As companies with establishments in the E.U. – including those established outside the E.U. with sufficient nexus to those countries – try to leverage AI systems and other new technologies, they should prepare to comply with myriad new laws that may significantly impact their business operations. In this second installment of a two-part guest article series, Alston & Bird partners Jennifer Everett and Wim Nauwelaerts examine a selection of E.U. digital (transformation) laws that impose cybersecurity obligations on stakeholders located in and outside of the E.U., including the Digital Operational Resilience Act and the Data Act. They also offer practical compliance steps for businesses subject to the E.U.’s new digital laws. In part one, they reviewed the E.U. AI Act, Cyber Resilience Act and NIS2 Directive. See also our three-part series answering top questions about the E.U. AI Act: “Reach and Unique Requirements” (Apr. 24, 2024), “Risk Tiers and Big-Player Transparency” (May 1, 2024), and “Practical Steps and What’s Next” (May 8, 2024).