In 2023 Romania made notable progress in digitalising public services and in digitalising SMEs and continued to have an outstanding performance on FTTP (Fibre to the Premises) coverage. At the same time, despite all efforts, improving basic digital skills across the population and rolling out 5G networks remain challenging, according to the Report on the State of the Digital Decade 2024 (Appendix 3 Romania Executive Summary) issued by the European Commission in July 2024.
The National Action Plan for the Digital Decade for Romania, adopted in October 2024, establishes the national contribution to achieving European objectives, outlining specific policies, measures and actions expected to be implemented by 2030. Romania's targets are the following: 50% of the population should have basic digital skills, the number of TIC specialists should reach 4% of the population, 62% of the country should have 5G coverage, and 100% of public services should be digital, as well as other objectives.
Progress towards each of the 2030 targets is monitored through performance indicators, with the results of the monitoring being reflected in an annual Digital Decade Progress Report adopted by the European Commission.
The R&D certification process has proved being rather cumbersome and bureaucratic (e.g., the need for separate annual certifications for each project, automatic assignment of different experts for the same project in different years, who may request varying information, the need to provide detailed and sometimes irrelevant information to determine and certify an R&D activity). This comes with significant costs and administrative burdens for companies and discourages companies from obtaining R&D certification and applying for tax incentives.
Moreover, taxpayers that have gone through the process, have highlighted the need for more clarity and predictability in terms of the certification procedure, as well as more clarity on the scope of eligible activities. It is important, given the goal of increasing investments in this area, that the methodology in relation to the certification process should not restrict the areas of applicability of the incentives.
The focus should be on the certification of the nature of activities included in the project, rather than on reviewing extensive financial information (particularly if the certification is requested in advance).
The certification process should be simplified, to avoid being disproportionate in terms of supplementary requests formulated by experts, e.g. online evaluation should be possible, while requests for financial information should be subject to limits. These steps would help reduce the additional administrative and bureaucratic burden on taxpayers, which may often discourage them from applying for certification of R&D activities and, by implication, from undertaking R&D projects in Romania.
ENSURING THE CONDITIONS FOR THE DEVELOPMENT OF BROADBAND INTERNET ACCESS SERVICES
The evolution of the retail markets for broadband and TV retransmission services is worrying in terms of the degree of competition and, by implication, in terms of the future consequences for users. Both markets have been dominated by one operator with an increasing market share for a long period (at the end of 2023, one operator had 70% of the broadband market and 78.6% in the cable TV retransmission services market). If this situation continues, there is the risk of a market monopoly.
Given the dominant (or significant) market position of this player, urgent measures are required to encourage the emergence of other providers on to the market. Only by ensuring competitive conditions will it be possible to provide users with good quality services at low prices, throughout the country and thus meet the 2030 connectivity objective of 1GB for all households, undertaken at European level through the Digital Decade Policy Programme.
Achieving the connectivity target mentioned above, as well as the target to cover all populated areas with next-generation high-speed wireless networks with a performance at least equivalent to 5G, requires major investments from operators. As we know, most of the traffic carried over networks is generated by a small number of large digital platforms (such as: Google, Apple, Facebook, Amazon, Netflix, etc.), and the telecom industry has suggested to the EU that it should impose a cost sharing mechanism. The FIC supports this proposal and encourages the Romanian authorities to support the EU’s efforts in this direction.
Another important topic for the telecom industry is the correct application of the legal provisions on the construction, modernisation and rehabilitation of motorways, expressways, national roads and bypasses. Budgets allocated should provide for necessary work to include electronic communication networks. Tariffs for accessing the land along roads and the relevant infrastructure (poles, bridges, and tunnels) should follow ANCOM guidelines.
The Report on the State of the Digital Decade 2024 (Appendix 3, Romania Executive Summary) shows that the rollout of 5G networks is still behind schedule, in Romania. As the deployment of 5G networks is crucial for Romania’s digital transformation and the development of a plethora of IoT and digital technology businesses, we encourage the Government to take the necessary actions and support the accelerated deployment of 5G networks through a range of incentives.
Obligations should be imposed on the dominant operator in the broadband and TV retransmission markets, to ensure fair competition in these markets (wholesale access to the operator's network at prices allowing similar charges to those of the dominant operator to be passed on to customers), in the best interest of consumers.
