Dear reader,

Welcome to Publyon’s Digital Policy Update. We are happy to provide you with insights on the latest EU policy trends and developments every month. May is the month for European celebrations, with Europe Day and Eurovision, but that shouldn’t prevent it from being a time for reflection, with the looming European elections from 6-9 June. Let’s pause to celebrate the accomplishments of the past five years and peek ahead to the priorities of the new mandate. What lies ahead for the EU’s digital policy? Read more in our spotlight.  

In this edition, you will also read about the newest scoops on AI and our favourite cyber files. We also have an exciting surprise concerning the Gigabit Infrastructure Act. Additionally, we have updated our blog post on the AI Act and published our very first digital podcast episode. Jump to the end of this newsletter to find out more – including where to connect with our team!


But first, we have some news! 

This month, we are bringing you a very special episode of our ‘Beyond the Ballot’ podcast.

'Beyond the Ballot' Podcast

In this episode, our Director Cathy Kremer and marketing officer Daniela Brucoli take a deep dive into the digital policy landscape of the past five years (2019-2024) and offer a glimpse into the future priorities of the upcoming mandate. Which opportunities will unfold for your organisation? 

Watch on YouTube | Watch on Spotify

'Beyond the Ballot' Podcast
The spotlight

The spotlight

Navigating the buzz of the European elections and upcoming digital policy

With the approaching European Parliamentary elections, taking place from 6 to 9 June, the political landscape is buzzing with excitement. Yet, how to make sense of all the information you might have picked up here and there across the news? Let us walk you through some key elements that will help your business understand who to watch, what is ahead and how elections will shape the future of European digital policy.


All changes in a nutshell

The European elections are a time for the exercise of democracy, where Europeans can directly elect their representatives, the future Members of the European Parliament (MEPs). As the European Parliament will welcome some new and some familiar faces for a new term stretching from June 2024 until June 2029, these changes will also affect the European Commission. Each European party has presented a Spitzenkandidat, their proposed candidate for the role of European Commission President, who will be supported by a new College of Commissioners.


The key players

The Council is not the only one coming up with an agenda for the upcoming five years. MEPs come with their own passions and priorities they want to campaign at EU level. Although we already know AI Act co-rapporteur Dragos Tudorache (Renew, Romania) will not run for re-election, other tech-savvy MEPs will attempt to make a return to the Parliament. The list includes Javier Zarzalejos (EPP, Spain) and Tilly Metz (Greens/EFA, Luxemburg), who worked on the European Health Data Space, Pilar del Castillo (EPP, Spain) who worked on the Data Act and telecommunication files, and Stéphanie Yon-Courtin (Renew, France) who worked on the Digital Markets Act.

Incumbent MEP and candidate Kim Van Sparrentak (Greens/EFA, The Netherlands) already aims at putting the internet on the agenda, by tackling online advertising and the right not to be disturbed. Her fellow AI Act collaborators Brando Benifei (S&D, Italy) and Axel Voss (EPP, Germany) are running as well. Newcomers to look out for are Luukas Ilves (Estonian Reform Party) who takes an interest in AI competitiveness. Finally, Bart Groothuis (Renew, Netherlands) will also attempt a comeback, after his shadow role on the Cyber Solidarity Act and Chips Act.

On the Commission front, the most notable candidate is the current Commission President, Ursula von der Leyen, who is the polls’ favourite for succeeding herself as she enjoys broad support and her party, the EPP, is leading the polls. As for the other Commissioners and their portfolios, that is more difficult to predict, since the turnover rate is usually high, and their appointment depends on national political dynamics. However, it is unlikely that Margrethe Vestager will keep her role as digital Commissioner.


The agenda

A new term means a new agenda, which will guide the European Union’s legislative processes and decisions for the coming five years. You might remember from previous DPU editions that the Belgian Presidency of the Council of the EU holds a special role this semester: presenting Council Conclusions that will inform the European Commission’s Strategic Agenda for 2024-2025. The 2024-2029 mandate is set to prioritise European economic security and strategic autonomy, a Competitiveness Deal, and an Industrial Deal.

On the digital front, the Belgian Presidency approved its Council Conclusions on the future of the EU’s digital policy during the Telecommunications Council on 21 May. It advises the EU to focus its future policy work on the development of the digital single market and the possibilities for a telecommunications market. Unlocking funds, especially for deep tech start-ups working on critical technologies such as AI, quantum technologies, advanced semiconductors, and biotechnologies, will be high on the agenda, along with the development of defence capacities through cybersecurity, cyberwarfare, and dual-use technology and the development of green tech.

Further, expect continued attention to digital infrastructure, digital skills, enhanced connectivity, and digital governance, which can all contribute to reducing administrative burdens and costs for your organisation and boost its competitiveness. Finally, there will be a renewed focus on the societal impacts of digitisation, including the protection of minors online, online ID verification, and addressing mental well-being reflected in issues like addictive designs on social media. As the next Council Presidency will be Hungary, we eagerly await their ambitions for their term.


What’s next?

In the short term, the answer is simple: the European elections! In the long run, we at Publyon have our eyes set on the formation of the new European Parliament and the new College of Commissioners, who will work on the future of digital policy in the EU. On that front, we can already tell you that the EU will work on an upcoming EU Telecoms Act, also called the Digital Networks Act, as well as a revision of the GDPR. We will also be looking out for the AI Liability Directive, the setting up of new dataspaces and initiatives on AI in the workplace, while on the cybersecurity front, the focus will lie mostly on implementing existing legislation and a review of the EU Cybersecurity Strategy.

