation laying down additional procedural rules relating to the enforcement of Regulation 2016/679. On challenges related to GDPR enforcement see, e.g., G Gentile and O Lynskey, “Deficient by Design? The Transnational Enforcement of the GDPR” (2022) 71 International & Comparative Law Quarterly 799.

113 De Sadeleer (n 17) 581.

114 Ibid.

115 On existing challenges related to access to justice in environmental matters in the EU in light of the Aarhus Regulation see, e.g., I Hadjiyianni, “Judicial Protection and the Environment in the EU Legal Order: Missing Pieces for a Complete Puzzle of Legal Remedies” (2021) 58 Common Market Law Review.

116 On recent developments and further reflections see, e.g., M Maurer, “A voice for nature: how to represent nature before courts” (2024) Verfassungsblog <https://verfassungsblog.de/nature-representation-court/> Who reflects on an institutionalised form of representation to give a “firm voice to nature” and references a (controversial) judgment by a German court that argued that subjective rights of nature could be derived from the Charter of Fundamental Rights of the EU.

117 Criticism on data protection and privacy law increasingly relates to their focus on individual interests and attempts to assert individual control over data – instead of focussing more on group privacy or collective control. See, e.g., L Taylor, L Floridi and B Sloot, Group Privacy: New Challenges of Data Technologies (Springer 2016) <https://doi.org/10.1007/978-3-319-46608-8>; S Viljoen, “A Relational Theory of Data Governance” (2021) 131 The Yale Law Journal 573 <https://doi.org/10.2139/ssrn.3727562>.

118 For instance, take a political statement that the European way of life would be unsustainable (see, e.g., Council, “Resolution of the council on a community programme of policy and action in relation to the environment and sustainable development” (1993) 93/C 138/01 noting that “many current forms of activity and development are not environmentally sustainable,” cited by Krämer and Badger [n 51] 492 who further observe how unlike the US, the EU would not have “dared to declare” that our lifestyle would not be negotiable but, in practice, would not behave differently). From such a statement could flow a “hard” regulatory response that outright prohibits or creates stringent regulatory frameworks for a wide variety of commercial activities to bring economic activity more in line with the protection of the environment; See also De Sadeleer (n 17) 582 who observes how “[t]he framing of the weighing of interests has not hitherto been addressed in the general debate on the rule of law, either at the international or the domestic level” but environmental interests would deserve greater weight when “fundamental for the resilience of ecosystems or for the health of the communities.”

119 De Sadeleer (n 17) 574–5.

120 K Kulovesi et al., “The European Climate Law: Strengthening EU Procedural Climate Governance?” (2024) 36 Journal of Environmental Law 23.

121 De Sadeleer (n 17) 575–6.

122 A tension also arises when different fields of law intersect in the regulation of data, as seen in the example of consumer and data protection law. See, e.g., O Hinrichs, “Consumer Law as Second Vantage Point for the Protection of Consumer Data – Protecting or Polluting the Privacy Ecosystem?” (2023) 2023 Revue européenne de droit de la consommation. On tensions between objectives of EU environmental policy and EU digital policy that result from the environmental impact of data-driven technologies and artificial intelligence see, e.g., E S Echeverría, “Integrating Environmental Sustainability into EU Data Law and Governance: The Case of Health Data” (2025) Review of European, Comparative & International Environmental Law.

123 See, e.g., M Finck, “The Maturation of European Data Law: From Fundamental Rights to Economic Rights” in J Adams-Prassl et al. (eds), The Internal Market Ideal: Essays in Honour of Stephen Weatherill (Oxford University Press 2024) <https://doi.org/10.1093/oso/9780192867063.003.0003> writing about a paradigm shift in the more recent digital laws that would transform data “into an object of economic rights, a tradable commodity that can be sold or donated.”

124 B Martens, “Using data as a Production Factor: policy ideas for a new EU data strategy” (Bruegel) Policy Brief 01/2025.

125 Draghi (n 3).

126 N De Sadeleer, Environmental Law Principles: From Political Slogans to Legal Rules (Second Edition, Oxford University Press 2020) 145.

127 European Commission, “A Competitiveness Compass for the EU” (n 4); The recent working programme of the Commission indicates such a trend, see European Commission, “Annexes to the Commission Work Programme 2025: Moving Forward Together: A Bolder, Simpler, Faster Union” (n 64) where thirty-seven proposals have been withdrawn, including the proposals for an AI Liability Directive and the E-Privacy Regulation.

