Written by Irene Veth

Dear reader,

Welcome to Publyon’s Digital Policy Update (DPU). This month, we echo the words of the wise: May the force be with you. We are happy to provide you with insights on the latest EU policy trends and developments to keep you informed. In this edition, we will navigate the Trump and tariff saga. We will also delve into Germany’s election dynamics, the DMA fines facing Big Tech, and explore the Huawei controversy in our Geopolitical corner. And as always, we bring you the latest on AI, cyber, data, and other digital and tech policy news. Happy reading!

Europe’s bold plan for sustainable growth, the “Clean Industrial Deal”, represents a major shift for EU businesses, especially in energy-intensive sectors. Don’t miss your chance to engage with the Commission to shape this deal and influence the policy direction for the next five years.

LEARN HOW
The spotlight

The spotlight

Trump, tech, and tariffs: How do EU retaliatory tariffs affect your business?

We’re in the midst of a 90-day ceasefire during a global trade war, and the European Commission just proposed up to €95 billion in retaliations as a response to US tariffs. While the draft list largely targets US exports, such as health products, machinery, and transport equipment, the digital and tech ecosystem in Europe may feel the disturbance in the Force and be affected by the knock-on effects of a tariff escalation, as it could significantly disrupt supply chains and investments across the sectors.  

European associations and businesses have the opportunity to advise the European Commission on implementing possible countermeasures for American products. A public consultation runs until 10 June, which will be vital in informing the Commission about how the tariffs may affect various sectors and in shaping the final measures.  

While the Commission does not intend to match the volume of American tariffs, the digital and tech sectors may face indirect effects. This could result in increased costs for European manufacturers and a loss of market share. Although items such as semiconductors and pharmaceuticals are excluded from the draft list, the American administration may shift focus to these critical sectors if tensions escalate, leaving businesses to face a new hope for disruption. An escalating tariff war could be detrimental to the development of critical technologies, particularly those with dual-use applications. As the EU and the US rely heavily on each other for critical tech, the added costs may slow innovation and technological advancement. 

At the same time, the EU will initiate a dispute at the World Trade Organisation (WTO) against these “reciprocal” tariffs and duties as the European Commission firmly believes that these are a clear breach of core WTO principles. They aim to reinforce the importance of upholding internationally agreed-upon rules, asserting that no member can unilaterally override them. 

In the meantime, the EU is ensuring to strengthen its other international partnerships. On 12 May, the EU and Japan reinforced their tech and digital cooperation during the third Digital Partnership Council in Tokyo. They agreed to continue working together on key technologies, such as AI, 5G/6G, semiconductors, high-performance computing and quantum technology, and increase collaboration on issues like data governance, digital identities and trust services, online platforms, digital markets, submarine connectivity, and cybersecurity 

Do you have questions about how these developments impact your business, or how to draft effective input for the consultation on potential countermeasures? Do not hesitate to reach out to our Director Cathy Kremer c.kremer@publyon.com. 

Impact analysis for your business

Impact analysis for your business

Our free policy updates keep you informed, but is that enough? With our tailored EU Digital Policy Updates you’ll receive:

  • Custom insights on how upcoming policy changes might impact your business;
  • Strategic advice from your dedicated policy consultant on how to turn challenges into opportunities;
  • Early warnings about key legislative developments.
Schedule a free consultation
Geopolitical corner

Geopolitical corner

In Publyon’s geopolitical corner, we explore how geopolitics intertwines with digital (policy) developments. Read on to learn more about what the hottest topics were this month!

 

DMA fines for American Big Tech 

The Digital Markets Act (DMA) has officially drawn its lightsaber, making its first victims with the European Commission fining American Big Tech companies Apple (€500 million) and Meta (€200 million) for non-compliance with market regulations. Both companies have violated the DMA by breaching the rules of their application store and now have 60 days to ensure full compliance with EU rules; otherwise, penalties will increase periodically. Meanwhile, Apple considers appealing the Commission’s decision, claiming it offered a solution for its app store without hearing back from the Commission.  