Want to know how these developments will impact your business? Reach out to our Director Cathy Kremer at

Policy update

Policy update

It is the f(A)inal countdown

We have reached the final chapter of the Artificial Intelligence Act (AI Act), a saga that has kept us all turning pages. Originally proposed by the European Commission in 2021, the AI Act was formally endorsed during the last European Parliament’s plenary session in April as a corrigendum procedure without a vote (check out the final text here). On 21 May, the Council gave its official endorsement, paving the way for the story to conclude.

In our last DPU, we mentioned how three MEPs, Axel Voss (EPP, Germany), Svenja Hahn (Renew, Germany) and Kim van Sparrentak (Greens/EFA, the Netherlands) pressed the European Commission to know who will head the EU’s AI Office. It seems that the deadline for the European Commission has passed – with no answer. However, rumour has it we can expect an official communication from the Commission in a few weeks.

In the meantime, work on the AI Pact is in full swing. The European Commission set up this Pact to encourage companies to voluntarily start implementing the Act’s requirements ahead of schedule. It revolves around two pillars: one for gathering information and sharing best practices with the network, and another for facilitating and communicating companies’ ypledges for early compliance through concrete actions. Companies can join the initiative and share their internal guidelines or processes with the community. The Commission already held a first workshop on 6 May to inform AI companies about the Pact.


The epilogue

The AI Act is set to be published soon in the EU’s Official Journal and take effect in June. The first rules on prohibited practices will start applying six months later in December, with the Act gradually coming into force from the end of 2024 through 2027. Expect the first secondary legislation to be published 18 months after it takes effect.


What’s in it for your businesses?

Before we switch over to cyber legislation, we want to direct your attention again to the EU AI Office. They are planning a first webinar on the Risk Management Approach in the AI Act. Originally scheduled for 16 May, it has been postponed and will be confirmed shortly. Stay tuned!

Lastly, the European Commission has published a set of calls under the 2023-2024 Horizon Europe Digital, Industry, and Space work programme with a budget of €112 million. Around €50 million is reserved to advance large AI models and 15 million to enhance the intelligibility and reality of AI systems. Additionally, the rest will be invested in quantum technologies (apart from a small €6 million to bolster the EU’s engagement in global ICT standardisation). See here for more!


Mirror, mirror, on the (cyber) wall…

How is it faring with the cyber files, overall? Peering into the reflective glass, we see that the European Parliament finally approved the Cyber Solidarity Act (CSA) on 24 April. This legislation aims to boost the detection, preparation, and response capabilities across EU countries, while also championing European technological sovereignty. Additionally, the Parliament endorsed an amendment to the 2019 cybersecurity legislation, now including European cybersecurity certification schemes for ‘managed security services’ in its scope.


What does the mirror unveil next?

Unfortunately, no earth-shattering news. As always, the CSA must receive the green light from the Council before it can be published in the EU’s Official Journal and taken into effect. The mirror reveals a bleak update on the Cyber Resilience Act (CRA), which still awaits Council approval on last year’s provisional agreement. The Telecommunications Council met on 21 May, but the CRA and CSA were not on the agenda. It seems the mirror’s clarity on these files is a bit murky – but rest assured, clarity may be just around the corner. However, the Council did approve their Council Conclusions on the Future of Cybersecurity.

In other cyber news, the Netherlands has presented a non paper for the next European Commission, urging a focus on implementation, harmonisation, and innovation to improve the EU’s cybersecurity efforts.


How should this be done?

The Netherlands advises taking stock of the different cyber legislation and their interplay. Moreover, the EU should provide enough financing for the implementation of the CRA for SMEs, as well as ensure effective coherence between the CRA and the CSA. Another recommendation underlines supporting EU countries in implementing the NIS 2 Directive, seeking to boost the EU cybersecurity’s level, at the national level through the NIS Cooperation Group. Additionally, the European Cyber Competence Center (ECCC) must start operating with its national counterparts, and the Cyber Sanctions Regimes must be consistently used.


Ready, set, go: Gigabit Infrastructure Act

As we near the end of this mandate, the Gigabit Infrastructure Act has just hit a major milestone. Proposed in 2023 by the European Commission, the law aims to accelerate the rollout of gigabit connectivity, such as 5G, across Europe.

The Act has officially been published in the EU’s Official Journal on 8 May. The Act will enter into force on 11 May 2024 – just before the price caps for intra-EU communications will expire.


What now?

The law is set to apply after 18 months, precisely on 12 November 2025. However, certain provisions, like the digitalisation of single digital entry points, will kick in later, starting after 24 months on 12 May 2026.



EU AI Act: what does it mean for your business?

This month, we are excited to share that our AI Act blog post has been updated with the latest legislative scoops so you can everything about the AI Act in one place. The AI Act is set to be published very soon – expected in June. Want to stay ahead of the curve and know what’s coming next for your business? Or do you simply need a quick refresher on the AI Act’s legislative path? 

EU AI Act: what does it mean for your business?

Meet the team

We are always looking for opportunities to exchange with our readers or anyone who has an interest in digital and tech in general. This month, you will find our colleague Irene Veth at CEPS’ event “Who’s afraid of Big Tech? Unpacking the discourse on technology and its harms” on 28 May in Brussels. We also like to exchange in any other way you see fit, whether to reach out with some questions or share your suggestions for the upcoming editions of the DPU.

Irene Veth

Irene Veth

Hi, my name is Irene, and I am your oracle this month bringing Brussels’ main digitalisation and technology insights to your inbox. I hope you enjoyed this edition of our update. We are always looking to provide our community with the most valuable content possible, and that starts with you. If you have any suggestions for topics you would like to see covered in our next edition, do not hesitate to reach out to me.