Welcome to Publyon’s Digital Policy Update (DPU). We are happy to provide you with insights on the latest EU policy trends and developments every month. Mid-February is always a romantic time (you guessed it, Valentine’s Day) and who said EU policy couldn’t be romantic? Love is all around us in this edition of the DPU. Follow us in our wandering through this month’s hot topics in the EU digital and tech sphere.
In the dimmed spotlight(s), you’ll find the latest news on the Commission’s Economic Security Package and the Annual Single Market and Competitiveness Report – a recurring theme you will read about in our DPU from this edition on. Love is (finally) in the AI-r with the latest AI Act news, whilst Cupid is helping the EU institutions make their way to political agreements on the cyber-files. Finally, we’ll conclude our monthly update with our blogpost recommendation and some key events you can meet us at.
Did we spark your interest?
If you have an appetite for interesting content, visit us online for more insightful reading and helpful tips on upcoming relevant events.
Before you move on, we want to introduce you to our Performance Scan for Associations!
Are you an EU-based association and want to make sure you advocate for your members’ interests effectively in a time of political shift?
At Publyon, we are happy to launch our Performance Scan for Associations: our new service that provides a comprehensive assessment of your association’s internal and external effectiveness, along with recommendations on how to enhance your performance to gain the resilience and agility to thrive in a changing political landscape.
If you’re serious about taking your association to the next level, get started and improve your business today!
For more information, visit our dedicated page.
Economic Security Package and the Annual Single Market and Competitiveness Report
On 24 January, the European Commission adopted five new initiatives to enhance the EU’s economic security and protect sensitive technologies, representing a further step in implementing the European Economic Security Strategy published in June 2023. The five initiatives target foreign investment screening, import-export controls, investments and their related risks, and enhanced research in security and dual-use technologies.
Foreign direct investments in critical sectors such as semiconductors, AI and critical medicine may face more stringent scrutiny due to the requirement of EU Member States to have national screening investments in place. The EU’s plans to enhance its export controls by introducing uniform EU controls for items, in particular on advanced technologies, can affect outside exports. Lastly, foreign companies may need to align their outbound investment strategies with the EU’s new legislation scrutinising outbound investments in areas such as advanced semiconductors, AI, quantum, and biotechnologies.
In the same love vein, the European Commission released its Annual Single Market and Competitiveness Report, outlining Europe’s current economic strengths and challenges. Despite several EU economic successes over the past decades, the report underlines the need for strengthened enforcement, increased investment, and a focus on protecting its competitive edge. Interested in what this means for the digital sphere? Follow our in-theme reading advice and dive into DIGITALEUROPE’s report “The Single Market Love Story: 10 digital actions to save the 30-year marriage”.
On the side of digital competitiveness, the report encourages the acceleration of clean tech manufacturing, the modernisation of R&I and technology uptake with a focus on deep tech and green tech startups. Concretely, this will translate into the further implementation of the Digital Decade Policy and a better alignment with Member State strategies to boost investment in semiconductors, cloud, AI and high-performing computers (HPC).
Love is in the AI(r) Act
The true European Valentine gift came one day early for all digital and tech lovers in the EU bubble! On 13 February, the Parliamentary Committee on the Internal Market (IMCO) and on Civil Liberties (LIBE) approved the political deal on the Artificial Intelligence Act (AI Act).
They were preceded by EU ambassadors who unanimously approved the text too on 2 February. That wasn’t necessarily a done deal, since France, Germany and Italy had signalled their opposition to the agreement in the past months. France, Germany, and Italy chose to drop their opposition to the agreement, with France attaching “strict conditions” to its support.
Chivalrous enough to make businesses blush?
France framed itself as the Knight of competitiveness, defending the AI Act should minimise compliance burdens for companies and ensuring the unimpeded development of AI. Fears were indeed that the Act would over-regulate AI and impede innovation and competitiveness on the global scene.
The European Commission caught the call for increased European innovation and competitiveness in AI. On 24 January, it launched an “AI Innovation Package” with measures to support European startups and SMEs in developing AI that respects EU values and rules. Among the initiatives are giving AI startups access to supercomputers to train their models, improve access to data, and increase investments in generative AI with around €4 billion. Lastly, an AI Office started its operations on 21 February within the Commission to oversee the implementation and enforcement of the AI Act, in particular on general-purpose AI (GPAI). In addition, the AI Office will support and coordinate secondary legislation and supporting tools to the AI Act, ensure the good application of the Act, act as a Secretariat to the AI Board and provide administrative support as well as regularly consult stakeholder forums and scientific panels. Hopefully, this is enough for the Commission to charm its way back into the hearts of its critics.
A plenary vote in the Parliament is scheduled for 10-11 April. Following this, the file must receive a formal endorsement at the ministerial level before it can be published. Given that the AI Act has approximately 20 acts of secondary legislation, EU countries and industry stakeholders can have significant influence over its implementation down the road. Moreover, three other supervision and enforcement bodies will be set up: the AI Board, an Advisory Forum, as well as a Scientific Panel.
