EU Digital Policy Update | No. 17

Dear reader,

Welcome to Publyon’s Digital Policy Update. As the chill of autumn sets in, we are happy to provide you with insights on the latest EU policy trends and developments to keep you informed. In this edition, we unearth more about the upcoming ghostly hearings of the Commissioners-designate and the wicked questions the Parliamentary committees will ask. Moreover, we will bring you the latest news around the AI Act, and the cyber files. Grab your spell books and quills and join us as we dive into the latest bewitching news!

The spotlight

Ghostly hearings of the Commissioners-designate

Last week, the European Parliament’s Conference of Presidents, which consists of the Parliament’s President and the chairmen of the political groups, set the stage for a showdown of epic proportions. They decided on the detailed calendar for the hearings of Commissioners-designate: festivities will take place from 4 to 12 November. Much like gladiators in the Roman Colosseum, Commissioners-designate will face their ultimate trial in the Committee hearings. Armed only with their knowledge and experience, they’ll enter the haunted chambers of the European Parliament, where MEPs will scrutinise every word and action.

Before the grand showdown, Parliament leaders issued their written questions prepared by the different committees that Commissioners-designate had to answer by 22 October 2024.  To survive the treacherous gauntlet of the Committee hearings, Commissioners-designate must be prepared to face the fiery questions that will be hurled their way. Only those with the sharpest wits and the biggest resolve will escape the Parliament’s haunted halls and claim a seat in von der Leyen Commission 2.0.

Henna Virkunnen (Finland), Executive Vice-President, for Tech Sovereignty, Security and Democracy, faces her grilling on 12 November. You can find some of Virkkunnen’s questions here. She will have to:

• Provide her positioning on key tech policy files including the Digital Networks Act, the EU Cloud and AI Development Act, the single EU-wide Cloud policy and the European Data Union Strategy.
• Elaborate on measures to ensure that Europe reaches its 2030 Digital Decade targets, including in relation to digital skills and her views on the European Cybersecurity Certification Scheme for Cloud Services (EUCS) and the recommendations in the Draghi report related to cloud services.
• Delve into her plan with respect to digital and frontier technologies, such as AI, supercomputing, quantum computing and technologies, semiconductors (Chips Act), space tech and the Internet of Things.
• Provide her views on the recommendations of the White Paper and of the Draghi report on network fees and the measures envisaged to improve gigabit connectivity, expand the roll-out of 5G.
• Develop on the enforcement priorities for the Digital Services Act (DSA) and Digital Markets Act (DMA).
• Expand on a strategy to make sure that the copyright framework fully addresses all the challenges raised by AI (AI Act) and new technologies, continues to boost creativity, innovation and the EU’s competitiveness in the digital age.

Stéphane Séjourné (France), Executive Vice-President for Prosperity and Industrial Strategy, has his hearing on 12 November, too. Some of Séjourné’s questions can be found here. He will have to:

• Develop on the establishment of an EU Competitiveness Fund that will invest in strategic technologies (from AI to space, clean tech and biotech) and in Important Projects of Common Interest (IPCEIs) and will also leverage and de-risk private investment in the EU’s common goals.
• Put forward new initiatives in IP (trade secrets or trademarks) to ensure that the EU framework is still fit-for-purpose to reward innovation and creativity in the digital age and to support the EU’s long-term growth and competitiveness.

Others to keep an eye on based on their mission letters are (please click on the names to read the MEPs’ hearing questions):

• Valdis Dombrovsksis (Latvia), Commissioner for Economy & Productivity, and Implementation & Simplification: Dombrovskis will tackle streamlining EU regulations, aiming to cut red tape and simplify legislation – which has been a returning critique from tech industry stakeholders for the wave of digital legislation that swept over us in the last mandate. In addition to this, Dombrovsksis will facilitate the Digital EURO project and strengthen the international role of the Euro as a reserve currency.
• Ekaterina Zaharieva (Bulgaria), Commissioner for Startups, Research and Innovation, tasked with setting up a European AI Research Council, a strategy for EU startups and scale-ups, and developing a European Innovation Act.
• Michael McGrath (Ireland), Commissioner for Democracy, Justice and the Rule of Law), as well as the Digital Fairness Act, Online Consumer Law and for tackling digital disinformation.
• Teresa Ribera (Spain), Executive Vice-President for Clean, Just and Competitive Transition, will look over competition policy, including enforcement of the Digital Markets Act (DMA).
• Glenn Micallef (Malta), Commissioner for Intergenerational Fairness, Youth, Culture and Sport, is tasked with churning out an AI strategy for the creative industry.
• Magnus Brunner (Austria), Commissioner for Internal Affairs and Migration will be responsible for cybersecurity and fighting online crime, as well as the child sexual abuse online regulation (CSAM).
• Andrius Kubilius (Lithuania), Commissioner for Defense and Space, will oversee defence tech.

For a more in-depth and tailored analysis of the hearings and/or the Commissioners-designates’ priorities you can reach out to Cathy Kremer at c.kremer@publyon.com.

What’s next?

Each hearing will be followed by a meeting in which the Chairs of the Committees and group representatives (coordinators) concerned will evaluate the performance of the Commissioner-designate they just put on the grill.

After the completion of the evaluation process, the Conference of Committee Chairs will assess the outcome of all hearings and forward its recommendation to the Conference of Presidents. The latter will exchange views and decide whether to close the hearings in its meeting on ; it will also decide to place the vote on the whole College on the plenary agenda currently scheduled to take place during the 25-28 November session in Strasbourg.

The full Commission needs to be elected by a simple majority of the votes cast.

