EU Digital Policy Update

Dear reader,

Welcome to Publyon’s Digital Policy Update. As the winter settles in, and the skies turn grey, our beloved Brussels bubble eagerly looks forward to the holiday break. Before that, we are happy to provide you with insights on the latest EU policy trends and developments to keep you informed. In this edition, we take a moment to reflect on the digital highlights of 2024 and share insights on what the new year has in store. And as always, we will give you the hottest news on AI, cyber and all things digital. Enjoy the read, have a wonderful holiday season, and we look forward to seeing you in the new year!

Europe’s bold plan for sustainable growth, the “Clean Industrial Deal”, represents a major shift for EU businesses, especially in energy-intensive sectors. Don’t miss your chance to engage with the Commission to shape this deal and influence the policy direction for the next five years.

The spotlight

Driving Europe’s digital transformation: highlights of 2024 and prospects for 2025

As the winter closes in: reflections on 2024 and prospects for 2025

2024 was a year of transformation, with the European Commission focusing on strategic autonomy, technological sovereignty, and sustainable innovation through resilient digital infrastructure and trendsetting, human-centred legislation. The European Green Deal, the former EU’s flagship initiative, has been superseded by the Clean Industrial Deal (CID) as a cornerstone policy. With the CID, the Commission adopts a more business-friendly approach while maintaining commitments to sustainability. This year also saw significant advancements in artificial intelligence (AI) regulation, cybersecurity, and digital connectivity, setting the stage for a robust and inclusive European digital economy.

2024: Milestone initiatives

• AI Act: Officially entered into force this year, the AI Act represents a global benchmark for ethical AI governance. It establishes a horizontal legislative framework for the development, deployment and use of AI in the EU, focusing on transparency, accountability, and risk management with a risk-based approach.
• European Media Freedom Act: Entered into force this year, this legislation strengthens press freedom, enhances transparency in media ownership, combats disinformation, and safeguards the digital space for independent journalism.
• Critical Raw Materials Act: Aimed at securing the EU’s access to essential materials, this Act ensures the availability of rare resources critical for digital technologies, including batteries, mobile devices, and satellites, while reducing reliance on non-EU suppliers.

• Gigabit Infrastructure Act: Agreed upon this year, the Act accelerates the deployment of 5G networks across the EU. By simplifying administrative processes and reducing deployment barriers, it aims to bring reliable, high-speed connectivity to all Member States. Full implementation is expected in 2025.
• Interoperable Europe Act: This Act fosters collaboration among European public administrations, enabling seamless data sharing and enhancing the quality of digital public services across Member States.
• Cyber Solidarity Act and Cyber Resilience Act: Together, these Acts form the foundation for a robust cybersecurity framework. They include measures such as an EU-wide cybersecurity emergency mechanism, a reserve of trusted private companies for incident response, and mandatory cybersecurity certification for critical services and products.
• European Data Act and Data Governance Act: These initiatives focus on reducing costs, enhancing data security, and enabling innovative data-driven services. They aim to create a single market for data, improving accessibility and ensuring interoperability across sectors and Member States.
• EU Digital Identity Wallets: A transformative initiative allowing citizens to securely verify their identity, share personal information, and access cross-border services while maintaining full control over their data.
• Net Zero Industry Act: Supporting the development of renewable technologies such as solar panels, batteries, and carbon capture systems, this Act ensures access to affordable, sustainable energy critical for manufacturing digital tools and machinery. Sets a target to produce at least 40% by 2040 of needed technologies for the EU’s energy transition.
• Child Sexual Abuse Material (CSAM): Addressing growing safety concerns, these measures introduce stringent monitoring and regulation of platforms to combat online and offline content involving minors. The initiative will need close monitoring next year, especially for its impact on digital communication and scanning of online content.

2025: A glimpse into the future

As the new year approaches, the European Commission’s focus will shift to accelerating its digital ambitions under a fresh mandate. The agenda for 2025 is clear: furthering the digital and green twin transition, while also strengthening competitiveness and innovation.

Key priorities include strengthening digital infrastructure and connectivity, renewed focus on defence and security by bolstering cybersecurity, and enhancing technological and economic sovereignty through investments and developments in deep tech, dual-use tech, and critical technologies such as AI, quantum, semiconductors and biotechnology.

