EU Digital Policy Update | No. 21

Written by Irene Veth

Dear reader,

Roses are red, violets are blue, digital policy is changing, what is new? Welcome to Publyon’s Digital Policy Update (DPU). We are happy to provide you with insights on the latest EU policy trends and developments to keep you informed. This Valentine’s season, the temperatures are rising – not just outside, but also in Brussels, with the release of the hotly anticipated Work Programme for 2025. We have handpicked the best bits for you. Because we love a good geopolitical twist, we are also launching our brand-new Geopolitical corner. And as always, we bring you the latest on AI, cyber, and other digital policy news. Happy reading!

Europe’s bold plan for sustainable growth, the “Clean Industrial Deal”, represents a major shift for EU businesses, especially in energy-intensive sectors. Don’t miss your chance to engage with the Commission to shape this deal and influence the policy direction for the next five years.

The spotlight

Work Programme 2025 for digital and tech

The European Commission has laid out its ambitious menu for 2025, but does it include the bread and butter for your business needs? Find out more about the 2025 work programme (and its annexes) down below.

All about AI and Quantum

An AI Continent Action Plan (Q1) will benefit European businesses in the areas of AI and its applications, by unlocking supercomputing for European AI startups and scale-ups (AI Factories initiative), as well as boosting industrial applications of AI in Europe (Apply AI Strategy). With the Quantum Strategy (Q2), which will be followed by a Quantum Act, the European Commission aims to boost the EU’s capacities to research and develop quantum technologies to maintain global leadership in this critical sector. 

Connect with me

An important step for the completion of the European Single Market is the announcement of the Digital Networks Act (Q4) to modernise the EU’s telecommunications infrastructure. It will enhance cross-border network operations and service provisions, enhance industry competitiveness and improve spectrum coordination.

With the European Business Wallet (Q4) the European Commission aims to reduce administrative burdens and facilitate easy interoperability between businesses (B2B), businesses and consumers (B2G) and businesses and government (B2G). The EBW builds on the eIDAS and ensures a harmonised implementation and enforcement of data exchange.

Talk simplification to me

The European Commission introduces so-called Omnibus proposals that will simplify legislation and cut red tape by at least 25%, and 35% for SMEs. These measures include easier sustainability reporting (Q1), investment framework simplification (Q1), and a digital package (Q4) to build synergies and consistency for data protection and cybersecurity rules. A “small mid-cap” category will also be introduced that includes large SMEs with specific adapted requirements and the removal of outdated paper-based requirements (Q2).

In its newly proclaimed love for startups and scale-ups, the Commission will unveil a Strategy (Q2) to address barriers such as access to risk capital, fragmented markets, and regulatory hurdles, while promoting innovation, patent commercialisation, and a harmonised EU-wide legal framework for businesses.

One budget to woo them all

In addition to the work programme, the Commission took the first step for the launch of the next Multiannual Financial Framework for the period 2028-2034. The communication shows the ambition of the Commission to get the ball rolling and initiate the public debate at an early stage. The MFF simplifies EU funding procedures and divides the budget into three parts: national plans per Member State, a Competitiveness Fund for major strategic projects, and a fund related to security and defence.

The latter will be a white paper on the future of European Defence, aiming to harmonise and standardise capabilities – because true partnership means working together.

Impact analysis for your business

Our free policy updates keep you informed, but is that enough? With our tailored EU Digital Policy Updates you’ll receive: 

• Custom insights on how upcoming policy changes might impact your business;
• Strategic advice from your dedicated policy consultant on how to turn challenges into opportunities;
• Early warnings about key legislative developments.

Schedule a free consultation

Geopolitical corner

We are introducing a brand-new segment to our Digital Policy Update: Publyon’s geopolitical corner.

In our new section, we explore how geopolitics intertwines with digital (policy) developments – with the latest heartbreaks and break-ups in the domain of international relations. Read on to learn more about what the hottest topics were this month!

Time for A(I)ction

On 10-11 February, the AI Action Summit in Paris gathered world leaders to discuss the future and development of artificial intelligence (AI).

