Dear reader,

Welcome to Publyon’s Digital Policy Update. As the chill of autumn gives way to the cold of winter, the busy holiday season is coming up – and so are the hottest policy deals for businesses to catch. We are happy to provide you with insights on the latest EU policy trends and developments to keep you informed before the year’s end.

In this Black Friday edition, we unwrap the hearings of Commissioner-designate Virkkunen and turn our focus across the Atlantic to examine the EU policy implications of the US elections on the world of tech. As always, we bring you the latest on the AI Act, cyber files and other eye-catching news. Grab your shopping bags and policy wish lists and let us guide you through the most exciting policy updates of the season!

Europe’s bold plan for sustainable growth, the “Clean Industrial Deal”, represents a major shift for EU businesses, especially in energy-intensive sectors. Don’t miss your chance to engage with the Commission to shape this deal and influence the policy direction for the next five years.

LEARN HOW
The spotlight

The spotlight

Unwrapping Virkkunen’s hearing

On Tuesday evening 12 November, the Commissioner-designate and Executive Vice-President for Tech Sovereignty, Security and Democracy (EPP, Finland), Henna Virkkunen, faced a grilling by the Parliamentary Committee for Industry, Research and Energy (ITRE) and the Committee for Internal Market and Consumer Protection (IMCO). Five other committees (LIBE, JURI, AFET, SEDE, CULT) were also invited. Here’s a summary of the main announcements made on digital and tech policies. She will:

 

AI:

  • Boost the AI computing power of European supercomputers with the AI Factories Initiative. It will offer access to computing power to startups, researchers and the industry.
  • Present an applied AI strategy to boost new industrial uses of AI and to improve public services.
  • Develop an AI ecosystem in research and science by working together with the Commissioner for Startups, Research and Innovation to set up the AI Research Council.
  • Push for the evaluation of the Directive on Copyright in the Digital Single Market in 2026.

 

Cloud:

  • Propose the EU Cloud and AI Development Act that will allow even the smallest businesses to access advanced AI services.

 

Chips:

  • Consider additional actions to complement the Chips Act.
  • Present a quantum strategy that includes a quantum Chips plan.

 

Connectivity and strategic autonomy:

  • Present the Digital Networks Act (DNA) to boost secure high-speed broadband.

 

Data:

  • Address the issue of data sharing via a dedicated EU Data Union Strategy as suggested by the Letta report.

 

Digital skills:

  • Put a particular emphasis on digital skills to reach the EU’s target of reaching 20 million ICT experts needed to render possible the twin transition.

 

Democracy and European values:

  • Prepare the Democracy Shield, together with the Commissioner for Democracy, Justice and Rule of Law to protect our democracies against electoral interference, disinformation and manipulation by malign foreign actors.

 

Media:

  • Give her full support to the Commissioner for Democracy, Justice and the Rule of Law to ensure the proper enforcement of the European Media Freedom Act (EMFA).

 

Cybersecurity:

  • Propose an action plan during the first 100 days in cooperation with the Commissioner for Health on the cybersecurity of hospitals and healthcare providers.
  • Act in the context of the next revision of the Cybersecurity Act to tackle the issue of communication is transmitted via radio equipment from high-risk vendors.

 

Simplification:

  • Call on stakeholders and policymakers to cut red tape given the many digital rules that are up for review.
  • Ask to list all the reporting obligations incumbent on companies and all the legislation applicable to tech, particularly where there are overlaps.

 

Additional tech regulations:

  • Apply both the Digital Services Act (DSA) and Digital Markets Act (DMA) fully by giving DG CNECT the resources to implement it, with 200 additional staff members by the end of the year, in particular lawyers and researchers.
  • Ensure fair competition and a level playing field in the area of e-commerce.
  • Call firmly on all market players to take their responsibilities and to make sure that the online world for minors is safe and helpful instead of harming them.
  • Give full support to the EU-wide inquiry on the broader impacts of social media, led by the Commissioner for Health, and to the action plan on cyberbullying, led by the Commissioner for Youth.

 

Implications of the US presidential election

The stakes are high following the US elections. Henna Virkkunen assured MEPs she wouldn’t hold back on holding Elon Musk, the owner of X, accountable for managing the platform, despite Musk’s new-found power over US President-elect Donald Trump. However, she remained tight-lipped about handling relations with the new Trump administration, especially after the threat from the newly elected US Vice President-elect J.D Vance in September who linked support for NATO to the non-regulation of X.

On 17 November, Donald Trump nominated Brendan Carr at the helm of the Federal Communications Commission (FCC), the regulator of US telecoms. He stated on X that: “We must dismantle the censorship cartel”, which he believes is imposed by tech giants such as Facebook, Google, Apple and Microsoft, “and restore Americans‘ right to freedom of expression”. He is also the author of the telecoms chapter of ‘Project 2025’, a nearly 900-page document drawn up by the conservative think tank the Heritage Foundation and a roadmap for the overhaul of the federal state under Donald Trump. He writes that “the FCC must change course [and] achieve four main goals: regain control of Big Tech, promote national security, unleash economic prosperity, and ensure the FCC’s accountability and good governance”.

