Dear reader,
Welcome to Publyon’s Digital Policy Update. We are happy to provide you with insights on the latest EU policy trends and developments every month. This time, turn the music on, we have our high-tech vacuum cleaner in one hand and the DPU in the other to jump into the EU’s 2024 spring cleaning! While Publyon wipes the winter out of our offices for a fresh season start, the European Union seems to have been doing the same cleaning up its list of ongoing files to prepare for the wake of a new legislative season.
This month, the sun’s first rays of sunlight shone on the European continent and beyond. Birds are starting to sing, nature is awaking and AI regulation is sprouting across countries. More on the beauties of this artificially intelligent spring in the spotlight section of our newsletter. Further, the AI Act and our cyber-trio are on the way out, as all these files have been or are nearing conclusion. Join us on a short summary of what the month of March had in store of us, before we look out into European elections and future policies in our next DPU edition.
Did we spark your interest?
If you have an appetite for interesting content, visit us online for more insightful reading and helpful tips on upcoming relevant events.
Before you move on…
Undoubtedly, 2024 is a time of political shift. The upcoming European and Belgian elections taking place in June, are a unique moment for businesses as they provide an exceptional chance to proactively shape the political dialogues and decisions that will influence the forthcoming term in Belgium and the broader EU.
Publyon is proud to introduce you to our Beyond the Ballot series of webinars and reports that will help your organisation to be well-informed about the political developments in Brussels and provide you with guidance on how to effectively take advantage of opportunities stemming from the elections.
Sign up for free to our Belgian elections webinar here below!
For more information, visit our dedicated page.
The spotlight
Times are a(i)-changing
The EU might be ahead in the race to AI regulation, but the rest of the world is catching up. At the United Nations, the AI advisory body is preparing a report on artificial intelligence, ‘Governing AI for Humanity’, which has been shared with and commented on by the European Commission, ahead of the report’s publication this summer. According to inside sources, the Commission believes the report lacks precision in its terminology and fails to clearly address some crucial elements such as the inclusion of risk-categories which form the backbone of the EU’s own AI Act.
The Council of Europe (which has nothing to do with the European Union) is surfing the AI vibe as well with the publication of an AI Treaty to address the effects of AI on human rights. Behind the scenes, the U.S. has been asking the Council not to include business in the obligations of the treaty. A compromise was found in the final text by stating that the provisions would apply only to “public authorities or private actors acting on their behalf”. An interesting exemption is that AI systems used for national security do not fall under the Treaty’s provisions.
All the while the G7 countries, reunited for a ministerial meeting in Italy, focussed their attention on industries, technologies and digitalisation. Italy’s main G7 presidency priority is AI, a key discussion point, following up the voluntary code that the G7 has set up for AI companies – the Hiroshima Process. The outcome of the G7 meeting is the further development of tools and mechanisms to boost company compliance with the content of the code, as well as new pledges for AI in the fields of ethics, transparency, media and risk mitigation. Overall, the code encourages the adoption of AI by SMEs. The EU is not the only one looking to boost competitiveness through the adoption of AI…
Want to know how these initiatives will impact your business? Reach out to our Director Cathy Kremer at c.kremer@publyon.com
Policy update
AI showers bring business flowers
The unmissable news this month is the final (but really totally final) adoption of the Artificial Intelligence Act (AI Act). After an outpour of parliamentary committee meetings, Council discussions, and interinstitutional negotiations, the European Parliament adopted the final text of the AI Act during its plenary session on 13 March. No dramatic twists or turns – the EU can now officially call itself the first regulatory body to have an AI law.
In the meantime, negotiations continue over the budget that will be attributed to the AI Office and the appointment of key officials to run the different governance bodies. The AI Board, on the other hand, might already hold its first meeting before the summer. More on that in a next edition when the rumours of spring have become actual summer realities.
How can your business flourish?
Now, the AI Act’s main challenge is to ensure AI innovation can grow in the EU’s fertile soil. With competitiveness being top on the priority list, there is a lot the EU can do to ensure blooming businesses. The EU already revised the European High Performance Computing Joint Undertaking, to ensure the infrastructure provided by the EU is ready to support AI innovation hubs. The amendments to the Undertaking are expected to be voted on today (20 March), as we speak, with a final plenary vote end of April. All the while today marks the first day of the EuroHPC Summit in Antwerp (Belgium) bringing together supercomputing and quantum experts to discuss its development in the EU over the next four days.
