Dear reader,

Welcome to Publyon’s Digital Policy Update. We are happy to provide you with insights on the latest EU policy trends and developments every month. The end of the year is nearing and a new one is right around the corner. This month, jump on our policy sleigh as we fly you to the upcoming policy developments to be expected in 2024.

December will have been a closing month not only for our calendar year but for our two biggest remaining files. We can add the (political) deals on the AI Act and Cyber Resilience Act to our end-of-the-year celebrations! To balance out all this closure with some news, we’ll give you some insights into the kick-off event of the Belgian Presidency which took place last week. At the end of this Digital Policy Update, you’ll also find a little word from our team to you. Enjoy this final ride of the year. We wish you all pleasant end-of-the-year celebrations.


Did we spark your interest?

If you have an appetite for interesting content, visit us online for more insightful reading and helpful tips on upcoming relevant events.

The spotlight

The spotlight

Trends and developments for 2024

A cosy fire and hot chocolate, that is all we need to reflect on the past year and look forward to the upcoming European digital developments for 2024. Artificial intelligence (AI) will continue to have a major impact on the world. We can expect more powerful AI applications and an increased use of AI in all sectors. Policy-wise, prepare for some discussions on intellectual property rights and liability (with the AI Liability Directive still in the pipelines) for AI systems including generative AI (gen-AI) and foundation models. With the concluded EU AI Act (spoiler! More on that below), businesses would need to ensure compliance with the upcoming legislation.

AI developments will be tightly linked to the governance of algorithms – with growing awareness across the EU wants to ensure the fairness, transparency and accountability of algorithms going into 2024. You’ll discover in the policy updates below that the Belgian Presidency has made algorithms one of its top digital priorities during the Belgian Presidency.

On the technological front, you can expect more momentum on clean technologies, with updated regulations connected to renewable energy, green transportation, and emissions reduction.

Next, cybersecurity cannot be missed, with the EU scaling up its investments in cybersecurity research and development, as well as EU policies to protect businesses and consumers from cyberattacks. Think for example of the finalised Cyber Resilience Act (find more down below!) and the Cyber Solidarity Act, which is now being discussed by the Parliament and the Council.

Finally, data will be the driving force behind innovation and decision-making, especially in facilitating the exchange of data in different economic sectors through “data spaces”. The new Data Act has now been formally adopted by both institutions and will enter into force at its publication in the Official Journal of the EU. With its implementation businesses will need to be more transparent about how they collect and use customer data and make it easier to share it with governments and other businesses.

Moreover, European Common Data Spaces are being created in ten strategic fields, which will facilitate data access and sharing across the EU. The Mobility Data Space was published on 29 November, and the Health Data Space is being discussed in interinstitutional negotiations by the Parliament and the Council. The Tourism Data Space was presented in July and is now being discussed, while a strategy on space data economy is foreseen early next year.

Interested in the trends and developments beyond digital and tech? Check out our dedicated blog post

Policy update

Policy update

It’s a wrap: the AI Act

Santa Claus came early, this year. After a gruelling 36 hours (!), his EU policymaker-elfs brought the most awaited present of the year: a political agreement on the Artificial Intelligence Act (AI Act) during the highly anticipated Trilogue on 6 December. A first one of its kind in the world! The key points they agreed on were banned AI applications, regulations on GPAI and foundation models, with exemptions for law enforcement and national security. You will find more insights on the consequences of the AI Act’s conclusion in our discussion article with Kai Zenner, Axel Voss’s parliamentary assistant and close to the AI Act’s interinstitutional negotiations.

The hot topic of the final negotiations was banned AI applications – the political agreement prohibits applications that employ social scoring, biometric categorisation based on sensitive characteristics, and emotion recognition in the workplace and education. The Parliament wanted a full-on ban on facial recognition, opposed by the Council. A compromise was thus found by agreeing on safeguards – law enforcement can only use it with very strict oversights. Companies will have to pay fines for non-compliance, although SMEs and startups could be spared from such high fines and receive only administrative fines.

Next to that, a whole set of requirements was decided for high-risk AI, specifically in areas such as education, critical infrastructure and law enforcement. However, some exemptions for law enforcement and national security were included.

Additionally, the AI Act introduces rules for GPAI and foundation models to ensure transparency. For so-called “high impact” GPAI with systemic risks, additional obligations are in place. Additionally, they introduced a brand new governance framework, including the creation of the European AI Office, which will operate within the European Commission to supervise GPAI.


What’s next on the wish list?

Well, a political agreement was one wish, but a great new year resolution would be for the Belgian Presidency to settle the technical details which still need to be worked out. To be continued…



Prepare the fireworks for the Cyber Resilience Act

Another early (new year’s) celebration: the EU institutions came to a political agreement on the Cyber Resilience Act (CRA) on 1 December at midnight. The CRA introduces new cybersecurity requirements of hardware and software, ranging from toys, fridges, smart watches, and other connected home devices to ensure products on the EU market are cyber-secure. The CRA ensures different types of security requirements are in place for products with varying risk levels.

Is your business manufacturing any of the above? We know you’re out there. Be aware that with the CRA, you will have to inform consumers of security updates, share vulnerabilities and incidents with the competent authorities, as well as examine the cybersecurity of supply chains. Additionally, they are mandated to give security support for at least five years and make security updates publicly available for ten years.