What’s next? It remains to be seen how this new (de)regulation of Big Tech in the US will interplay with the EU’s legislative framework, including the Digital Services Act (DSA) and the Digital Markets Act (DMA).

Curious about how these developments can impact your business? Don’t hesitate to reach out to our director Cathy Kremer at c.kremer@publyon.com.

Policy update

Policy update

All you need is AI

AI has been on the top of everyone’s wish list this past month. The Artificial Intelligence Act (AI Act), which entered into force on 1 August, sets out a horizontal framework for the safe and reliable use of AI in Europe.

On 2 November, the Member States were supposed to have published a list of authorities responsible for protecting fundamental rights. However, only a few have done so: Cyprus, Ireland, Malta and Portugal. The rest suffered internal procedural delays. The European Commission has received notice of most – more published lists are expected soon. The Netherlands already issued a third recommendation on supervisory structures.

 

AI Office dabbles in GPAI practice codes

On 14 November, the European Commission shared the first draft of the Codes of Practice for General-Purpose AI (GPAI), based on multi-stakeholder input. The draft gives more insight into transparency and enforcement details for copyright-related rules of GPAI providers, systemic risks taxonomy, risk assessment methodologies, and mitigation measures for providers of advanced GPAI. Discussions within the four working groups continue, with the final version set to be presented in May 2025.

 

Something interesting for my business?

The Commission has received seven proposals from fifteen Member States to build AI Factories, connected to European High-Performance Computing (HPC) supercomputers to increase the amount of computing power for AI startups, industry and researchers. The proposals will be evaluated by independent experts. Winners will be announced in December 2024, with the first Factories being planned for early 2025.

Additionally, the Commission has opened a stakeholder consultation on future guidelines on the definitions of AI systems and prohibited AI practices. Stakeholders including AI systems providers, businesses, national authorities, academia and civil society are welcome. The consultation is open until 11 December 2024 – don’t forget to give your input! The guidelines are expected in early 2025.

 

Last minute Cyber Deals!

The Cyber Resilience Act (CRA) has arrived, bringing robust cybersecurity standards to safeguard all digital products in the EU marketplace – just in time for the holiday sales season! Adopted by the Council on 10 October 2024, signed into law on 23 October, and taking effect on 9 November 2024.

This landmark regulation applies to all digital products, ensuring they are designed with cybersecurity in mind, supported by transparent security policies, and capable of swift incident reporting to the European Union Agency for Cybersecurity (ENISA). The Regulation will apply from 11 December 2027, though Article 14 – covering vulnerability management – will apply earlier, from 11 September 2026, and Articles 35-51, addressing enforcement and penalties, will apply from 11 June 2026. These phased timelines provide businesses, including SMEs, with structured support to meet these robust cybersecurity standards, ensuring safer digital shopping for all.

So, as the deals roll in this Black Friday and Cyber Monday, remember: with the CRA, it’s not just about buying smarter—it’s about buying safer!

We are almost there! The Cyber Solidarity Act (CSA), aimed at enhancing the EU’s collective ability to detect and respond to cyber threats, is expected to be adopted by the Council on 2 December. The Act will officially take effect 20 days after publication, delivering an early “Cyber Monday” gift for Europe’s digital ecosystem.

 

Black Friday’s star: NIS2

Turning back to our old cyber favourite, the NIS2 Directive is set to unify cybersecurity requirements across member states by 2025, expanding its scope to cover vital sectors such as cloud providers, data centres, and social networking platforms. ENISA has released draft technical guidance to help businesses implement these measures effectively, offering detailed advice and mapping requirements to international standards. Want to be part of this initiative? You can submit your input by 9 December.

 

Bonus cyber deals

As businesses ramp up their digital transformations, vulnerabilities such as cloud misconfigurations and ransomware attacks are drawing increased attention. ENISA has flagged these as a growing concern, emphasizing the need for more robust security across different sectors such as healthcare.

Complementing these efforts, the European Cybersecurity Competence Centre (ECCC) celebrated the opening of its permanent headquarters in Bucharest, Romania. With €600 million already invested in cutting-edge cybersecurity projects and an additional €400 million planned by 2027, the ECCC will be involved with post-quantum cryptography, implementation of EU legislation, capacity-building, and knowledge sharing.

Events

Events

Don’t miss your chance to connect with us

Wondering where to find us window-shopping this month?

You can find our colleague Marc Lütz at the CEPS India-EU TTC event on 29 November. Additionally, you can find our colleague Irene Veth at the Cybersecurity@CEPS Summit 2024 on 5 December. Finally, Cathy Kremer will attend the European Business Summit today 20 November.

We’re always eager to have a chat about the latest Digital Policy Update and other digital and tech news with our fellow deal-hunters. If you are interested in meeting the fanatics forming our digital and tech team, do not hesitate to reach out to us: Guillaume Baudour and Irene Veth.

Irene Veth

Irene Veth

Hello! My name is Irene, and together with Guillaume Baudour and Marc Lütz, we are the trendy trio behind this month’s update, bringing Brussels’ main digitalisation and technology insights to your inbox. I hope you enjoyed this edition of our update. We are always looking to provide our community with the most valuable (and fun) content possible – starting with you. If you have any hot topics or wish-list items you would like to see covered in our next edition, do not hesitate to contact me.

Contact