Additionally, the Commission will focus on stimulating green technologies, focusing e.g. on energy efficiency, supporting innovation through creating a Single Market for multiple sectors, such as telecom, and strengthening industries like hydrogen and battery technologies. Above all, supporting small and medium-sized enterprises (SMEs) with streamlined processes and innovative frameworks will be key, as well as ensuring proper education to develop digital skills. Next to that, a supporting regulatory environment and sufficient private-public funding will be crucial. Quite a task ahead!

What’s ahead in 2025 and beyond:

• Cybersecurity of hospitals and healthcare providers (15 January): An EU action plan to safeguard healthcare systems within hospitals and providers will be proposed.
• Work Programme 2025 (11 February): This programme will outline the (non-)legislative initiatives of the European Commission for the coming year and set the course of digital policy.
• Clean Industrial Deal (26 February): Building on the foundations of the Green Deal, this initiative will integrate sustainability into industrial practices, promoting green innovation and ensuring the competitiveness of European industries.
• Omnibus Simplification Package (26 February): Set to streamline existing legislation for e.g. SMEs, this package aims to reduce administrative burdens, targeting the CSRD, CSDDD and Taxonomy Regulation.
• European Data Union Strategy: This strategy aims to create a unified data ecosystem across the EU, to ensure a simplified, clear and coherent legal framework for businesses and administrations to share data seamlessly and at scale, while respecting high privacy and security standards.
• EU Cloud and AI Development Act: This Act will increase computational capacity and create an EU-wide framework for providing ‘computational capital’ to innovative SMEs.
• Digital Networks Act (DNA): Strengthening and securing high-speed broadband connectivity (fixed and wireless), incentivising and encouraging investments in digital infrastructure, this Act aims to build a more resilient and inclusive digital infrastructure across the EU.
• Digital Fairness Act (DFA): This initiative addresses unethical online practices, including dark patterns, exploitative targeted advertising, and influencer marketing abuses. It seeks to enhance consumer trust and strengthen their rights.
• AI Factories Initiative: Backed by significant EU funding, this initiative will establish high-performance computing hubs, empowering startups and SMEs with access to AI supercomputing resources to foster AI innovation.
• EU-Wide Cloud Policy: Focused on creating a unified European cloud ecosystem, this policy will be focused on public administrations and public procurement.

Curious about how these developments can impact your business? Don’t hesitate to reach out to our director Cathy Kremer at c.kremer@publyon.com.

Policy update

AI Act

What’s new with the Artificial Intelligence Act (AI Act)? Having entered into force on 1 August, the first provision on prohibited AI systems will start applying from February 2025 onwards. The consultation to provide input has already closed. Despite the late launch, this input will shape the final text, giving companies and governments little time to prepare for compliance.

Additionally, the AI Board convened on 10 December to discuss AI governance, international collaborations and future priorities. Work on the second draft of the Codes of Practice (CoP) also continue, focusing on issues such as transparency obligations for downstream providers, copyright concerns, and systemic risk mitigation.

What more?

Feedback on the second CoP draft will be due mid-January, followed by another round of working group meetings. Calls for clearer measures on algorithmic bias and systemic risk assessments are growing, with mandatory independent expert reviews proposed.

Looking ahead, we might see an initiative on algorithmic management and new legislation for AI in the workplace, as highlighted in Commissioner Roxana Mînzatu’s updated mission letter.

AI Office

The AI Office is recruiting Legal and Policy Officers through an open call of interest. However, some question marks arose on the Commission’s approach to staffing the AI Office and enforcing the AI Act. Concerns remain about overly high requirements, compensation and a delayed recruitment process. This is worrying, as sufficient resources and adequate expertise are necessary for the practical implementation of the Act. The deadline for applying is 15 January 2025.

Something Interesting for my business?

Christmas is coming early this year. The EuroHPC has selected seven proposals to establish the first AI Factories throughout Europe, making supercomputing access available to European AI startups and SMEs. The total investment is a staggering €1.5 billion. This funding is jointly allocated from the Digital Europe Programme (DEP) and Horizon Europe.

The availability for future proposals is becoming increasingly limited, with remaining funds available from Horizon Europe (€180 million) and DEP (€400 million). Don’t fret, proposals can still be submitted until 31 December 2025, with intermediate deadlines.

