Welcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“AI systems intended to be used by children in a way that may seriously affect a child’s personal development.”
-Compromise amendment on Annex III to the AI Act
Story of the week: Compromise amendments on crucial parts of the AI Act were on the table this week. In a new version of Annex III, the co-rapporteurs proposed significant changes to the high-risk areas and use cases, for instance, extending the notion of biometric identification and categorisation to biometric-based systems. A possible compromise on facial recognition is taking shape, with live identification in publicly available spaces banned, whilst ex-post would be allowed as a high-risk application. Digital critical infrastructure remains out, whilst the areas of education, employment, law enforcement and access to public services have been extended.
A new risk area was added in relation to vulnerable groups, notably children, with broad wording that would also cover social media’s recommender systems. Algorithms that could influence democratic processes like elections were also added, with a residual category covering generative AI models such as ChatGPT, deep fakes and subliminal techniques for scientific research. The Annex III discussion was moved to Friday morning, as Zelenskyy’s visit to the parliament cut the Thursday meeting short, and only the definitions were discussed. The prohibited practices article was on the agenda of the technical meeting on Monday. The leading MEPs are still pushing to reach a political agreement next Wednesday when sensitive questions like the AI definition and General Purpose AI will have to be addressed.
Don’t miss: Signatories to the Code of Practice on Disinformation released their first progress reports on compliance this week, reviewing their actions over the past month. These initial reports will be the benchmark for future ones and are seen by the Commission as a first step to compliance with the Digital Services Act, which will start applying for the largest platforms in July. As expected, Twitter was singled out by Commission officials as having submitted a notably shorter report than its fellow platforms, also lacking in data and information about fact-checking. Besides Twitter, fact-checkers have criticised the likes of YouTube and TikTok as they consider the platforms have fallen short of the Code’s commitments.
Also this week:
- The European Parliament’s ITRE committee adopted its reports for the Data Act and European Digital Identity.
- The UK’s Competition and Markets Authority issued preliminary findings against the Microsoft-Activision merger.
- The EEAS announced a pan-European platform to coordinate anti-disinformation efforts.
- Intel is reportedly asking the German government for additional money to finance two mega fabs in the country.
- Flexibility and independence of media regulators are top concerns for EU countries regarding the European Media Freedom Act.
Before we start: If you just can’t get enough of tech analysis, tune in on our weekly podcast.
In the past weeks, Big Tech companies have slashed their staff in preparation for an economic recession. What do these mass layoffs mean for the tech sector? Are we looking at structural adjustments or temporary fluctuations? And what does this …
Artificial Intelligence
Conformity assessment. This week, other compromise amendments circulated in the European Parliament deal with how high-risk systems should comply with the regulation. The compromise focuses on the conformity assessment procedure for the biometric recognition system, which will need to be audited by a third party unless using harmonised standards, whilst all other high-risk applications will be able to use internal assessments. The article providing a derogation to the conformity assessment procedure in exceptional cases was reintroduced but limited to the authorisation of judicial authority. Read more.
Critical infrastructure question. Work on the AI Act is moving forward, with Parliament negotiators on the cusp of reaching a common position in the coming weeks. However, one area that has yet to be resolved is the extent to which AI models deployed in critical infrastructure management should be regulated. Read more.
AI and market dominance. Just as Microsoft unveiled a new version of Bing with ChatGPT built into the search engine, CNBC reported that the company is also set to let companies create their own tailored versions of ChatGPT using their own data. However, some observers have raised concerns that this move will allow Microsoft to become even more dominant in the operating system market.
Protect not Surveil. A 200-strong coalition of civil society organisations and academics have called on lawmakers to Boost protections for algorithm-powered border control tools in their negotiations on the AI Act. The campaign, entitled #ProtectNotSurveil, is pushing for prohibitions on AI systems used to violate the rights of migrants through, for instance, “digital pushbacks” and prejudicial biometric analysis.
Falling short? A survey by the Panoptykon Foundation found that EU citizens are seeking greater transparency, more protections against discrimination, and regulation of the AI used by social media platforms. For the NGO, the AI Act will fall short in several areas, like giving citizens the right to know when governments and companies are using AI systems.
Competition
A difficult marriage. The UK’s antitrust authority has issued a preliminary conclusion to its investigation into Microsoft’s $69 billion purchase of gaming company Activision Blizzard, finding that the merger could harm competition across multiple markets. The US Federal Trade Commission requested that the deal be blocked in December, and a statement of objections was sent to Microsoft last week by the European Commission, marking the start of the second phase of Brussels’ investigation. Read more.
