EU legislative process

This subtopic contains a range of resources relating to EU legislative process, procedures and principles relevant to the types of legislation which fall under the umbrella of EU law, including:

•
EU Treaties (and all their amendments)
•
Regulations
•
Directives
•
Decisions
•
Opinions and Recommendations
•
Tertiary legislation (including implementing and delegated legislation)

EU law is developed further by the case law of the Court of Justice of the European Union and legal principles developed by it.

The EU is based on the rule of law. Actions taken by the EU are founded on Treaties approved voluntarily and democratically by all Member States. Under the principle of conferral, if a policy area is not cited in a treaty, the European Commission cannot propose a law in that area as it is not an EU competence.

There are different types of EU legal documents. A treaty is a binding agreement betweenMember States setting out EU objectives, rules for relevant EU institutions, how decisions are made and the relationship between the EU and its Member States. Amendments allow for EU enlargement, and areas of co-operation.

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest EU Law News

European Commission releases November 2025 infringement package

The European Commission has published the November 2025 infringement package, which sets out the EU Member States the Commission is taking action against for failing to comply with their obligations under EU law. The November 2025 package includes letters of formal notice, reasoned opinions, and Court of Justice referrals issued to Poland, Slovakia, Malta, the Netherlands, Portugal, Bulgaria, Lithuania, Sweden, Greece, Italy, Germany, Spain, Latvia, Estonia, Hungary, Austria, Czechia and others across a range of policy areas, including the Water Framework Directive, the NEC Directive, the Birds and Habitats Directives, and rules on public procurement, firearms, cybercrime, energy and buildings, transport, and financial services.

Council of the EU agrees directive harmonising insolvency law across member states

The Council of the EU and European Parliament negotiators reached provisional agreement on a directive harmonising insolvency law across EU member states. The directive establishes common rules on avoidance actions, asset tracing through bank account registers, mandatory pre-pack proceedings, directors' duties to file within three months of financial distress and creditors' committees. Member states have two years and nine months to transpose the directive into national law, replacing the current system where cross-border investors must navigate up to 27 different national insolvency regimes.

Commission presents Digital Justice package 2030 strategy

The European Commission has presented the Digital Justice package 2030, comprising the DigitalJustice@2030 Strategy and the European Judicial Training Strategy 2025-2030. The DigitalJustice@2030 Strategy outlines 14 actionable steps to help Member States implement artificial intelligence and digital tools in justice systems, including promoting exchange of best practices among Member States, developing a toolbox for sharing IT and AI tools, boosting the European Legal Data Space to facilitate online access to legislation and case-law, and conducting a study on cross-border videoconferencing interoperability challenges. The European Judicial Training Strategy 2025-2030 aims to equip justice professionals with digital skills through practical training on digital case management systems, cross-border cooperation tools and secure communication technologies. The strategy includes training on EU digital law application, including Regulation (EU) 2022/2065 (EU Digital Services Act). The package builds on the 2023 Digitalisation Regulation and contributes to the EU's Digital Decade Policy Programme, which aims to make all key public services available online by 2030.

Finnish SA fines S-Bank €1.8m for mobile banking authentication vulnerability

The Finnish Supervisory Authority (SA) has fined S-Bank EUR 1.8m and issued a reprimand for breaches of the EU General Data Protection Regulation (EU) 2016/679 (EU GDPR) after investigating a personal data breach reported in August 2022. The breach occurred when a new login function introduced in April 2022 contained a software flaw allowing customers to access others’ online banking accounts using strong authentication, leaving the vulnerability exploitable for more than three months and affecting a significant number of users. The SA found that S-Bank had failed to implement adequate safeguards, properly test the software, or respond appropriately to customer reports of login anomalies, violating Articles 5(1)(f), 25(1), 32(1), and 32(2) of the EU GDPR. The penalty reflected the seriousness of the breach, the protection of individuals’ rights, a prior reprimand, and consideration of a related EUR 7.67m fine imposed by the Finnish Financial Supervisory Authority in May 2025 for negligence in managing operational risks.