Welcome to Publyon’s Digital Policy Update! Every month, we are happy to provide you with insights on the latest EU policy trends and developments. This month, our director, Cathy Kremer, takes the stage to give your business more insights on the necessity to follow EU digital policy files.
Then, drumroll please for this month’s (Ringo) star: the GDPR. Completing the Fab Four are our updates on the Data Act, the AI Act and the Cyber Resilience Act. It will be the Data Act’s last appearance on the scene – more details in the policy update below. Further, in the monthly blog post recommendation, you’ll find a link to Publyon’s insights on the European and Belgian elections. Finally, we’ll end our musical tour with this month’s special insight from our digital and technology colleagues.
We are taking the month of August to find a new policy Beatle. We will be back after a one-month break in September to start (you) up with even more insightful content on EU digital and technology news! Wishing you an enjoyable summer break, from the entire Publyon team.
Did we spark your interest?
If you have an appetite for interesting content, visit us online for more insightful reading and helpful tips on upcoming relevant events.
All you need is… better rules to support the GDPR
There’s nothing you can do that can’t be done, four wise men once sang – and the European Commission sings along. In the past, the European Union had already expressed the wish to boost the GDPR’s efficiency and enforcement. That’s a win with the new proposed rules, with which the Commission wants to set the record straight on the General Data Protection Regulation’s enforcement (GDPR).
In May, the GDPR celebrated its fifth anniversary. As a reminder, the GDPR ensures the protection of European citizens’ data. It created a regulatory framework for the processing and free movement of personal data. The regulation, which entered into force in 2018, contributed to making the European Union a safer digital space, protective of its citizens’ digital rights.
To speed up the enforcement of the GDPR across the Union by all stakeholders, the European Commission unveiled on 4 July a new law to facilitate the cooperation of data protection authorities (DPAs) in cross-border GDPR-related cases. In a nutshell, the new regulation would introduce the obligation for DPAs to keep track of and summarise key ongoing cases, and share them with their European counterparts.
Why is this important for your business?
If your business is operating in more than one Member State and comes under scrutiny by a DPA for breaching the GDPR, the new rules by the Commission will clarify your business’s due process rights during the investigation. Overall, the new rules will delineate clear roles for individual complaints and the investigation of breaches by businesses, ultimately providing more legal certainty for all stakeholders, including your organisation.
Yesterday, the Data Act seemed so far away. Now it looks as though it’s here to stay!
Suddenly, it happened: on 27 June, an agreement was found between the EU policymakers on the Data Act. After some troubled negotiations on trade secrets, the European institutions ultimately agreed on a common position.
The institutions introduced the ‘emergency break’ solution for companies that might face serious economic losses from data-sharing obligations. The emergency break gives companies the right to decline access to secret trade-related data. Other exceptions agreed upon with regard to the scope of the regulation entail specific safety requirements and data processed via complex algorithms.
Furthermore, on data markets, the interinstitutional agreement states that the owners of connected devices and the product manufacturers can monetise from the generated data by sharing, selling or licensing it to other companies, such as start-ups or researchers. Hence, private companies will have to provide personal and non-personal data in public emergencies (e.g., pandemic). In case of non-emergency, they will have to provide only industrial data. Finally, on cloud markets, the agreement built the necessary framework to ease the switch from one cloud provider to another.
And what about tomorrow?
We can already tell you the Data Act will apply to your business 20 months following its entry into force (expected in Q3/Q4 2023). Design requirements for new products will apply after one year. Finally, existing contracts on Internet of Things (IoT) products will change after five years.
However, the political deal struck in June will need to be formally approved by the Council of the EU and the European Parliament. A first vote in Coreper and ITRE Committee could be expected by September.
If you wish to read more about how the Data Act may impact your organisation, we invite you to read our blog post.
A hard day’s night ahead for the AI Trilogues
Last month, we had written that the Spanish Presidency of the Council of the EU had made the Artificial Intelligence Act (AI Act) its priority. And indeed, the AI Act has kept the Spanish busy.
Last week, political discussions on innovation and fundamental rights. The Spanish Presidency foresees that an obligation for users of high-risk systems to conduct a fundamental rights impact assessment before they are put into use will be necessary to reach an agreement, as proposed by the European Parliament.