What’s next, if not summer?
The real policy nerds amongst our readers will be interested to know the final corrigendum on the AI Act will be voted during the plenary European Parliament session on 11-12 April. The corrigendum will list several (translation) errors to be correct or removed from the AI Act’s final version. While we wait for its endorsement and publication in the Official Journal of the EU, after which it will enter into force, we cannot stress enough for businesses that all is not decided! With the considerable amount of secondary legislation that the Commission will have to propose to implement the Act, your business can have significant influence over what comes next. There are already some talks going around that one such implementing act will provide a better-defined framework for powerful general-purpose AI models posing a systemic risk.
Want to know more about implementing acts and what they do for your business? Contact Emmanuelle Ledure.
Cybersecurity Act I: Cyber Resilience
Another concluded file? It seems almost like a Midsummer’s night dream…On 12 March, the European Parliament adopted the Cyber Resilience Act (CRA), earlier than we expected. The Cyber Resilience Act categorises critical products into two different lists based on their cybersecurity risk, which will determine the type of ‘cybersecurity check’ the products will have to undergo. The European Parliament further voted on a stronger involvement of the European Union Agency for Cybersecurity (ENISA) to assess and identify systemic cybersecurity risks and recommend adequate action to the Member States who notified it.
Where are we headed?
The Council of the EU now needs to formally approve the Cyber Resilience Act, before it can become law and enter into force. The requirements of the Act will start applying in early 2027. While we keep an eye on the Act’s publication in the Official Journal of the EU, we invite you to read further on the rest of the cyber-stories.
Act II: Cyber Solidarity
It’s a deal for the Cyber Solidarity Act (CSA) as well! On 6 March, the European Parliament and Council of the EU reached an agreement on the file, finding a common stance on three key elements of the act. First, the institutions agreed on the European Cybersecurity Alert System, a series of cyber hubs across the EU whose main role is to detect cyberthreats. Then, the institutions defined the Cybersecurity Emergence Mechanism that will coordinate the preparedness of critical European sectors (health, energy) for cyberthreats. Finally, the European Cybersecurity Incident Review Mechanism will be the EU’s recommendation body, providing improvement points to the EU in the aftermath of cyberattacks.
What’s next?
The final agreement now will be voted on by the Council of the EU and the European Parliament, after which it will officially enter into force, twenty days after its publication in the Official Journal of the EU.
Act III: Cybersecurity
And the EU institutions concluded their work on yet another file, the amendment to the Cybersecurity Act which gives Member States the possibility to set off a cybersecurity certification for “managed security services”. The legislators agreed on a definition of managed security services, aligned security objectives and ENISA’s role. The deal was concluded in half an hour (unlike our spring cleaning, some know how to be efficient), with as main condition that the European Parliament would be allowed to hold more scrutiny of the national processes.
What now?
Both the European Parliament and Council of the EU will now have to formally endorse the final text, as soon as possible. Once formally adopted by the co-legislators, the text will be published in the EU’s Official Journal and enter into force 20 days after this publication.
Blog
How to start an effective advocacy campaign in the EU
You must have heard a wind of change blew over the European AI landscape, when French AI company Mistral announced a new partnership with Microsoft. The announcement came after the finalisation of the AI Act’s text and surprised many policymakers, as Mistral had been linked to the strong French lobby to contain certain ‘over-regulating’ provisions of the AI Act. Mistral is not the only company lobbying EU files at national level… In our new blogpost, you will find everything you need to know about the different lobbying strategies your business can pursue.
READ THE ARTICLE
Meet our team
We are always looking for opportunities to exchange with our readers or anyone who has an interest in digital and tech in general. This month, you will bump into our colleague Cathy Kremer at the following events: the Breakfast-debate with Mieke de Regt, Counsellor for Digital Policy and Telecoms at the Permanent Representation of Belgium to the EU on 26 March and Politico’s Tech & AI Summit on 16 April in Brussels.
Emmanuelle Ledure
Hi, my name is Emmanuelle and I am the daffodil curating this monthly update to bring Brussels’ main digitalisation and technology insights to your inbox. I hope you enjoyed this edition of our update. We are always looking to provide our community with the most valuable content possible, and that starts with you. If you have any suggestions for topics you would like to see covered in our next edition, do not hesitate to reach out to me.
Contact