You might remember that President Trump announced USD 500 billion worth of (private) investment in digital infrastructure through the joint venture Stargate. Now, European Commission President, Ursula von der Leyen, also showed some AI love and announced the largest public-private partnership in the development of AI Factories and public supercomputers of €200 billion (InvestAI), seeking to boost the EU’s competitiveness, efficiency, and R&D in AI. This includes €20 billion for AI gigafactories to help kickstart the EU into becoming an AI continent.

EU leaders received backlash from visiting US Vice-President JD Vance. He criticised the Commission’s regulation drive, referring to the General Data Protection Regulation (GDPR) and Digital Services Act: “The overregulation leads to government censorship of free speech. We want to partner with all of you, but to create that kind of trust, we need an international regulatory regime that fosters AI technology rather than strangles it.” Vance joins American Big Tech companies criticising the EU approach to digital regulation, as you could read in our previous newsletter.

A new Chinese kid on the block

Chinese AI startup DeepSeek has swiftly risen to prominence, with its AI assistant surpassing ChatGPT to become the most downloaded free app in Apple’s App Store. This surge follows the release of its R1 model, which offers performance comparable to leading AI models at a fraction of the costs, competing with OpenAI’s ChatGPT.

DeepSeek’s emergence challenges the assumption of US dominance in AI innovation. Trump might have taken an aggressive stance on US chip exports, but DeepSeek shows alternatives might be possible. In the meantime, the EU scrambles to balance regulation and innovation. The Artificial Intelligence Act (AI Act) aims to enforce safety and transparency in the use of AI models, like DeepSeek, in the EU, while GDPR concerns mount as DeepSeek stores most data in China.

In response, US lawmakers issued a bill to ban DeepSeek from government devices as it might pose threats to national security. Meanwhile, Italy’s data protection authority has blocked access to DeepSeek and launched an investigation into data security risks, with countries like France, the Netherlands, Luxembourg and Belgium also raising questions about data collection practices. The European Data Protection Board (EDPB) set up a quick response team to investigate DeepSeek’s practices.

With rising geopolitical tensions, one thing is clear: digital policy needs strong foundations, just like any good relationship. DeepSeek has already had big repercussions on financial markets.  Consider for instance the recent announcements by Google to invest hugely in AI and digital infrastructure in the US which were met by scepticism on financial markets. DeepSeek is disrupting the AI ecosystem, so it’s worth watching this space.

Grok 3 joins the AI dating game

On 18 February, xAI unveiled Grok 3, its latest and allegedly most powerful AI model yet. Musk boldly claimed this might be the last time another AI surpasses Grok, a declaration as audacious as Mr. Darcy’s first proposal. Rolling out first for premium X subscribers, Grok 3 promises sharper reasoning, improved learning, and the ability to reflect on its own mistakes. But in the ever-changing AI race, loyalty is rare. With DeepSeek rising and OpenAI rejecting Musk’s $97.4 billion buyout, competition remains fierce, and Grok 3 will have to prove it’s more than just another fleeting crush in the AI landscape.

Curious how these developments can impact your business? Don’t hesitate to reach out to our director Cathy Kremer at c.kremer@publyon.com.

Policy update

AI love it

The first AI Act milestone is here! As of 2 February, new rules on prohibited AI cases are in effect. The non-binding 135-page guideline document from the Commission followed a few days later, offering legal explanations and practical examples of prohibited practices, such as harmful manipulation, social scoring, and real-time remote biometric identification. While enforcement won’t start until August, now is the time to prepare! The Commission may amend or withdraw the guidelines as needed.

Additionally, the AI system definition and AI literacy rules also entered into force. The Commission released guidelines on AI system definitions and a living repository of AI literacy practices from providers and deployers (look out for the AI Pact’s webinar on 20 February).

Meanwhile, the third version of the Codes of Practice (CoP) for General-Purpose AI models (GPAI) was expected this week, but has been delayed until further notice. US Big Tech companies, including Meta and Google, are pushing back, with Meta refusing to sign the current draft. Some MEPs worry the code exceeds AI Act requirements and could undermine EU competitiveness.

When’s the next date?

The final CoP for GPAI will be ready by 2 May. The new rules on general-purpose AI models (GPAI) will start applying on 2 August, together with rules on notified bodies, governance, confidentiality and penalties.