AI Liability Directive

With the AI Act finalised, attention is shifting back to the AI Liability Directive (AILD), which had been put on hold. MEPs in the responsible Parliamentary Committee on Legal Affairs (JURI) confirmed that the file would be revisited in the 2024-2029 legislative term and requested an alternative impact assessment.

The Council remains cautious, preferring to see how national laws and existing liability rules address AI-related damage before moving forward. Meanwhile, the Commission acknowledged during a meeting of JURI on 4 December that gaps remain between the AI Act and the AILD, necessitating a further legislative initiative. JURI may create an own initiative report on the need for a more harmonised approach – such as the AILD.

What’s next?

On 30 January 2025 the European Parliamentary Research Service (EPRS) will present a new impact assessment on the file in JURI, followed by a hearing. The Parliamentary Committee on the Internal Market (IMCO), who is responsible for the opinion report, will hold debates between January and April. We expect a draft opinion on 19-20 May 2025. Good to keep these in mind!

All I want for Christmas, is the full cyber package: the Cyber Solidarity Act and Cyber Security Act

The start of December has brought a sleigh-load of developments for the EU’s cyber domain. On 2 December, the Cyber Solidarity Act (CSA)and an amendment to the Cybersecurity Act (CSA 2019), were officially adopted by the Council.

Concretely, the introduces a cybersecurity emergency mechanism, which enhances the EU’s preparedness and response capabilities. This mechanism supports readiness actions, such as testing vulnerabilities in highly critical sectors and establishing a new EU cybersecurity reserve of trusted private companies to respond to large-scale cybersecurity incidents. Additionally, it includes provisions for technical mutual assistance and an incident review mechanism to assess the effectiveness of the response actions.

Additionally, the amendment to the Cybersecurity Act will allow EU authorities to create a cybersecurity certification for managed security services, such as cybersecurity software and service vendors.

Both pieces of legislation will soon be published in the EU’s Official Journal and enter into force 20 days later.

Cyber Resilience Act

Like carol singers in harmony, the Cyber Resilience Act (CRA) has been bringing cohesion to cybersecurity standards for digital products since it was published on 20 November. It officially entered into force on 10 December, with obligations set to apply from 11 December 2027.

Companies making and selling a wide range of products—from toys and microchips to anything connected to the internet—will now be required to report software and hardware glitches to authorities and the European Union Cybersecurity Agency (ENISA) within 24 hours, with more detailed reporting due within 72 hours. This aims to accelerate the sharing of warnings about risks and attacks.

TikTok: naughty or nice?

TikTok is on the EU’s naughty list this Christmas. Following concerns over its role in Romania’s presidential election on 24 November, the European Commission has formally launched an investigation into TikTok’s practices. On 5 December, TikTok was ordered to preserve internal documents related to its recommender system and potential breaches of its political advertising ban. This follows intelligence revealing tactics resembling foreign interference, used to promote ultranationalist candidate Călin Georgescu.

The investigation, set to run until March 2025, will also assess TikTok’s compliance with the Digital Services Act (DSA), ensuring platforms remain accountable ahead of Germany’s elections.

Blog

Digital Fairness Act: protecting consumers from unethical techniques and commercial practices

The expected Digital Fairness Act likely seeks to strengthen European online consumer protection rules by tackling unethical techniques and commercial practices and strengthening consumer rights.

READ ARTICLE

Events

This month, we’re taking a break under the Christmas tree to rest and recharge for an exciting 2025! With the Work Programme 2025 of the European Commission, the Clean Industrial Deal, and plenty of EU digital legislation on the horizon, there is a lot to look forward to.

What’s on your digital bucket list for next year? Any resolutions or bold ideas for 2024?

We’re always eager to have a chat about the latest Digital Policy Update and other digital and tech news with our fellow digital policy enthusiasts. If you are interested in meeting the fanatics forming our digital and tech team, do not hesitate to reach out to us: Guillaume Baudour and Irene Veth.

Irene Veth

Hello! My name is Irene, and together with Jan van Braeken and Marc Lütz, we are the happy holiday trio behind this month’s update, bringing Brussels’ main digitalisation and technology insights to your inbox. I hope you enjoyed this edition of our update. We are always looking to provide our community with the most valuable (and fun) content possible – starting with you. If you have any topics you would like to see covered in our next edition, do not hesitate to contact me.

Contact