Curious about how these developments can impact your business? Don’t hesitate to reach out to our director Cathy Kremer at c.kremer@publyon.com.

Policy update

Five n(A)ights at Freddy’s

What’s more scary than haunted animatronics? Unregulated AI! The Artificial Intelligence Act (AI Act), which entered into force on 1 August, will gradually start applying the coming years.

To support the enforcement of the legislation, the European Parliament has set up a cross-parliamentary working group that will oversee the implementation of the Act. Working groups focus on the execution of legislation, review delegated acts and invite representatives from the European Commission and the industry to discuss new developments. Michael McNamara (Renew, Ireland) from the Civil Liberties Committee (LIBE) and Brando Benifei (S&D, Italy) – former co-rapporteur on the AI Act – from the Internal Market Committee (IMCO) will co-chair the group. The Legal Committee (JURI) also seeks to join the working group. We will keep you up to date when new developments come out.

AI Office prepares for GPAI

On 30 September, the European Commission’s AI Office organised its first plenary session on drafting the codes of practices for general-purpose AI (GPAI). Almost 1,000 participants joined the virtual meeting. The Commission shared a list of chairs and vice-chairs for the four working groups drafting the Code. The drafting process will contain input from multi-stakeholder consultations, workshops, and plenary sessions.

What’s next to watch out for?

As for the AI Act, by 2 November, EU countries must identify and publicly list the public authorities and bodies responsible for the protection of fundamental rights against high-risk AI systems.  These authorities and bodies will supervise or enforce the obligations regarding fundamental rights, such as the right to non-discrimination.

Additionally, the first gathering of the AI Act’s working group in the European Parliament will unfold on 24 October, where MEPs will be briefed by the Commission on the current state of play. The meeting will also cover progress made on the GPAI codes of practice, forthcoming guidelines to ban unacceptable use cases, and the AI Pact, a voluntary initiative for companies designed for early compliance. More than a hundred companies have already signed up for the Pact, with more than half pledged to guarantee human oversight, reduce risks and mark specific AI-generated content.

Lastly, the first Commission workshop on the code of practice for GPAI model providers will take place today on 23 OctoberThe workshop includes discussions systemic risk assessment, technical mitigation and governance, and transparency and copyright-related rules. The first draft is postponed – it is now expected to be finished on 11 November. The final draft will be presented during a plenary session in April 2025.

Something interesting for my business?

The European Commission launched a public consultation to gather feedback for setting up a new scientific advisory group of independent experts on AI. This body will offer technical advice and input on the enforcement of the Act, such as alerting the AI Office of risks posed by GPAI – you do not want these going off-script. The deadline for input is 15 November – you can find the consultation here.

Cyber frights

As the nights grow longer, the EU is preparing to confront digital ghosts and cyber ghouls. To combat these monsters, the Council adopted the Cyber Resilience Act (CRA) on 10 October, which sets cybersecurity standards for digital products across the EU.

The CRA covers almost all digital products, tightening security requirements from design to end-user experience, while some sectors, like medical and automotive, remain under existing protections. Manufacturers will have a 36-month grace period to adapt, though some urgent measures will creep in sooner.

Meanwhile, the Cyber Solidarity Act (CSA) is nearing completion, with final legal and linguistic refinements being made on 15 October. The text awaits final approval from the Council before it can be published and become effective.

In other cyber news

The NIS2 Directive took effect on October 17. This new directive expands its reach to cover sectors like energy, healthcare, and transport, introducing stricter requirements for risk management, supply chain security, and incident reporting within a 24-hour deadline after significant incidents. Regulators have strengthened powers, including random audits and penalties, while company leaders face the frightening prospect of personal liability for non-compliance. A recent survey even reveals that 66% of businesses may miss the compliance deadline, struggling to adapt to the new rules. Belgium is the first European member state to already fully implement it and at least 2,500 Belgian organisations are required to register on the and take new security measures to comply with the legislation.

To end the night with a bang

The EU has committed €865 million under the Connecting Europe Facility (CEF) to boost digital connectivity from 2024 to 2027, supporting the spread of 5G, gigabit networks, and quantum communications—bringing the EU closer to its 2030 Digital Decade goals. Grab your (candy) bag before it is too late!

Events

Meetings under the full moon

The moon is high, the fog rolls in, and the digital policy fiends are gathering at their favourite haunted house. Wondering where to find us lurking this month?

You can find our Director Cathy Kremer at POLITICO’s AI in the workplace event on 8 November and its AI and governance event on 21 November. You can find our colleague Irene Veth at POLITICO’s event “AI and governance: Threating the needle” on 21 November, and the event “AI and Innovation: Creating EU Champions” taking place on 26 November. We will also be #bubbling at the European Business Summit on 20 November. You can find Guillaume Baudour at lunch meeting with Director-General of DG COMP organised by the Cercle Francophone des Affaires Européennes on 18 November to discuss competitiveness based on the Draghi report and the upcoming the Clean Industrial Act.

We’re always eager for a chat about the latest Digital Policy Update and other digital and tech news with our fellow fiends. If you are interested in meeting the ghouls forming our digital and tech team, do not hesitate to reach out to us: Guillaume Baudour and Irene Veth.

Irene Veth

Boo! My name is Irene, and together with Guillaume Baudour and Marc Lütz, we are the ghoulish trio behind this month’s update, bringing Brussels’ main digitalisation and technology insights to your inbox. I hope you enjoyed this edition of our update. We are always looking to provide our community with the most valuable (and fun) content possible – starting with you. If you have any topics or stories you would like to see covered in our next edition, do not hesitate to contact me.

Contact