Shared Competence

Shared competence is a unique power division in the EU. According to Article 2(2) of the Treaty on the Functioning of the European Union (TFEU), both the EU and its member states can legislate in these areas. However, member states can only exercise their competence to the extent that the EU has not exercised, or has decided to cease exercising, its own. Key areas are defined in Article 4, including the internal market, environment, transport, energy, and cybersecurity.

Taiwanese companies must pay close attention because the EU often enacts regulations with extraterritorial effect in areas of shared competence (e.g., digital market, cybersecurity). Regulations like GDPR, NIS2, DORA, or the CRA directly impact Taiwanese supply chain vendors. If designated as a provider of essential services or critical infrastructure, or if processing EU residents' data, they must meet strict security and resilience requirements, facing heavy fines and market access barriers for non-compliance.

Shared competence is directly related to several EU regulations, such as the General Data Protection Regulation (GDPR), the Network and Information Systems Security Directive (NIS2 Directive), the Digital Operational Resilience Act (DORA), and the Cyber Resilience Act (CRA). Companies can implement international standards like ISO/IEC 27001 (Information Security Management), ISO/IEC 27701 (Privacy Information Management), and ISO 22301 (Business Continuity Management) to build a framework that meets these EU requirements.

Compliance with EU regulations is not just a legal or IT task; it's a systemic challenge involving governance, compliance, operations, and technology. As Taiwan's first consultancy to integrate ERM, industrial engineering, tech law, data science, and IT, Winners Consulting excels in this area. Our interdisciplinary team, grounded in preventive law, helps clients seamlessly integrate EU requirements into their existing ISO management systems and internal controls, avoiding redundant efforts while ensuring compliance and enhancing digital resilience.