The Romanian authorities should support the EU’s initiatives to require large digital platforms to bear part of the costs related to telecom networks.
Public authorities should allocate necessary budgets for compliance with the legal provisions concerning the construction of telecom infrastructure along motorways, national roads, expressways and bypasses whenever construction/modernisation/rehabilitation work takes place, while access tariffs should be aligned with ANCOM guidelines (including access to poles, bridges and tunnels).
Local authorities should apply access tariffs, as provided by the legal framework, and should support the development of electronic communications networks by an efficient process of granting building permits.
Lack of coverage in certain areas should be tackled by reducing the restrictions on installing antennas and other elements of the electronic communications networks in the protection areas around military facilities.
The Romanian Government should identify any potential incentives/measures necessary to support the deployment of 5G networks so that Romania will align with the ambitious targets set out in the Digital Decade Policy Programme.
Digital society is facing major changes. As more and more of our day-to-day activities go electronic and digital, very large volumes of our data have become available. This phenomenon is accentuated by both technological and behavioural factors (e.g.: increased use of online services such as e-commerce, e-government, social media, etc.) and was accelerated even more by the pandemic.
Today, many firms are building their business models around the use of this data, especially for advertising, personalised offers and real time customer interactions. This use can also generate services that will benefit both individuals and society in general.
In this context, a user centric privacy framework must be based on a correct understanding of the user’s privacy interests. A consistent user privacy experience should be provided, which establishes familiarity with the privacy implications of applications and services, empowers the user and drives better privacy management while addressing regulatory requirements.
All digital services must comply with the General Data Protection Regulation (GDPR), in effect since 2018, along with newer EU regulations on data governance, digital services, digital markets, and cybersecurity. These include the Data Governance Act (2022), the Digital Services Act (2022), the Digital Markets Act (2022), and the NIS2 Directive (2022), which set strict rules for data use, online platforms, fair competition, and cybersecurity across the EU.
The AI Regulation (EU 2024/1689), now in force, establishes a harmonised legal framework for artificial intelligence, ensuring compliance and ethical AI use. Businesses and policymakers must align with these evolving regulations to maintain data security, fair competition, and responsible AI deployment.
Additional proposals are also advancing, at EU level, for regulation on the European Health Space and in various other digital areas. Similarly to GDPR, the ePrivacy Regulation aims to review and update data protection rules in the electronic communications field, irrespective of whether the service is free or paid for and including all traditional and modern forms of communication. Although discussions took place before May 2018 (when the GDPR became applicable), no final resolution was reached on this issue.
These legislative changes have a significant impact on all companies carrying out activities in Romania, especially in the ITC and digital services sectors. Companies need to gradually adapt their products and services, as well as their internal processes, to ensure compliance with the regulatory requirements. Authorities have provided only limited support for these efforts, while the amount of information and data available on how the authorities apply the norms is limited.
In view of the rapid development of digital uses and growing threats (viruses, spam, etc.), simple tools need to be put in place to help users to cope with, manage and control their personal data and how it is used.
The Government should initiate wide consultations on the impact of new relevant regulation imposed on companies and on the necessary measures to ensure a reasonable and practical adaptation of products, services and companies' processes to achieve compliance.
The Romanian Government should actively participate in discussions related to the finalisation of the proposed regulations on privacy, artificial intelligence and data, as this legislation will represent a significant change of focus to the rules governing digital services. To define the priorities for its participation, the Government should hold thorough consultations with the industry and other relevant actors.
There is a need for increased transparency of the practices of public authorities, such as those of the National Supervisory Authority for Personal Data Processing, to ensure the predictable implementation of existing rules.
Given that companies process large volumes of personal data to carry out business activities, the National Supervisory Authority for Personal Data Processing should issue guidelines on minimum technical and organisational measures which need to be implemented by companies.
EU Regulation No. 910/2014 for electronic identification and trust services (the eIDAS Regulation) is directly applicable in Romania and is complemented by national legislation regulating the use of electronic signatures (Law No. 241/2024 on electronic signatures, GEO No. 36/2021, the Civil Procedure Code). The Electronic Signature Law regulates the legal framework applicable to electronic signatures establishing legal effects for simple, advanced and qualified electronic signatures. Another important piece of legislation is Government Emergency Ordinance No. 36/ 2021, which regulates the use of advanced and qualified electronic signatures in labour relations and in the field of occupational health and safety. This ordinance allows employers to use these types of signatures, as well as electronic seals, for drawing up documents and interacting with public institutions.
