Digital Twins are becoming central enablers of Europe’s digital and green transitions, yet their data-intensive and autonomous nature exposes them to one of the most complex regulatory environments in the world. This article presents a comprehensive scoping review of how six principal European digital laws—the General Data Protection Regulation, Data Governance Act, Data Act, Artificial Intelligence Act, NIS2 Directive, and Cyber Resilience Act—jointly govern the design, deployment, and operation of Digital Twin systems. Building on the PRISMA-ScR methodology, the study constructs a Unified Digital Twin Compliance Framework (UDTCF) that consolidates overlapping obligations across data governance, privacy, cybersecurity, transparency, interoperability, and ethical responsibility. The framework is operationalised through a Digital Twin Compliance Evaluation Matrix (DTCEM) that enables qualitative assessment of compliance maturity in research and innovation projects. Applying these tools to representative European cases in Smart Cities, Industrial Manufacturing, Transportation, and Energy Systems reveals strong convergence in data governance, security, and interoperability, but also persistent gaps in the transparency, explainability, and accountability of AI-driven components. The findings demonstrate that European digital legislation forms a coherent yet fragmented ecosystem that increasingly requires integration through compliance-by-design methodologies. The article concludes that Digital Twins can act not only as regulated technologies but also as compliance infrastructures themselves, embedding legal, ethical, and technical safeguards that reinforce Europe’s vision for trustworthy, resilient, and human-centric digital transformation.
Jôrgensen et al. (Thu,) studied this question.