Dear reader,

Welcome to Publyon’s Digital Policy Update! Every month, we are happy to provide you with insights on the latest EU policy trends and developments.

And who said EU policy could not be as exciting as a good thriller movie? If you want to find out what Hollywood and Publyon have in common, skip directly to our interview with star host ChatGPT!

Under this month’s cinematic spotlights, you’ll find out what’s been unfolding in the EU digital political sphere: the EU-US Data Privacy Framework. We’ll then take you through our favourite policy trilogy: the Data Act, AI Act and Cyber Resilience Act, followed by our monthly blogpost recommendation. Last but not least, in the end credits, you’ll find this month’s recommended events and where to meet our colleagues… and if you read carefully, you might even find a cliff-hanger for next month’s update!

Did we spark your interest?

If you have an appetite for interesting content, visit us online for more insightful reading and helpful tips on upcoming relevant events.

The spotlight

The spotlight

Pirates of the Atlantic: the quest to facilitate EU-U.S. data transfers

In October 2022, U.S. President Biden signed an executive order as part of his government’s efforts to rekindle transatlantic data flows. A star was born: the EU-U.S. Data Privacy Framework.

Institutional approval and reservations

Now, one year and a half later, the European Commission and the U.S. are still negotiating the Framework. The Commission already received the response of the European Data Protection Board (EDPB), necessary for its adoption, at the end of February. In it, the EDPB states that it does not expect the U.S. data protection framework to replicate European data protection law. However, U.S. legislation should provide data subjects with a level of protection essentially equivalent to that guaranteed in the EU.

The publication of the EDPB happened after the Commission itself adopted a on 13 December, which determines whether a country outside the EU offers an adequate level of data protection. The decision reflected the assessment by the Commission of the U.S. legal framework and concludes that it provides comparable safeguards to those of the EU.

Parliamentary pushback

The European Parliament recently seized its right to participate in the debate on the Framework. On 5 May, the parliamentary Committee on Civil Liberties, Justice and Home Affairs (LIBE) published a motion for a resolution urging the Commission not to agree to the framework and raising concerns around the U.S.’ less stringent rules around data protection.

Within the European Parliament, the LIBE-Committee is receiving pushback from the centre-right European People’s Party (EPP) group which is trying to rally other European parties to support the new EU-U.S. data flows.

On 11 May, during the plenary session, the European Parliament voted to adopt a non-binding resolution on the appropriate level of protection of the Framework. This resolution urged the Commission to continue negotiations with its U.S. counterparts with the aim of creating a mechanism that would ensure equivalence and provide the adequate level of protection required by EU data protection law.

Should your business be worried about the EU-US Data Privacy Framework?

Friend or foe for your business’ plot twist? Well…This isn’t a black-or-white situation. At Publyon, we see things in colour and suggest your business take into consideration both the threats and opportunities such a framework can create.

On the one hand, it’s possible previously established restrictions and safeguards for data protection at EU-level will prove to be insufficient. In that scenario, the framework could well result in a sense of insecurity among citizens, businesses and institutions across the Union.

However, the framework does present significant opportunities for companies. It creates a high level of protection for companies’ transatlantic data transfers, provides legal clarity for these transfers and could ultimately result in increased trade opportunities between the U.S. and EU.

What’s next? 

The Commission still needs to obtain a green light from a committee of the Council of the EU composed of deputy permanent representatives of the EU Member States (COREPER I), after which it is expected the Commission will vote on its adequacy determination imminently.

Want to know more about how your business in particular could be impacted by the EU-U.S. Data Privacy Framework? Reach out to us at

Policy update

Policy update

Singing in the rain? Data Act discussions continue around cloud provisions

It’s pouring amendments between the Council of the EU and the European Parliament during trilogues for the Data Act. Negotiations were set on key elements including the scope of the Act, the exchange of information between businesses and governments, and the protection of trade secrets.

However, at the end of April, parliamentary committees reported back on the trilogues and pointed at continued discussions around the act’s cloud provisions. Under these provisions, customers could more easily switch between different cloud data-processing services providers, protected by safeguards against unlawful data transfer.