In addition, the Civil Procedure Code recognises the validity of electronic signatures, provided that they comply with the applicable special legal provisions. It establishes that documents signed with advanced or simple electronic signatures may, under certain conditions, have the same legal effect as documents signed with holograph signatures. However, traditional notarial procedures continue to apply in cases expressly provided for by law. The law also adopts a proportionate and risk-based approach, which means that the type of electronic signature used depends on the level of risk and importance of the transaction. This approach allows stakeholders to select the type of signature appropriate to their needs. In addition, the law regulates closed electronic systems, which may be owned by entities other than qualified or unqualified trust service providers.
Participants in these systems must be identified with high or substantial assurance, and the systems themselves are subject to periodic audits. In closed systems, parties can agree on the value and legal effects of electronic signatures used for documents signed exclusively within the system. Despite these advances, a successful transition to the new e-signature framework requires addressing practical implementation challenges and raising awareness of the new provisions.
Future implementing rules should be linked to primary legislation and should take into account the need to enable access to the provision of advanced trust services in the easiest possible way and without imposing overly burdensome requirements.
Implementation of rules for unqualified trust services: Clear requirements should be established for the issuance of advanced signatures that do not hinder access to and provision of such services. The notification requirements should be regulated for closed electronic systems and existing systems (e.g. internet/mobile banking applications) should be recognised as closed systems, taking into account that they have already been audited, notified and approved.
Establishment of mechanisms for signature validation: Validation mechanisms should be established for all types of advanced signatures (certificate-based and non-certificate-based), while respecting the eIDAS principles of technology neutrality.
Romania has made progress in its digital transformation by taking steps to implement electronic identity cards (eID) in line with the eIDAS Regulation. On 14 November 2024, the Romanian Government approved an investment of over RON 380 million, funded by the National Recovery and Resilience Plan (PNRR), to modernise the IT infrastructure and promote the use of eID among citizens. This initiative includes the development of 11 online public services accessible through eID (the 11 public services in scope have not yet been determined). The new eIDs will also function as national health insurance cards, consolidating multiple services into a single document.
Acceleration of eID issuance and implementation: The rapid issuance of eID cards to all citizens should be ensured, and support provided to ease the transition. Integration of the electronic signature in the chip of the electronic ID cards should be ensured.
The development of the 11 online public services accessible through the e-ID card should be encouraged, according to their relevance and purpose to increase the attractiveness of the e-ID card. The impact on associated administrative processes should be understood, and the incorporation of eID authentication into private enterprise systems should be promoted.
The new ID cards should be promoted to the public: Campaigns should be run (public-private partnership) to educate citizens and businesses on the benefits and functionalities of eIDs, to encourage widespread adoption.
The gap between digitisation efforts and traditional notary procedures should be addressed. The integration of eIDs and QES into notarial procedures should be encouraged to enable them to be carried out remotely and securely.
The European Regulation on electronic identification, authentication and trust services (eIDAS 2.0) entered into force on 20 May 2024.
This regulation requires all EU Member States to provide a digital identity wallet within 24 months (by November 2026). This wallet allows EU citizens, residents and businesses to identify and confirm personal information (e.g. from official documents) online and offline.
Integration of the European Digital Identity Wallet into the national eID infrastructure: Compatibility should be ensured between the Romanian eID card and the European Digital Identity Wallet to facilitate access to services.
Promotion of cross-sectoral collaboration: The benefits and functionalities of the European digital identity portfolio should be promoted to private sector stakeholders (e.g. banks, telecommunication companies, etc.) with the aim of extending its use beyond public services.
Promotion campaigns for the public: Campaigns should be run to educate citizens and businesses on the benefits of the wallet and how to use it.
Romania, regional e-commerce hub
Romania’s e-commerce sector has grown rapidly, benefiting both consumers and businesses through convenience, accessibility, and product variety. In 2024, 72.9% of Romanian internet users made online purchases, a 5% increase from the previous year, with rural adoption reaching 67.3% due to improved internet services and lower delivery costs. The sector has created jobs, contributed significantly to the economy, and offers a more energy-efficient alternative to traditional commerce.
