We are in the middle of the Digital Decade. The period in which the European Union not only encourages digitalisation, but also frames it, sets targets for 2030 and monitors progress annually. With new rules for AI, data, cybersecurity and digital products, this has long stopped being just about innovation. Companies increasingly need to explain their innovations and back them up legally.
That pressure is felt most at companies that build things. Not just software or hardware, but products where sensors, software, data, connectivity and sometimes AI come together in a single system. Nowhere is that more recognisable than in the Brainport region, where development happens at the intersection of technology, data and digitalisation.
Why does it get more complex when technologies converge?
Take a smart medical device. A device that measures, software that analyses, a dashboard for care providers and perhaps a connection to other systems. Suddenly you are dealing with multiple frameworks at once: privacy rules, regulations for medical devices, cybersecurity requirements for digital products and, depending on the application, also rules around AI.
For products like these, thinking one law at a time often falls short. Not because Brussels has failed to set things up neatly, but because the rules hit different parts of the same system. One law looks at the product. Another at the software. Yet another at the personal data, the security or the organisation's role in the chain.
In a physical product where software, data and connectivity are part of a single system, drawing boundaries becomes harder. Not because there are more rules, but because they cut across different layers.
Which law affects which part of your product?
That makes practice stubborn. Because the question is not just: which law applies here? But: which part of my product does this law actually touch? The design? The security? The (personal) data? The documentation? Or the oversight after market launch?
Approaching regulation law by law gets complicated, especially when your product has five technology layers. A product-first approach works better. Start with what you are building and what happens at the technology level. Only then ask: which rules hit which layer, and where do obligations stack up?
New rules are rolling out in phases. If you are building, designing or scaling now, you are making decisions in a legal landscape that keeps getting denser. Waiting until everything is clear is not an option. You need to spot the legal pressure points early, not when your product or service is nearly finished, not when a client starts asking questions, and certainly not when a regulator or notified body comes looking.
Why Brainport specifically?
In a region where many complex products are being built, the legal challenge rarely sits in a single law. The real challenge lies in the overlap and the question of how rules interact. In Brainport, many teams are working on systems where hardware, software, data and connectivity converge. The medtech sector alone counts more than 350 companies in the region. A lawyer who can only think law by law is not much use here. You need someone who looks at what you are building, how it works and where the legal weight sits in that product.
That is also why we are in Eindhoven. Not just to be close to clients, but because the questions in this region are often different: more intertwined with the product or service itself, and rarely neatly contained.
Are you working in Brainport on a product or service where software, data, connectivity or AI come together? Or are there other questions you want to think through with us? You are very welcome to visit us at our office in the Lichttoren in Eindhoven.
