Regulation 2021/821 establishes that the export of dual-use items used for both civilian and military applications is subject to control, and these goods may not leave the EU customs territory without an export authorisation. Annex I identifies a range of dual-use items that face either authorisation requirements or outright bans for exportation outside of the EU, which include electronics, computers, telecommunications and information security. Regulation 2021/821 replaces the previous regulation on the matter (Regulation (EC) No. 428/2009), as subsequently amended and implemented by Regulation (EU) No. 1232/2011 and Delegated Regulation (EU) 2018/1922, respectively.

The Trade Secrets Directive (EU) 2016/943 protects trade secrets while also allowing for disclosure of trade secrets for reasons of public interest, either to the public or to public authorities in the performance of their duties. Art. 1.2 states that "this Directive shall not affect: [..] (b) the application of Union or national rules requiring trade secret holders to disclose, for reasons of public interest, information, including trade secrets, to the public or to administrative or judicial authorities for the performance of the duties of those authorities."
Moreover, Art. 5 stipulates that Member States shall ensure that an application for the measures, procedures and remedies provided for in this Directive is dismissed where the alleged acquisition, use or disclosure of the trade secret was carried out in any of the following cases for revealing misconduct, wrongdoing or illegal activity, provided that the respondent acted for the purpose of protecting the general public interest.

Regulation EU 2019/1150 on promoting fairness and transparency for business users of online intermediation services (the Platform to Business Regulation) requires the disclosure of certain features of algorithms, which may constitute trade secrets. Art. 5 stipulates that online intermediation services must disclose the main ranking parameters and their relative importance to business users through terms of service, while online search engines need to make similar disclosures publicly. The Commission's December 2020 guidance on ranking (§82) argues that providers cannot refuse to disclose the main parameters based on the sole argument that these constitute a trade secret.

The Digital Services Act (DSA) envisages research access to data under confidentiality obligations, as well as access to algorithms and explanations by regulators. It is reported that certain requirements in the DSA create uncertainty in relation to trade secret protection, as very large online platforms can be under an obligation to open access to their (confidential) data. Art. 25 defines very large online platforms as those platforms that reach an average monthly active recipient of the service in the Union equal to or higher than 45 million.
Art. 31 of the DSA provides a framework for compelling access to data from very large online platforms to competent national authorities (“Digital Services Coordinators”) to monitor and assess compliance with the Regulation. The Digital Services Coordinator may also request large online platforms to provide access to data to vetted researchers for researching and identifying systemic risks as set out in Art. 26(1). Such a requirement may include, for example, data on the accuracy, functioning and testing of algorithmic systems for content moderation. All requirements for access to data under the framework should be proportionate and appropriately protect the rights and legitimate interests, including trade secrets and other confidential information.
Moreover, according to Art. 31(6), a platform may apply to amend the data request if it will lead to “significant vulnerabilities for the protection of confidential information.”

The EU has attached the WTO Telecom Reference Paper to its schedule of commitments.

The EU's General Data Protection Regulation (GDPR) considerably expands the scope of EU privacy rules. In addition to companies established in the EU, the Regulation applies extraterritorially to companies offering goods or services to data subjects in the EU and companies that monitor the behaviour of EU citizens (Art. 3).
The Regulation mandates that data is allowed to flow freely outside the European Economic Area (EEA) only in certain circumstances listed in Chapter 5 of the Regulation. The main conditions for such a transfer are the following: the recipient jurisdiction has an adequate level of data protection; the controller ensures adequate safeguards (for instance, by using model contract clauses, binding corporate rules or other contractual arrangements); the data subject has given his/her consent explicitly; or, the transfer is necessary for the performance of a contract between the data subject and the controller.
The GDPR allows for data transfers to countries whose legal regime is deemed by the European Commission to provide for an “adequate” level of personal data protection. The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, the United Kingdom, and Uruguay as providing adequate protection. In addition, the EU-US Data Privacy Framework has acted as a self-certification system open to certain US companies for data protection compliance since July 2023.