Romania ranks third in Central and Eastern Europe in e-commerce value, following Poland and the Czech Republic, with an estimated market worth EUR 11.7 billion in 2024, or 3.4% of GDP. The sector has proven adaptable, supporting digitalisation and cross-border expansion. Romania’s Schengen accession in 2025 is expected to accelerate trade within the Single Market. Moreover, the NRRP, with EUR 6 billion allocated for digitalisation, has the potential to be a key driver for the local digital economy if implemented effectively, alongside regulatory and enforcement measures to maximise the return on investment.
However, challenges remain, particularly in fully digitalising retail, enhancing digital skills, and supporting SMEs in cross-border sales. The lower number of SMEs with online sales compared to other EU countries highlights untapped growth potential. Addressing unfair competition from non-EU platforms is crucial to ensuring Romania’s digital economy reaches its full potential.
Source: NSI
Acceleration of Digital Transformation: A coherent and unified approach should be adopted to integrate digital transformation policies across ministries, with clear monitoring and evaluation, while fostering closer collaboration with the business sector.
Balanced Regulations and Effective Enforcement: National regulations should be aligned with EU standards, while the imposition of unnecessary regulatory burdens on businesses should be avoided. Enforcement should be strengthened to ensure fair competition and a level playing field for all platforms.
Increased Digital Adoption: Digital behaviour should be encouraged by providing digital identities for accessing online public services, promoting digital payments, simplifying public services, as well as investing in digital education and workforce training to meet future technological demands. Targeted support should be provided for SMEs to expand online, enhance their digital capabilities, and bridge the urban-rural divide.
Enhancement of Internationalisation: Export support programs should be implemented, including nationwide awareness campaigns, to help SMEs access funding, encourage cross-border e-commerce adoption, and improve logistics infrastructure, all aimed at boosting business competitiveness and expansion.
Romania's current national strategy for AI (2024-2027) outlines various priorities, including ethical governance, education, and infrastructure development. The strategy emphasises the need for financing AI initiatives and establishing a national research and innovation system in AI. It proposes the development of a governance and regulatory system for AI, ensuring that Romania aligns its regulations with European standards. There is a focus on supporting education in research, development, and specific AI competencies.
The strategy includes measures for facilitating the adoption of AI across public administration and the importance of engaging in international cooperation and establishing partnerships with countries which are leaders in AI.
Data Sharing Initiatives from Public Data Systems: A national data lake should be developed linked to existing government databases (e.g., health, transport) for secure, anonymised AI research access.
Building an AI-Ready Workforce: AI literacy should be integrated into school and university curricula to ensure a robust and sustainable AI ecosystem capable of driving innovation and capable of identifying AI-related risks.
Ethical Guidelines and Standards: Companies deploying AI (e.g., in HR, finance) should be required to adopt ethical principles (transparency, non-discrimination) demonstrated through mandatory impact assessments.
Raising Public Awareness: Campaigns should be initiated to inform citizens and businesses about the benefits of AI, its ethical use, and practical applications in daily life, as well as its risks and how to keep safe against AI threats (ex. Deepfake images/videos).
Romania has made strides in improving its cybersecurity posture, particularly through the implementation of the National Cybersecurity Strategy and alignment with EU directives, including the transposition of Directive (EU) 2022/2555 (NIS2 Directive). However, challenges remain, including the need for stronger public-private partnerships, enhanced incident response capabilities, and increased investment in cybersecurity infrastructure. The growing sophistication of cyber threats necessitates a proactive approach to safeguarding critical infrastructure and sensitive data.
Enhancement of the National Incident Response Network: Private sector expertise should be leveraged and resources integrated with CERT-RO to create regional cyber response units, for swift, localised action, and tax incentives or research grants offered to participating companies.
Raising Public Awareness: Nationwide campaigns should be launched to educate citizens and SMEs on basic cybersecurity practices, such as phishing prevention and secure password use.
Cybersecurity Workforce Development: Educational institutions and private industry sjould be encouraged to create specialised training programmes and internships focused on cybersecurity skills development.
Cybersecurity Incentives Program for SMEs: Tax incentives should be offered to SMEs adopting certified cybersecurity tools (e.g., firewalls, endpoint protection) and cybersecurity audits delivered by accredited firms should be subsidised.