The European Commission’s proposed Digital Networks Act (DNA) largely preserves the core of the EU open internet framework, but it quietly reshuffles the institutional and technological balance of power. It keeps the essential user rights and non‑discrimination principles of the 2015 Open Internet Regulation (Regulation (EU) 2015/2120), yet it reframes them within a much broader regulatory architecture for electronic communications networks and services. This shift matters: it does not overturn net neutrality, but it changes who will refine it in practice and how future technologies like 5G slicing and specialised services will be treated.

From a “stand‑alone” Open Internet Regulation to an integrated networks code

The Open Internet Regulation (OIR) of 2015 was, in essence, a single‑issue instrument: it coupled rules on open internet access with retail roaming and intra‑EU communications, but its normative centre of gravity was the protection of net neutrality. Article 3 defined end‑user rights, constraints on commercial practices, and the framework for traffic management and “specialised services”, while Article 5 set out monitoring and enforcement duties for national regulators.

The DNA proposal takes that same core and embeds it in a comprehensive regulation for digital networks. Open internet access is no longer the star of the show; it becomes one chapter among many, alongside provisions on market access, network deployment, quality of service, security and universal connectivity. The text of DNA Article 93, which safeguards open internet access, is recognisably the descendant of Article 3 OIR. The structure is the same:

• First, a broad statement of end‑user rights to access and distribute information and content, to use and provide applications and services, and to use terminal equipment of their choice.
• Second, a clause ensuring that contracts and commercial practices – including price, data volumes or speed – cannot limit those rights.
• Third, a non‑discrimination obligation on traffic, coupled with a narrow set of justified traffic management measures and an explicit link to data protection law.
• Fourth, a framework for services other than internet access services, optimised for specific content or applications (the so‑called specialised services).

At first glance, this continuity suggests that nothing material changes for net neutrality. But situating these provisions inside a broader networks regulation matters in two ways. First, the DNA makes open internet a piece of a larger quality‑of‑service and network performance puzzle, not just a stand‑alone consumer‑rights instrument. Second, it provides new hooks for the Commission and BEREC to shape, measure and enforce open internet obligations through implementing acts, templates, and detailed guidelines.

User rights and commercial practices: continuity in substance, new context in form

Substantively, the DNA does not relax the core protections that made the EU’s net neutrality regime relatively strict by global standards. End‑users keep the right to access and distribute information and content and to use applications and services of their choice, regardless of the sender, receiver, or location. Agreements and commercial practices cannot undermine these rights. This is effectively the same legal formula as in Article 3(1)‑(2) OIR, which was the backbone of the Court of Justice’s case‑law on zero rating and discriminatory offers (see below).

What changes is the regulatory context. Under the OIR, the main tools to give teeth to these provisions were:

• BEREC’s Net Neutrality Guidelines, which interpreted the principles and guided national regulatory authorities (NRAs).
• Case‑by‑case enforcement by NRAs, subject to judicial review.
• Gradual case‑law from the Court of Justice, especially on zero rating.

Under the DNA, open internet rights are directly linked to broader quality‑of‑service (QoS) powers. NRAs are explicitly empowered to impose technical requirements, minimum QoS obligations and “other appropriate and necessary measures” on providers of electronic communications to the public, not just on internet access providers narrowly defined. The monitoring and reporting regime is strengthened and synchronised, with periodic operator reporting and BEREC‑level synthesis.

In practical terms, the DNA moves from a primarily “defensive” model (preventing degradations and discriminatory practices) to a more “pro‑active” one, where regulators may shape the baseline quality of internet access services and scrutinise commercial practices against a richer dataset. The substantive prohibitions remain, but the enforcement toolbox and the institutional choreography evolve.

Traffic management and data protection: same logic, more explicit integration

The DNA’s approach to traffic management is, again, largely a copy‑paste of the OIR formula. Traffic must be treated equally, without discrimination, restriction or interference, regardless of content, application, service, or terminal equipment. Reasonable traffic management measures must be transparent, non‑discriminatory, proportionate, and based on objectively different technical QoS requirements – not on commercial considerations.

The list of permissible exceptions is familiar:

• Compliance with Union or national legislation, and with court or authority orders.
• Preservation of the integrity and security of the network, services, and end‑user terminals.
• Prevention or mitigation of impending or exceptional, temporary network congestion, provided equivalent categories of traffic are treated equally.

These are the same categories found in Article 3(3) OIR and already interpreted in the light of net neutrality. The DNA does not open the door to new, commercial‑driven traffic management carve‑outs.

However, it makes the data protection dimension more explicit. Any traffic management measure that entails processing personal data must be necessary and proportionate for the stated objectives and must comply with the GDPR and the e‑privacy regime. This is not conceptually new – the OIR already anchored traffic management to data protection law – but the DNA restates and integrates it into the broader framework of network security and confidentiality obligations. As traffic management becomes more sophisticated (e.g. with real‑time analytics, AI‑driven congestion control), this explicit cross‑reference may gain increasing practical relevance.

Specialised services and 5G slicing: old text, new levers

The most sensitive area for future‑oriented technologies is the regime of “services other than internet access services which are optimised for specific content, applications or services”. This is where 5G network slicing and many enterprise‑grade services come into play.