The European Union has joined agreements with binding commitments to open transfers of data across borders: the Trade and Cooperation Agreement between the European Union and the European Atomic Energy Community, of the One Part and the United Kingdom of Great Britain and Northern Ireland, of the Other Part (Art. 201), and the EU-New Zealand Free Trade Agreement (Chapter 12, Art. 12.4)

In November 2021, The European Commission imposed a definitive anti-dumping duty under the Implementing Regulation (EU) 2021/2011 on imports of optical fibre cables (CN code ex: 8544 70 00) from China. The original duty of 44% was amended in January 2022 by the Implementing Regulation (EU) 2022/72, establishing a duty on imports of 33.7%, applicable until November 2026.

In January 2022, the European Commission imposed a countervailing duty under the Implementing Regulation (EU) 2022/72 for imports of optical fibre cables (CN code ex: 8544 70 00) from China. The rate of duty on imports from China is 10.3%, applicable until January 2027.

In January 2022, the European Commission imposed a minimum import price and anti-dumping duties on flat-rolled products of grain-oriented silicon magnetic steel, which is an important material in the production of energy-efficient transformers and large high-performance generators. The measures apply to imports from China, Japan, the Republic of Korea, the Russian Federation, and the United States of America. This is a continuation of measures first introduced in May 2015 by Implementing Regulation (EU) 2015/1953. The minimum import prices (MIPs) currently in force range between 1,536 EUR/tonne to 2,043 EUR/tonne. They apply to the individually named exporting producers for which individual dumping margins were established from all the countries concerned. If the CIF Union border price is equal to or above the MIP, no duty is payable. Only if import prices are below this level are anti-dumping duties imposed, set at the difference between the import price and the minimum import price, up to a maximum ranging from 21.5% to 39% of the import price. The system of minimum import prices and anti-dumping duties was introduced in 2015, while the level of duties was adjusted in 2022.

In July 1990, the European Commission imposed a definitive anti-dumping duty on imports of silicon metal (HS Code: 280469) from China, which is also used in the production of silicon compounds and silicon wafers for electronic semiconductors. This measure was first extended to imports from the Republic of Korea, regardless of their declared origin, under Council Regulation (EC) No 42/2007. In 2013, it was further extended to imports from Taiwan, again irrespective of their declared origin, by Council Implementing Regulation (EU) No 311/2013. This measure was last extended in August 2022. The rate of duty is 16.8% of the net free-at-Union-frontier price, with the exception of the company Datong Jinneng Industrial Silicon Co., whose exports are subject to a duty of 16.3% of the net free-at-Union-frontier price.

The International Procurement Instrument (IPI) introduces measures limiting the access to open EU public procurement tenders of non-EU companies from countries that do not offer similar access to EU companies. The measures apply to tenders worth at least 15 million Euros for works and concessions and 5 million Euros for goods and services, such as the purchasing of computers.
Pursuant to Art. 5, the IPI enables the Commission to investigate third-country measures or practices adopted or maintained by public authorities or individual contracting authorities, which result in a serious and recurrent impairment of access of Union economic operators, goods or services to the public procurement or concession markets of that third country. When the Commission finds that a third-country measure or practice exists, it may adopt an IPI measure that requires contracting authorities or contracting entities to impose a score adjustment on tenders submitted by economic operators originating in that third country or exclude tenders submitted by economic operators originating in that third country.
The Regulation is yet to be implemented by EU Member States. Typically, the implementation by Member States takes 18–24 months on average after adoption.

Although the European Union is a signatory to the WTO Government Procurement Agreement (GPA), its coverage schedules do not include "telecommunications-related services" (CPC 754), which is an important sector for digital trade.

The European Union is a signatory of the World Trade Organization (WTO) Information Technology Agreement (ITA) of 1996 and its 2015 expansion (ITA II).