> Isn't this true of any complex law anywhere? The interpretation varies and is eventually decided upon by the courts and following that sometimes additional rectifying legislation.
Yes, but it'd definitely be nice if the lawmakers put some effort into avoiding it. E.g. by considering, whether we really need one more law for this situation (which is probably covered by 20 others anyway)
> I'm curious about what you mean here, do you have any specific examples?
There are many, a famous example was the regulations with regards to size and shape of fruits and vegetables, one example here for bananas: https://en.wikipedia.org/wiki/Commission_Regulation_(EC)_No.... but there are many more. Standards to this level of details is definitely uncalled for.
But you can find these tidbits around a huge amount of legislation. See e.g. section (20) of the ePrivacy directive:
"(20) Service providers should take appropriate measures to safeguard the security of their services, if necessary in conjunction with the provider of the network, and inform subscribers of any special risks of a breach of the security of the network. Such risks may especially occur for electronic communications services over an open network such as the Internet or analogue mobile telephony. It is particularly important for subscribers and users of such services to be fully informed by their service provider of the existing security risks which lie outside the scope of possible remedies by the service provider. Service providers who offer publicly available electronic communications services over the Internet should inform users and subscribers of measures they can take to protect the security of their communications for instance by using specific types of software or encryption technologies. The requirement to inform subscribers of particular security risks does not discharge a service provider from the obligation to take, at its own costs, appropriate and immediate measures to remedy any new, unforeseen security risks and restore the normal security level of the service. The provision of information about security risks to the subscriber should be free of charge except for any nominal costs which the subscriber may incur while receiving or collecting the information, for instance by downloading an electronic mail message. Security is appraised in the light of Article 17 of Directive 95/46/EC."
This is all good and fine advice. But for a small company it's really not clear when it's appropriate to give advice on proper security habits for users. More, the vast majority of companies, dealing with communication, will be completely unaware of this law (and the 1000s of others similar provisions in other laws). This level of detail and vagueness should definitely not be in legislation.
A third recent example is the infamous AI act:
https://www.europarl.europa.eu/news/en/headlines/society/202...
See e.g. any AI system used in education need to be registered in a EU registry. In general there is a lot of good intentions, but there is simply no clear reason why there is a need for special regulation on AI. Everything that is forbidden to do without AI is also forbidden with AI. But EU constantly sees the need to spin new regulation, and all companies without an army of lawyers will be breaking one rule or another entirely without intent.
And these were just the ones on top of my mind. Go dig yourself, there are hundreds of thousands of pages of it.