No AI-strings attached

In a surprise move, the European Commission has withdrawn its proposal for an AI Liability Directive (AILD), citing “no foreseeable agreement” among EU lawmakers and Member States. The proposal aimed to harmonise AI-related damage claim proceedings but faced concerns over overlap with the Product Liability Directive (PLD), and questions about its added value. The AILD also likely fell victim to broader efforts by the EU to simplify regulation – guess the Commission was not into it after all.

The decision has sparked criticism, with concerns that fragmented national civil liability regimes will remain. Some Member States, like France, see little need for dedicated AI liability legislation. However, EU institutions may continue working on the file if they see fit. The Commission could potentially come up with another approach or proposal for AI-related civil liability rules.

Add to cart: E-commerce

The European Commission is stepping up efforts to tackle the growing risks associated with low-value e-commerce imports from non-EU retailers and marketplaces. With 4.6 billion such consignments entering the EU in 2024—double the previous year—concerns over unsafe products, counterfeit goods, and unfair competition have escalated. To address these challenges, the Commission has published a communication on e-commerce titled ‘A Comprehensive EU Toolbox for Safe and Sustainable E-Commerce’.

The toolbox focuses on customs reforms, digital tools, enhanced product safety controls, environmental protection, and stricter consumer protection measures. Key proposals include removing duty exemptions for parcels under €150, increasing customs inspections, and introducing stricter penalties for non-compliance. Coordinated market surveillance and enforcement actions will also help remove non-compliant goods from circulation, ensuring that European businesses compete on a level playing field.

The Cyber Cupid returns

Do you remember the Cyber Cupid from last year? On 5 February, the EU Agency for Cybersecurity (ENISA) published its 2025-2027 strategy, focusing on implementing NIS2, the Cyber Resilience Act (CRA), and the Cyber Solidarity Act (CSA). Additionally, ENISA plans on enhancing cross-border cooperation, cybersecurity awareness, and incident response, as well as ensuring the EU Cybersecurity Certification Framework is implemented effectively. The framework sets security standards for ICT products and services in the EU.

The Council’s cyber dating conclusions

We heard from a little birdie that under the Polish Presidency, the Council is conducting a structured stocktaking on its recent conclusions on cyber issues—like maintaining a well-organised diary, minus the calorie counting and dating disasters. By mid-May, a final version will be ready, setting the stage for a May-June debate on priorities and key actions. Unlike Bridget Jones’s resolutions, this structured approach to cybersecurity governance should be designed to stick.

Measures focus for example on implementation, simplification, and lessening of administrative burden, and crisis management and cyber resilience. The EU countries will also assess their commitments and plans regarding cyber defence, risk assessment, cybercrime, skills, cooperation with the private sector, and future threats and emerging technologies (AI, quantum, 6G).

Love Actually – online

Previously, we tipped you off about discussions under EU governments on the Audiovisual Media Services Directive, set for review in December 2026. Now, another little birdie told us the Polish Presidency is pushing for stricter measures to combat misinformation on online platforms.

These measures would require platforms to give greater visibility to European content, particularly journalism and news from reputable sources. Proposed changes also include reshaping digital advertising rules, with EU countries wanting video-sharing platforms such as YouTube, TikTok and Instagram regulated like traditional media to level the playing field in advertising revenues, as they have gained an unfair advantage due to looser ad rules.

Blog

Digital Fairness Act: protecting consumers from unethical techniques and commercial practices

While the Digital Fairness Act is on the Commission’s radar for next year, the preparation is already underway. Learn what this legislation will tackle and get insights for your business on what to do next.

READ ARTICLE

Events

Match made in heaven

Where can you find us this month? You can match with me (Irene) and Cathy Kremer on 20 February at DIGITALEUROPE’S event ‘Master of Digital 2025’. Additionally, you can find me also at Euractiv’s event ‘The digital imperative: Europe’s path to innovation, security and growth’ on 12 March. On the same day, you can find our colleague Jan Van Braeken at ENISA’s European Cybersecurity Certification Conference. 

We’re always eager to have a chat about the latest Digital Policy Update and other digital and tech news with our fellow digital policy enthusiasts. If you are interested in meeting the fanatics forming our digital and tech team, do not hesitate to reach out to us.