128 On “freedom in a commons brings ruin to all,” see G Hardin, “The Tragedy of the Commons” (1968) 162 Science; R J Smith, “Resolving the Tragedy of the Commons by Creating Private Property Rights in Wildlife” (1981) 1 Cato Journal 439.

129 J Smessaert, A Missemer and H Levrel, “The Commodification of Nature, A Review in Social Sciences” (2020) 172 Ecological Economics 106624.

130 For some it would inevitably lead to nature being ‘reduced to its elements, (…), rivers polluted, (…) the power to produce food and raw materials destroyed’. See K Polanyi, The Great Transformation: Economic and Political Origins of Our Time (Beacon Press 2001); M Paterson, “Commodification” in C Death (ed), Critical Environmental Politics (Routledge 2014).

131 See, e.g., P M Schwartz, “Property, Privacy, and Personal Data” (2004) 117 Harvard Law Review 2056; N Purtova, “The Illusion of Personal Data as No One’s Property” (2015) 7 Law, Innovation and Technology 83.

132 Due the fundamental rights rationale that underpins the European data protection framework, a property-approach to data was regarded by some as “contrary to the theory, history, and practice of European information privacy and would require a concerted effort of dramatic proportions” V Mayer-Schönberger, “Beyond Privacy, beyond Rights – Toward a “Systems” Theory of Information Governance” (2010) 98 California Law Review 1863.

133 The European Data Strategy emphasises the necessity of creating “a genuine single market for data,” the Digital Content Directive 2019/770 asserts that “personal data cannot be considered as a commodity,” Directive 2018(1972) establishing the European Electronic Communications Code recognises that the concept of “remuneration” should encompass situations where users “pay” with data.

134 On the contractualisation of EU data law see M Hennemann et al., “The Data Act Proposal – Literature Review and Critical Analysis” (2023) University of Passau IRDG Research Paper Series No. 23-01.

135 J C Gellers, Rights for Robots: Artificial Intelligence, Animal an Environmental Law (Taylor & Francis 2021) 2.

136 On the conflict between climate policies and liberalism, see, e.g., J Thumfart, “Do We Have to Choose between Liberalism and Surviving Climate Change? Intertemporal Freedom and the Climate Constitution Quadrilemma” (2025) Law, Innovation and Technology 1 <https://doi.org/10.1080/17579961.2025.2593774>.

137 Gellers (n 135); For an early account see, e.g., L Solum, “Legal Personhood for Artificial Intelligences” (1992) 70 North Carolina Law Review 1231 observing how environmental ethics brought questions into focus of whether trees should have standing and hoping that similar discussion will emerge with AI; Arguing against legal personhood for robots, see, e.g., U Pagallo, “Vital, Sophia, and Co. – The Quest for the Legal Personhood of Robots” (2018) 9 Information 230 <https://doi.org/10.3390/info9090230>.

138 Exemplified by tensions that arise when different fields of law shape the regulation of data, see O Hinrichs, “Consumer Law and the Regulation of the Free Flow of Data: Upsetting the Balance of the European Data Protection Framework” (2024) 13 Journal of European Consumer and Market Law 78.

139 Křepelka (n 15).

140 Highlighting such a conflict I Venzke and C Eckes, “The EU’s Proposed 2040 Climate Target Is Illegal: The European Parliament Must Act Accordingly” (2025) European Law Blog <https://www.europeanlawblog.eu/pub/tt160gmg/release/1>.

141 The EU digital regulatory framework has become a focal point of growing transatlantic tensions. Following the imposition of a fine on the platform X for violations of the DSA, US Secretary of State Marco Rubio characterised the measure as “an attack on all American tech platforms and the American people by foreign governments” Liv McMahon, “Elon Musk’s X Fined €120m over “deceptive” Blue Ticks” (5 December 2025) <https://www.bbc.com/news/articles/c4g9kejzvw0o>.

142 See, e.g., G De Gregorio and P Dunn, “The European Risk-Based Approaches: Connecting Constitutional Dots in the Digital Age” (2022) 59 Common Market Law Review 473.

143 Knowing that also the precautionary principle has been subject to a more enabling and restrictive readings in the case law of the CJEU, see C Sobotta, “Recent Applications of the Precautionary Principle in the Jurisprudence of the CJEU – A New Yardstick in EU Environmental Decision Making?” (2021) 21 ERA Forum 723 <https://doi.org/10.1007/s12027-020-00628-4>.