Furthermore, the Parliament set new rules on data access, empowering data sharing for a range of private and public actors, and thereby fostering innovation.

What threats and opportunities do these cloud provisions pose to your business?

For consumers, including businesses making use of cloud storage, the provisions are good news. They ensure data can easily be transferred from one cloud to another, resulting in a considerable gain in time and security. However, for businesses offering cloud-related services, the provisions are a hurdle. Easy cloud switching means all cloud providers will have to use the same type of cloud infrastructure, which will result in considerable efforts to meet those formats.

What’s next?

Trilogues are proceeding well, and European lawmakers could close their umbrellas by the end of the Swedish Presidency. Here at Publyon, we will keep an eye out for the Telecommunication Council on 2 June and the next trilogues held on 23 May and 27 June.

A.I. Joe: Approaching the last chapter of the AI Act franchise

Big news on the artificial intelligence front: the EU is moving full steam ahead on regulating AI models. On 27 April, the responsible parliamentary Committees on Internal Market and Consumer Protection (IMCO) and Civil Liberties, Justice and Home Affairs (LIBE) reached a political agreement on their report on the Artificial Intelligence Act (AI Act).

And that’s not all: just last week, on 11 May, they adopted the draft report with some major updates.

What changes, you ask? The latest draft imposes a stricter regime for foundation models – AI models trained on massive unlabelled datasets to handle a wide variety of jobs – and AI models posing significant risk, as well as strong transparency rules for general purpose AI. The parliamentary committees also amended the list of banned AI-practices, focusing on biometric identification systems.

What impact does the AI Act have on your business?

For businesses operating in the AI space, the provisions presented by the parliamentary committees establish new rules their products must comply with. For any other organisation using AI, these provisions can offer a better framework for understanding what AI is and how to use it safely.

What’s next?

Difficult trilogue negotiations between the Parliament and the EU Council still lie ahead. For now, we expect the European Parliament will adopt its position on June 12, based on the IMCO and LIBE Committee’s report.

Fast & Furious? The implementation of the Cyber Resilience Act

This month, we’re taking a peek at what has been unfolding in the European Parliament regarding the Cyber Resilience Act. On 4 May, the parliamentary Committee on Industry, Research and Energy published its amendments (124-404 and 405-546) to the penholder’s draft report. Discussions are still ongoing between stakeholders and amongst MEPs on the time manufacturers will be given to comply with the regulation.

Rapporteur Nicola Danti (RE, Italy) from the parliamentary Committee on Industry, Research and Energy (ITRE) has been tending towards 40 months, but industry groups, composed of stakeholders such as DigitalEurope, BSA, the Cybersecurity Coalition, Orgalim and Applia, want more time. Industry leaders are also asking for clarity on provisions regarding open-source software and more information on which products fit within which compliance regime.

The Commission’s proposal did not include open-source products. However, the European Parliament is taking a very different stance regarding open source. In particular, Rapporteur Danti called for a clear extension of the Cyber Resilience Act to all open-source products.

What does the Cyber Resilience Act mean for your business?

For companies selling digital products or offering accompanying services, modifications to the Cyber Resilience Act are particularly relevant, as they determine potential future requirements businesses will have to comply with. The discussions in the European Parliament are crucial for businesses who will have to comply with the Cyber Resilience Act in order to further sell their products in the EU. It will determine the amount of effort your business will have to direct once the Act enters into force.

What’s next?

On 23 May, the parliamentary Committee on Internal Market and Consumer Protection (IMCO) will consider Danti’s amendments. The IMCO-Committee will then debate and vote on its compromise amendments on 28-29 June. On 19 July, we can then expect the vote of the ITRE-committee.

Expert interview

Expert interview

Chat GPT

Hollywood writers are on strike and it seems like superstar ChatGPT isn’t innocent in the matter. On our side of the Atlantic, the European Writers’ Council published a statement asking European lawmakers to consider the creative industry in the wrap-up of the AI Act. They want to regulate the use of existing creative work and the production of new creative work by artificial intelligence. Although we at Publyon do our fair share of writing, we’re not screenplay writers. We decided to take a chance and ask ChatGPT some questions and see whether we should worry as much as Hollywood to be put out of a job.