 

Friedrich Merz means business for Europe 

After two rounds of voting in the Bundestag, Friedrich Merz was finally confirmed as German Chancellor, marking an awkward start, as it was the first time for a German leader to make two attempts to start his mandate. Nevertheless, he won’t have the time to sit still, because EU leaders will have to speak with a unified voice on the world stage. Geopolitical turmoil, including war, increasing tariffs, and hybrid threats, affects European markets, digital infrastructure, and consumers’ trust. When sworn in, Merz immediately paid a visit to French President Macron to discuss the EU’s competitiveness, strengthening of European defence and security and the war in Ukraine. A strong Franco-German engine is needed to stabilise tensions and revitalise European industry. Merz favours joint solutions but underlined the need for regulatory simplification and standardisation to enable economies of scale to boost European economies.  

The Commission is currently preparing its proposal for the EU’s next budget, the Multiannual Financial Framework (MFF 2028-2034), ready for publication in July. During his visit to Brussels on Europe Day, Chancellor Merz had already kickstarted the debate by expressing his aversion to a joint EU debt, arguing that it should only be used for exceptional situations. Such exceptions might include increased spending on defence and cyber capabilities, but it remains to be seen how these discussions will develop. 

 

European Commission off limits for Huawei 

Following our March update of the European Parliament’s decision to ban Huawei lobbyists from its premises, the European Commission has now followed suit, blacklisting anyone acting on the Chinese tech giant’s behalf. With investigations into bribery, corruption, and document forgery still underway, it is rumoured that the European Commission will not meet any representatives or affiliated entities of Huawei for the foreseeable future. In true Death Star lockdown fashion, this move is sending ripples through Brussels; tech and business associations may need to reconsider Huawei’s membership in their lobbying activities.

Policy updates

Policy updates

Commission seeks support in implementing AI Act 

The European Commission launched a call for tender on 16 May to establish an AI Act Service Desk to support the smooth implementation of the Artificial Intelligence Act (AI Act). With this Service Desk, the Commission aims to provide clear, straightforward information to businesses and allow stakeholders to submit questions to the AI Office regarding the new AI rules. It will also integrate the Single Information Platform, helping stakeholders assess their legal obligations and compliance steps.  

Additionally, a little Astromech told us that the Commission is also preparing for the enforcement of the safety provisions of the AI Act, which take effect on 2 August. They seek external experts to evaluate a wide range of risks, including chemical, biological threats, and nuclear threats, as well as the possible risks of losing control over AI systems and manipulation of individuals. Let’s just hope future AI models will not fall to the dark side! 

 

Anything interesting for my business?

On 22 April, the European Commission opened a consultation to help shape upcoming guidelines on general-purpose AI (GPAI) models under the AI Act. The guidelines will clarify key concepts, such as what defines a GPAI model, who qualifies as a provider, and how market placement is assessed. Additionally, the guidelines explain how the AI Office will provide support for businesses to ensure compliance and explain how the Codes of Practice (CoP) could lessen administrative burden for providers and serve as a benchmark for regulatory compliance. 

Be prepared and provide your feedback by 22 May – at Publyon, we are well prepared to support you in this process. The non-binding guidelines will complement the upcoming CoP, both expected before August 2025. 

 

What’s more?

At the Internal Market Committee (IMCO) on 28 May rapporteur Brando Benifei (Italy, S&D) from the AI Act Working Group confirmed that the final version of the CoP is expected to be completed by May, operationalising the core provisions of the AI Act and creating presumptions of compliance for developers. The drafting process has, however, raised concerns, noting a shift toward industry-centric outcomes, such as limiting technical risks to technical performance, and transparency issues.  

While the Commission agreed that the taxonomy of systemic risks should be expanded, it emphasised that providers must still identify and mitigate unaddressed risks, though this would be voluntary. The Commission also highlighted developments regarding a training data summary template, the review of the compute threshold, the set-up of advisory bodies by 2 August, and ongoing work on AI standards. 

 

Europe’s mission to set global tech standards through International Digital Strategy

The European Commission has launched a call for evidence on its upcoming Joint Communication on International Digital Strategy, inviting feedback until 21 May 2025. This initiative aims to define the EU’s external digital priorities and cooperation models with international partners, covering technology, innovation, and investments. The strategy is expected to be launched on 4 June 2025. 

