You want EU users, so you sort out GDPR, and you figure that's the EU handled. I thought exactly that.
I'm building a search engine of sorts, and I wanted it to serve people in the EU. GDPR was the obvious homework, so I did the reading. Somewhere in the footnotes I hit an acronym I didn't recognize. Then another. I ended up going down a rabbit hole.

The one that caught me
The Digital Services Act (DSA) governs online intermediaries — hosting, marketplaces, social platforms, and search engines. It has been fully applicable since February 17, 2024.
The rest of the shelf
Behind it sits the Cyber Resilience Act, which puts the security of any product with digital elements on the manufacturer. It phases in over the next couple of years, with the main obligations landing in December 2027. And behind that, more — a finance-only act, sector-specific ones, others that only bind once each country writes them into national law.
The EU digital rulebook is a whole shelf, and most of us outside a compliance team don't even know the shelf is there.
So I built a scoper
You answer a few questions about your organization, and it shows which regulations may apply — with the articles that define each one's scope, the dates, and a link to the official text.
- ~2 mins
- Runs in your browser
- Stores nothing
- Needs no account
Try it: EU Regulation Scoper.
Which rules were you surprised to see?