Chat GPT

What are the threats and opportunities for businesses to use ChatGPT?

Using ChatGPT, businesses can encounter both threats and opportunities. Let’s explore them:


  • Enhanced customer service and support: ChatGPT can provide businesses with an opportunity to offer 24/7 customer support, address common inquiries, and provide instant assistance.
  • Personalization and customization: By integrating ChatGPT with customer data, businesses can offer personalized recommendations, product suggestions, or tailored solutions.
  • Increased efficiency and scalability: ChatGPT can handle a high volume of conversations simultaneously, making it an efficient tool for businesses to handle customer inquiries or support requests at scale.
  • Training and education: ChatGPT can be used as a training tool for employees, providing instant access to information, tutorials, and resources.


  • Lack of accuracy and reliability: In business settings, relying solely on ChatGPT for critical decision-making or customer interactions without proper validation can lead to errors or miscommunication.
  • Ethical concerns: If businesses deploy ChatGPT without proper oversight and monitoring, it could inadvertently generate biased or discriminatory responses, potentially damaging their reputation and customer relationships.
  • Privacy and data security: Deploying ChatGPT requires feeding it with data, which could include sensitive customer information.
  • Legal and regulatory compliance: Using ChatGPT must comply with applicable laws and regulations, especially if it involves handling personal data, ensuring consumer protection, or meeting industry-specific requirements.

To leverage the opportunities and mitigate the threats, businesses should carefully consider the specific use cases, implement proper validation and monitoring mechanisms, address ethical considerations, prioritize data security, and adhere to legal and regulatory frameworks.”

Could you tell us what the latest updates on the Artificial Intelligence Act of the European Union are?

“I apologize, but as an AI language model, my responses are based on information available up until September 2021, and I do not have access to real-time data or the ability to browse the internet. Therefore, I cannot provide you with the latest updates on the Artificial Intelligence Act of the European Union (EU).”

How will organisations have to adapt their cybersecurity requirements to EU standards in the coming five years?

“As an AI language model, I can provide some general insights on how organizations may need to adapt their cybersecurity requirements to EU standards in the coming years. However, please note that specific regulations and requirements may vary, and it’s always advisable to consult legal and cybersecurity professionals for the most accurate and up-to-date information.”

This is the moment where we stopped the interview and resumed writing this month’s Digital Policy Update old-fashioned style, where we can give you targeted insights beyond 2021. At Publyon, we believe nothing beats human input and insights. That is why we focus on delivering the latest updates, creative and outside-the-box thinking, to provide your business with unique, top-quality services.



Fortifying Europe’s cyber defence: the Cyber Solidarity Act and Cyber Security Skills Academy

And the Oscar goes to… cybersecurity! At Publyon, we have prepared an insightful blog post to read up on. In this blog post, we examine two initiatives of the recently published EU cyber package and what opportunities they present for your business, namely the Cyber Solidarity Act and the Cybersecurity Skills Academy.

Fortifying Europe’s cyber defence: the Cyber Solidarity Act and Cyber Security Skills Academy
Events update

Events update

European Defence and Security Summit

Read more on linkedin

European Cyber Agora

Read more on linkedin

Where can you run into our team?

  • Over the next weeks, our colleagues will be attending a few relevant workshops and conferences in the digital sphere in Brussels.
  • This month, you can find Sarah at the E.DSO/ESMIG Webinar concerning the impact of the EU regulation on the the cyber revolution in the energy sector.
  • Stefano and Brecht will be attending the 2023 Cybersecurity Certification Conference, organised by ENISA. Feel free to strike up a conversation with them before or after the event!
Brecht Osselaer

Brecht Osselaer

Hi, my name is Brecht and I am curating this monthly update to bring Brussels’ main digitalisation and technology insights to your inbox. I hope you enjoyed this edition of our update. We are always looking to provide our community with the most valuable content possible, and that starts with you. If you have any suggestions for topics you would like to see covered in our next edition, do not hesitate to reach out to me.