 

Cloud City: leaked EU paper reveals Europe’s digital sovereignty ambitions

On 25 April, a leaked document from the Polish Presidency revealed Europe’s ambition to build its own ‘Cloud City’ through the upcoming AI and Cloud Development Act. The paper summarises Member States’ calls for action on critical challenges, including limited electricity supply, fragile supply chains, innovation gaps, sustainability targets and sluggish permitting. The focus is on creating AI-optimised and geographically balanced infrastructure across the EU, reducing dependence on non-European providers and strengthening Europe’s position in global digital markets. 

After all, as Yoda might say: “Clouds, European they must be. Depend on others, we cannot!” 

The leaked paper highlights the significant political pressure on the Commission to accelerate work on the EU Cybersecurity Certification Scheme (EUCS), finalise the EU Cloud Rulebook, and utilise public procurement to enhance European providers. Member States also call for greater support for cross-border projects such as GaiaX and a clearer definition of sovereign cloud capacity. 

 

EDPB and EDPS support GDPR simplification

On 8 May, the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) sent a joint letter to Commissioner Michael McGrath, voicing cautious support for the Commission’s proposal to simplify GDPR record-keeping obligations. The proposal would extend existing exemptions to small mid-cap companies and non-profits with fewer than 500 employees, easing their administrative burden. At the same time, the scope is tightened to exclude cases with a likely high risk to individuals’ rights. They call for more transparency, urging the publication of data on how many organisations would be affected and an assessment of any potential impact on overall data protection standards. Moreover, they emphasise that even small entities can engage in high-risk processing and underscore the need to preserve a risk-based approach. A formal consultation will follow the publication of the draft. 

 

EU prepares major overhaul of data rules to cut red tape

In preparation for the upcoming European Data Union Strategy, the European Commission is convening a consultation meeting to chart the course for a more unified, accessible, and innovation-friendly EU data space. Much like the New Republic’s rangers patrolling distant systems to restore order, the strategy aims to bring coherence to a fragmented data landscape by simplifying legislation, boosting interoperability and strengthening governance. Anchored in the need to support AI, reduce compliance burdens and respond to geopolitical shifts, the meeting explored how to unlock access to high-quality data, promote ecosystems like Gaia-X, and support the production of synthetic data 

 

Parliament moves to harden democracy against cyber threats

The European Parliament’s working document on the European Democracy Shield, prepared by the Special Committee on 29 April, outlines a sweeping set of recommendations to harden the Union’s institutional, digital and societal defences. Framed against the rising tide of foreign information manipulation and interference (FIMI), cyber-attacks and disinformation, the strategy acts as a continent-wide force shield intended to repel coordinated assaults on democratic systems. The proposal calls for an independent EU-level structure to counter FIMI, enhanced coordination of cybersecurity frameworks such as NIS2, and reinforced implementation of digital laws including the DSA and AI Act. 

Blog

Blog

EU Cybersecurity Act: strategy, scope and stakes

As part of its new ProtectEU Strategy, the EU is preparing a major revision of the Cybersecurity Act. The update aims to sharpen the role of ENISA, streamline certification rules, roll out a pan-European Cyber Shield, and boost investment in dual-use cybersecurity technologies.

Read more
EU Cybersecurity Act: strategy, scope and stakes
Events

Events

Galactic event calendar

Interested in where we are star hopping in the coming period? Our colleague Jan Van Braeken will attend CEPS’ event “Digital sovereignty and Standardisation: Europe between innovation, security and competitiveness” on 15 May. You can meet our Director Cathy Kremer at Politico’s event “Europe’s quest for competitiveness” on 19 May. Cathy and Jan will also attend the Pre-Summer BBQ hosted by the Media, Connectivity, and Digital Policy Department of the Luxembourg government on 5 June.

We are always eager to have a chat about the latest Digital Policy Update and other digital and tech news with our fellow digital policy enthusiasts. If you are interested in meeting the Jedi forming our digital and tech team, do not hesitate to reach out to us.

Request a tailored policy update for your organisation

Fill out the form below to schedule a free consultation with our team to discuss how Publyon can help guide you through policy developments that affect your business.

    * required field