Further, policymakers already confirmed that systems using biometric identification technologies will have to encounter third-party conformity assessment. Hence, there is a stricter regime for the providers of AI models at high risk of causing harm.
What’s next? Eight days a week of work for the Spanish Presidency!
Negotiations are anticipated to be long and difficult for the AI Act. In this light, the Spanish Presidency has planned two additional Trilogue meetings, on top of the traditional three, before the end of the semester. The next one already has a fixed known date: 26 September. However, at Publyon, we will look out first to the results of the trilogue of 18 July.
The long and winding road to an agreement on the Cyber Resilience Act
The (Abbey) road is long, but the end is near for the Cyber Resilience Act. On 5 July, MEPs from the lead parliamentary committee on Industry, Research and Energy (ITRE) agreed on compromise amendments, regarding remote data processing solutions, compliance with certification requirements and the entry into force of the regulation. The compromise includes as essential requirement the possibility for users to securely withdraw and remove their data permanently.
The Expert Group tasked to advise the European Commission on the preparation of the delegated acts will have to be named by the Commission, and a declaration of their interests will have to be published in the Commission’s website.
In the Council, the Spanish Presidency decided to shorten the lists of products falling under class I, where the manufacturer may carry out the conformity assessment, likewise did it shorten the second list where a third party needs to be involved in the assessment. Moreover, the mandate of the European Commission for EU cybersecurity certifications for highly critical products has been restricted. Manufacturers will be still required to ascertain the expected product lifetime. Lastly, components manufacturers as spare parts to replace identical components fall out of the scope of the Regulation.
Today, 19 July, we can expect the vote of the responsible Parliamentary Committee on Industry, Research and Energy (ITRE). A plenary vote will take place after the Summer recess of the Parliament, likely during the Strasbourg session on 11-14 September. The ambition is to start Trilogues as soon as possible. Although the Parliament will most likely not reach an agreement before September.
This month, our director Cathy Kremer has accepted to talk about the importance for your business to engage at EU-level. We invite you to discover more about the importance of the European digital transition, its link to sustainability, and the ways your business can follow and implement the necessary European policy changes to maximise its opportunities.
Hi Cathy, thank you for accepting this interview and sharing your insights with us. Would you mind introducing yourself in a couple of sentences to our readers?
I’m a Director at Publyon EU, leading the Digital/Tech pillar. I therefore advise clients on how to develop and implement Public Affairs strategies mainly in the digital/tech sector, but am also occasionally involved in issues related to sustainability and transport. I do this at Belgian, Luxembourgish and EU levels. I’ve been at Publyon since 2018 and previously worked in London as a Communications Manager for PubAffairs whilst freelancing as EU and Belux Public Affairs consultant in Brussels.
In the past years, the European Union has really focussed on bringing forth two transitions. On the one hand the digital transition, and on the other hand the ecological one. Could you tell us why this twin cycle transition is so important for businesses operating in the EU?
The digital transition is important because it supports all Member States in equal ways to jump on the digitalisation train. Digitalisation allows progress in all fields of our society, to ensure a faster and better-protected process in health, administration, education, and so forth. The ultimate objective of digitalisation is to support people and the economy and create the conditions for increased productivity and enhanced communication.
The ecological transition is equally important because it allows our societies to be more sustainable and meet important decarbonisation objectives, that ultimately support the fight against climate change. They are called the twin transitions because they go hand in hand. Many of our decarbonisation solutions rely on digitalisation. Take for example the electrification of transport, which relies on digital systems. Overall, technology can help with building efficiency, mobility systems for green transport or the tracking and tracing of products to ensure circularity and product sustainability.
These twin transitions are dominating the current policy landscape at the European level. Businesses, therefore, have been and will continue to be subject to more and more regulations, directives and guidelines from the EU, also beyond the 2024 EU elections into the next political mandate. The European Commission, MEPs and Eu member states have already started thinking about legislative priorities for the period 2024-2029.
A lot of businesses might not see the necessity to follow EU legislative developments and engage at the EU level, could you explain why, on the contrary, that is important?