The DNA sticks extremely close to the wording of Article 3(5) OIR:

• Such services may be offered when optimisation is necessary to meet specific quality requirements of the content, application or service.
• They may only be offered if network capacity remains sufficient to provide internet access services in addition.
• They must not be usable or offered as a replacement for internet access services.
• They must not be to the detriment of the availability or general quality of internet access services for end‑users.

Under the OIR, BEREC and NRAs already relied on this framework to analyse emerging 5G use‑cases. In essence, 5G slicing can either:

• Be used internally as an efficient way to deliver differentiated IAS offers (e.g. various retail speed/latency profiles), as long as open internet rules are respected; or
• Under certain conditions, underpin specialised services that sit alongside IAS (e.g. ultra‑reliable low‑latency connectivity for critical applications), provided the “no replacement/no detriment” criteria are satisfied and sufficient capacity for open internet is maintained.

The DNA does not change these textual conditions. The real innovation is procedural and institutional. It explicitly empowers the Commission to adopt implementing acts “detailing the conditions” for offering these optimised services. In other words, what was previously clarified mostly through BEREC’s soft law and case‑by‑case practice may, in the future, be shaped by binding implementing rules at EU level.

For 5G slicing and enterprise services (industrial IoT, connected vehicles, e‑health, virtualised private networks), this has two implications:

• It offers the prospect of greater legal certainty. Operators and enterprise customers could rely on a more precise EU‑wide definition of when a given configuration qualifies as a lawful specialised service, which QoS metrics and safeguards are required, and how capacity sufficiency and “no detriment” should be assessed.
• It raises the stakes of the political discussion. Implementing acts could, depending on their design, tilt the balance either towards a conservative reading (strict limits on specialised services to protect net neutrality) or towards a more permissive stance (clearly enabling certain “fast‑lane‑like” services in the name of innovation and network investment).

Civil society organisations have already flagged this as a potential pressure point, warning that poorly drafted implementing acts might, in practice, erode net neutrality by legitimising high‑quality lanes for selected services or partners, even if the overarching principles are left intact.

Zero rating: the law of continuity, the politics of expectations

Zero rating is a good litmus test to understand what the DNA does and does not change.

The OIR never mentioned zero rating explicitly. The practice was evaluated through the lens of Article 3: do commercial practices and traffic management arrangements materially limit end‑users’ rights and discriminate between services? Over time, BEREC’s guidance, combined with key judgments from the Court of Justice, considerably narrowed the space for zero‑rating offers. The European Court in 2021 condemned offers that, after a data cap is reached, throttle or block non‑zero‑rated traffic while keeping the zero‑rated content available, and it signalled that even seemingly “neutral” zero‑rating schemes can violate net neutrality if they materially reduce users’ freedom to choose content and services.

The DNA does not introduce any new legal category for zero rating, nor does it soften the underlying principles. The same broad rule remains: agreements and commercial practices – including offers differentiated by price, volume or speed – must not limit the exercise of end‑user rights. Traffic management measures cannot be based on commercial considerations, nor can they discriminate between content or services outside the narrowly defined exceptions.

In this sense, the DNA is a story of continuity. It neither rehabilitates zero rating nor codifies its de facto restriction as crystallised in case‑law. It simply carries the same legal standard forward into a new regulatory container.

What changes is the surrounding ecosystem:

• More structured monitoring: operators will periodically report on network capacity management and traffic, and BEREC will publish regular EU‑wide reports on open internet practices. This will make it easier to detect and compare zero‑rating‑like offers across markets and over time.
• Richer QoS metrics: BEREC is tasked with defining detailed QoS parameters and measurement methods. This could support more evidence‑based enforcement on whether certain offers lead to measurable detriment to the general quality of IAS.
• Potential future codification: although the DNA does not, on its face, re‑open the zero rating debate, the combination of implementing acts and BEREC guidelines could, in theory, be used to clarify the residual space (if any) for innovative tariff structures that differentiate but do not discriminate in the sense condemned by the Court.

For now, however, the default expectation should be that the restrictive approach developed under the OIR will carry over into the DNA era, unless and until there is a deliberate political decision to recalibrate it.

Enforcement, BEREC and the Commission: a new choreography

A key difference between the OIR and the DNA lies in how they choreograph the roles of NRAs, BEREC and the Commission.

Under the OIR, BEREC’s guidelines were the primary instrument to ensure consistent application. NRAs remained at the forefront of enforcement, with the Commission playing a more limited role in day‑to‑day application of net neutrality rules.

The DNA’s enforcement chapter on open internet access maintains NRAs as the central enforcers, but it overlays their work with:

• A mandatory, harmonised reporting cycle: providers of electronic communications to the public must submit information on network capacity management and traffic, as well as justifications for any traffic management measures, every two years.
• EU‑level synthesis: BEREC must share and publish reports on national practices and findings, also every two years.
• A common data template: BEREC, in close cooperation with the Commission, is required to develop a common template for collecting information from operators.
• Detailed guidelines: BEREC must issue guidelines specifically on the implementation of NRAs’ open internet obligations, including which QoS parameters to use, how to measure them, how to present information to end‑users, and how to design quality certification mechanisms.

This approach consolidates open internet enforcement within a more structured EU‑level framework. The Commission gains direct regulatory leverage through implementing acts on specialised services, while BEREC’s technical and interpretive authority is formalised and aligned with the DNA’s broader monitoring and reporting mechanisms.