The Cyber Cupid Aims: The Cyber Resilience Act
Introducing the three-way adventures of our Cyber Cupid, we are first bringing you the story of the Cyber Resilience Act (CRA). The CRA introduces mandatory cybersecurity requirements for products with digital elements. Cupid had been eyeing a political deal – on the table since 30 November 2023 – and finally got what its heart desired, with the Parliamentary Industry Committee (ITRE) approving the provisional agreement on 23 January.
In other heart filling news, on 2 February, the European Commission shared its 2024 annual Union Work Programme for European Standardisation, outlining actions and policy priorities to facilitate the EU’s green, digital and resilient single market. One of the priorities in the Work Plan is cybersecurity requirements for products with digital elements. The Commission plans to prioritise standards established under the CRA, including vulnerability handling specifications, methodologies for assurance levels, and the evaluation of cybersecurity risk.
Where are we headed?
The Parliament will vote on the text of the CRA during its plenary session on 10 April. The requirements of the Act will start applying in early 2027.
The Cyber Cupid Fires: The Cyber Solidarity Act
Our Cyber Cupid is also in the middle of the legislative love process of the Cyber Solidarity Act (CSA). The CSA aims to strengthen the EU’s capacities to detect, prepare and respond to significant and large-scale cybersecurity threats and attacks. The Commission plans this by establishing a “cybersecurity alert system” network and “Cyber Reserves” of trusted companies to help EU countries in the case of large attack. Doesn’t that sound like a thrill?
On 13 February, the first round of interinstitutional negotiations between the European Parliament and the EU countries guided by the matching powers of the Belgian Presidency. Sticky points, which largely were ironed out before the Trilogue negotiation, include coordination with existing national programmes and schemes, national security, and the composition of the cyber reserves.
What is our Cupid planning?
There is little time to finish the negotiations around the CSA. However, as it is a relatively ‘short file’, it will very likely be finalised this term. A love birdie told us that Cupid might shoot his arrow during the next Trilogue round, scheduled on 5 March.
The Cyber Cupid Scores: The European Cybersecurity Certification Scheme on Common Criteria (EUCC)
We have some revelations to share on Cyber Cupid’s oldest flame the Cybersecurity Act from 2019. On 31 January the Commission adopted the European Cybersecurity Certification Scheme on Common Criteria (EUCC) which offers a set a set of EU-wide rules to on how to certify ICT products in their life cycle and to ensure their trustworthiness. It was published on 7 February in the Official Journal of the EU.
This scheme falls under the EU cybersecurity certification framework, in line with the 2019 Cybersecurity Act, and will complement the CRA. The new EUCC will allow more effective and faster certification mechanisms to allow EU business to compete internationally. Moreover, the EU is working on two other cyber certification schemes for cloud services and 5G security. Lastly, the Commission is examining the feasibility of projects addressing cybersecurity certification for AI and a certification strategy for eIDAS.
Time to log out and spend some time with your loved one! Or… open a bottle of wine, while you read our updated AI Act blogpost.
BEYOND THE BALLOT PODCAST
Who said that politics has to be a dreary affair? Beyond the ballot is our brand-new podcast that will provide you with the essentials to effectively prepare your organisation for the upcoming EU elections in June 2024. How? In only 15-minutes of insightful talks with notable guests active in the notorious EU bubble. With the elections on the horizon, catching up with a multitude of implications for organisations can be quite challenging (and perhaps not that exciting). How about we simplify things for you?LISTEN TO THE PODCAST
EU AI Act: what does it mean for your business?
A lot happened on AI lately, and we get it can sometimes be confusing. If you don’t want to be reading all the past DPU editions to remember each and every step to the AI Act’s completion – or if you wish to get some insights for your business on what to do next – we invite you to look at our updated AI Act blogpost and reach out with your questions to our AI expert Irene Veth.READ THE ARTICLE
It’s d(eb)ate time!
We are always looking for opportunities to exchange with our readers or anyone who has an interest in digital and tech in general. Meeting others provides us with an opportunity to debate the hottest EU digital and tech topics, gain and share new insights, and understand better what it is you wish to read about in the next editions of this DPU.
This month, you can casually bump into our colleagues at the following events: Cathy Kremer and Guillaume Baudour today at the “Master of Digital 2024” organised by DIGITALEUROPE and on 12 March at the Google event “Unlocking AI’s potential: Empowering the Belgian Economy”.
Hi, my name is Emmanuelle and I am the hopeless romantic curating this monthly update to bring Brussels’ main digitalisation and technology insights to your inbox. I hope you enjoyed this edition of our update. We are always looking to provide our community with the most valuable content possible, and that starts with you. If you have any suggestions for topics you would like to see covered in our next edition, do not hesitate to reach out to me.Contact