If your business carries out activities in the European Single Market, following legislation is a key step to maximise business opportunities. Legislation functions as a framework for the European Union, and it thus influences the European Single Market in significant ways. Ultimately, your business will have to comply with EU legislation, whether that is directly or through national legislation. To mitigate risks to your business in the long term, and ensure its viability in the European Union, following legislative developments allows you to anticipate on major changes that will be asked of your business in order to operate in the Single Market in the long term. It’s not a luxury, therefore, to integrate Public Affairs into your long-term business strategy in order to keep your licence to operate and keep growing as well.
Finally, the EU offers many funding opportunities that can support your business’s development. Following legislation allows you to be aware of what funding packages the EU proposes and how your business can access those funds.
How can Publyon’s digitalisation services help your business’s transition towards a digital future?
First of all, Publyon can fully support your business in following the developments in EU digital legislation. We keep a close eye on legislative developments to allow businesses to make informed decisions (i.e. monitoring services). Accordingly, we can help your business anticipate legislative changes, support in implementing legislation or empower your business to be heard during the legislative process to defend the interests of your business. We can further support with positioning your business at the EU level, whether through supporting you in building a network or coalition or fine-tuning your external communication strategy.
The key is that every business is different, and the services above should not be a one-fits-all approach. We know how much the European Union is a deeply interconnected and inter-disciplinary collaboration of States. As explained earlier, digitalisation does not stand alone but is deeply interwoven with energy, transport and sustainability questions. At Publyon, we propose to address exactly that complexity, with a team of colleagues in a diversity of policy fields and ultimately accompany your business not only but also beyond the destination it wants to reach.
At Publyon, we say we go beyond public affairs: can you explain what this means exactly?
At Publyon, we don’t just deliver public affairs support in a traditional way, but we also provide tailored strategic advice on how digital files impact vital processes within organisations. Our focus extends beyond mere compliance; we aim to leverage regulations to become frontrunners, ensuring the long-term sustainability of the license to operate of an organisation. Therefore, going beyond Public Affairs at Publyon means we integrate Public Affairs into strategic consulting on business models and operations.
EU elections 2024: which way is the wind blowing?
No need to twist and shout to get your business’ voice heard before the elections. This month, we invite you to read our blog post on the European elections, coming up in little under a year, the week-end of 6-9 June. We tell you all about why and how your business should engage with key European stakeholders in light of the upcoming elections.READ ARTICLE
Belgian elections 2024: how can businesses prepare?
Interested in knowing more about Belgian elections taking place the same week-end? We have another blogpost for you explaining everything you need to know about Belgium, its institutions, and election process, and why they matter for your business.READ ARTICLE
Come Together at Publyon’s LinkedIn Summer Spot
Here comes the sun, and with that a well-deserved summer break in the European bubble. No events planned we can meet you at or report on for now, but who said you needed networking events to meet?
During this summer, we are taking you online to keep the opportunity to meet and exchange with our Publyon Digital and Tech colleagues! We invite you to stay up-to-date with our team’s insights through our LinkedIn page, where you’ll find weekly posts on events, important news and our organisation. A great occasion to also get acquainted with the work in our Sustainability and Transport and Energy pillars.
This week, we invite you to reflect with our Director Cathy Kremer on the following question regarding Web 4.0: will the EU learn from past experiences and find the right balance between rules and freedom? Want to read more and share your thoughts on the Commission Web 4.0 communication? Cathy is happy to read and answer your comments under the LinkedIn post.
Our managing partner Jasper Nagtegaal shared his thoughts on the adoption of the Chips Act, a key milestone for the European semiconductor industry, with important implications for the digital and technology spheres. You can find Jasper’s insights here. Want to share your thoughts on the Chips Act? Jasper is happy to connect and continue the conversation!
Hi, my name is Emmanuelle and I am curating this monthly update to bring Brussels’ main digitalisation and technology insights to your inbox. I hope you enjoyed this edition of our update. We are always looking to provide our community with the most valuable content possible, and that starts with you. If you have any suggestions for topics you would like to see covered in our next edition, do not hesitate to reach out to me.Contact