What’s next? You will never guess!

Or maybe you do. As per the normal process, the agreement must be formally approved by the Parliament and EU Member States before the CRA can enter into force. No date has been yet been set. Governments and industry have a whopping three years to adhere to the new rules – until early 2027.

Reporting obligations for incidents and vulnerabilities, however, start to apply after 21 months.



It’s the time of the year: the Belgian presidency is here!

December might be the end of the year, but it is also the end of a Presidency. As we wave the Spanish goodbye and thank them for the digital prowess of facilitating a political agreement on the AI Act (more details above), we warmly welcomed the Belgian Presidency kick-off event on 8 December. The Belgians have much in store in their gift bag, amongst which events, finalising policy files, a strong commitment to strengthening European cyber resilience and addressing a diversity challenge in telecommunications.

Belgian Prime Minister Alexander De Croo (Open VLD) presented the Presidency’s top priorities and ambitions from January until June 2024. The Belgian Presidency will be marked by both European and Belgian general and regional elections, in June 2024, and will be tasked with concluding some major files as well as work on the new European Commission’s strategic agenda.

Amongst these many tasks, we have picked out the top digital priorities from their programme for you, all gravitating around a human-centred and sustainable approach to the digital transition, under the light of open strategic autonomy.

The Belgians will focus on algorithmic transparency and virtual identity protection, specifically with regards to artificial intelligence and competitive data markets. It will seek to conclude the technicalities of the AI Act and Cyber Resilience Act, as well as seal the deal on the Gigabit Infrastructure Act, the Cybersecurity Act and the Cyber Solidarity Act. They will also evaluate the Digital Europe and Horizon Europe funding programmes, and the current European cybersecurity policy landscape.

Find out the detailed programme of the Belgian Presidency here.


What’s next?

Want some first-hand insights on the digital Presidency? Be sure to follow Belgian State Secretary for Digitalisation Mathieu Michel (MR) and Telecommunications Minister Petra De Sutter (Groen) on social media. Alternatively, the Presidency also has a WhatsApp group you can join for real-time information. At Publyon, we look forward to sharing our insights on the ongoing Presidency starting 1 December.

Expert interview

Expert interview


This month we welcomed an AI-star in the European Union, Kai Zenner. He is the parliamentary assistant to MEP Axel Voss (EPP, Germany), shadow rapporteur on the AI Act. Kai Zenner knows all about AI, data, and the digital transition. We fired some questions on his AI-related work, and have five key take-aways to share with you.


Mingling with EU’s digital policy star Kai Zenner 


Global focus on AI 

The different regulatory frameworks across the world will be a challenge for Europe, as they will provide different playing fields for AI-related innovation. However, innovation should be safeguarded if the Commission ensures timely guidelines and adequate enforcement bodies to complement the AI Act.  


Political agreement, check, now what?

Technicalities still have the be ironed out on the AI Act, including deciding on the budget for enforcement bodies, determining technical standards, and setting clear guidelines. It doesn’t get more practical than this.  


Any tips for businesses?

Reach out to the European Commission and national competent authorities, to support their expertise, no matter the size of your business. As a company, you can get a lot of advantages by early engagement. Participation in standardisation bodies is also key. Most importantly, follow the developments of the file, to avoid any bad surprises and rushed implementation. Your data compliance team might start looking for an AI Policy Advisor, to support Data Protection and Cyber Security Officers.  


A little insight into the AI Liability Directive (AILD)

Good progress is in course on the AILD in the European Parliament, with an upcoming internal impact assessment on the subject conducted by the Parliament’s Research Service (EPRS). A discussion topic remains the overlap between the Product Liability Directive (PLD) and the AI Act, which would decide the future (and possible cancellation) of the AILD.  


A special wish for the 2024 Commission?

A European Commission focussing on Better Regulation, which entails it would be taking a break from legislative proposals and focussing on streamlining legislation and improving enforcement. 



Navigating the ever-shifting waters of geopolitics calls for increased investment and groundbreaking innovation to ensure the EU maintains its pioneering spirit and competitive edge. As we look ahead to 2024, we can expect to see further progress in several areas. The Publyon team has taken a deep dive into the crystal ball, and we are now excited to share the top EU digital trends that promise to shape the future.


Where to find us? Under the Christmas tree

While Christmas is the busiest time of the year for Santa Claus’ elves, it is a moment of rest and reflection for the Publyon colleagues who gave their everything to bring you the most insightful news from the EU digital sphere over the course of 2023.

Rest assured, we will return in January with a fresh mind to ensure you will stay up to date with our Digital Policy Update and meet you at the many digital events offered in the EU (Christmas) bauble. In the meantime, the biggest present you would do us for Christmas is to share some of your feedback on your experience of the Digital Policy Update and the topics you wish to see included in 2024. Do not hesitate to be in touch with our curator Emmanuelle Ledure.

Have a lovely winter break and end of the year!  

Emmanuelle Ledure

Emmanuelle Ledure

Hi, my name is Emmanuelle and I am curating this monthly update to bring Brussels’ main digitalisation and technology insights to your inbox. I hope you enjoyed this edition of our update. We are always looking to provide our community with the most valuable content possible, and that starts with you. If you have any suggestions for topics you would like to see covered in our next edition, do not hesitate to reach out to me.