The effects of recent EU regulations on software development

Abstract

European Union (EU) has increased its presence in the field of software development with the adoption of the Digital Decade program. The goal of EU is to make EU citizens more proficient with digital technologies and make sure that companies develop new systems using the latest technologies whilst being responsible with that technology and the data that they collect from the EU citizens. This thesis set out to find what changes recent EU regulations like GDPR (General Data Protection Regulation), DORA (Digital Operational Resilience Act) and AI (Artificial Intelligence) Act have caused to software development and how these necessary changes can be accomplished. This thesis used literary review and interviews as research methods. GDPR and the AI Act were reviewed and a list of requirements were formed based on them. The requirements were categorised into two different categories based on if they affect more the developed system, or the development process itself. The interviews were conducted in a semi-structured manner where the list of requirements was also provided to the interviewees and they were asked about the different requirements. It was found that software developers need to create systems and practises that have previously been considered good practises, as they have been included in the recent regulations as mandatory. Literary analysis also found that developers need to be aware at all times, what the developed systems are capable of, and they need to communicate to the users what the intended use cases are. The interviews confirmed these findings and also noted, that EU seems to include similar requirements in different regulations. The process of adopting new techniques and methods is complex and companies need to start the preparation process for the adoption of the regulations early. Without coordination within the company, the adoption of regulations can be become much more difficult as without it different teams try to solve the same problems, which would lead to unnecessary conflicts.