Cybersecurity
Everybody, calm down. At the Cybersecurity Standardisation Conference on Tuesday, ENISA’s lead certification expert Éric Vetillard said that, while sovereignty requirements need to be thought about politically, there should also be a technical reflection on how to operationalise them. On the cloud certification scheme (EUCS), he recognised that the discussion had become rather heated but hoped it would calm down going forward. Several interventions called for the mapping of existing standards before creating new ones.
Cybersecurity call. A new call for a Horizon 2020 programme has opened, with funding available for up to 21 SME projects to develop new prototypes or demonstrators in security and cybersecurity. The projects must be run by at least two SMEs, at least one of which should be a tech/IT solution provider.
Data & Privacy
ITRE’s vote. European Parliament’s ITRE committee adopted the Data Act report on Thursday in a single block. So far, no political group is expected to propose alternative amendments during the plenary vote in mid-March.
Council’s crunch time. Last Friday was the deadline to submit comments on the fourth presidency compromise. France has retaken Airbus’s position, which has been lobbying aggressively (also MEPs) on trade secrets. Some member states raised the idea of holding a workshop on trade secrets like the one on the relation with the GDPR that took place in November, but the presidency turned the idea down as it wants to close the file as soon as possible. The Netherlands also seems less on the offensive concerning B2G data-sharing and more content with the cloud provisions. Based on the written comments, the presidency is trying to get all open issues sorted by the end of the month.
Digital Markets Act
IMCO’s meeting. On Monday, IMCO’s DMA subgroup met for the second time. The European Commission reported back on the first workshop. The second part of the event was on the interoperability of messaging services, with representatives from Google, Meta, academia, and Open-Xchange. Some lawmakers did not hide their annoyance with Meta, which was seen as bringing up ‘technical excuses’.
4-column publication. Four transparency organisations have filed a joint complaint with the EU ombudsman relating to the European Parliament’s handling of requests for access to four-column documents during the DMA trilogue last year. The groups accuse the Parliament of maladministration in having de facto circumvented its obligation to disclose the requested documents and call for the proactive publication of four-column documents to heighten transparency.
Digital skills
Training goals. IT firm Cisco announced a goal of training 2.6 million people within the EU in digital and cybersecurity skills over the next decade. The training will occur via the company’s Networking Academy in partnership with local educators. It will contribute, Cisco says, to establishing a workforce central to longer-term social inclusion and economic resilience.
Disinformation
Anti-disinfo platform. Brussels will launch a new platform to boost EU efforts in tackling disinformation, the EU’s diplomatic chief Josep Borrell announced on Tuesday. The new Information Sharing and Analysis Center will act as a decentralised platform for tracking information manipulation efforts by foreign entities and coordinating responses among member states and civil society actors. Borrell also criticised Twitter’s announcement that it would scrap free API access for third-party developers, describing it as a step back in terms of transparency. Read more.
Criminal disinformation. Intentionally spreading disinformation could become a criminal offence in Czechia, according to new plans currently under discussion by the government. Under the draft plans, which have yet to be made public, legislation could clarify the legal status of disinformation and allow authorities to block sites deemed to threaten national security. Read more.
eGovernance
eIDs ITRE vote. On Thursday, MEPs of the ITRE committee backed their version of the European Digital Identity, which included stronger privacy and cybersecurity safeguards and a register of all transactions to ensure the organisations using the wallet can be held accountable. EU countries will have to issue at least one wallet (i.e. software application) under a national digital identity scheme interoperable at the European level. The wallet remains voluntary, meaning there will need to be other means to access public and private services. Lawmakers also increased the wallet’s functionalities and mandated it should remain free of charge. The file will not need plenary approval; it will go directly to trilogues.
Common EU toolbox. As anticipated by EURACTIV, the Commission published the first version of a common EU toolbox for implementing the European Digital Identity Wallet today. Jointly developed by member states and the Commission, the toolbox is set to act as a first step towards creating a framework for common digital identification standards across the EU. Its requirements will become mandatory once the eIDs regulation comes into force.
Industrial strategy
Subsidy race bites. Chipmaker Intel is reportedly seeking more financial support from Berlin for the two ‘mega fabs’, semiconductor factories the American company is set to open in Germany. Initially promised €6.8 billion to launch the two facilities, the company is now reportedly asking for €10 billion instead, justifying the new calculation on the ballooning construction costs and energy prices. While declining to comment on the indiscretions, an Intel representative told EURACTIV that the cost gap with other competitive locations outside Europe has widened since the investment was first announced. However, German officials are annoyed at the request, as it is allegedly also justified that the mega fabs will produce more advanced technology. Read more.
Public procurement for start-ups. A group of 15 European start-ups have jointly signed a non-paper “in defence of EU digital sovereignty and the twin transition,” calling for a revision of the EU’s public procurement rules to facilitate eligibility for smaller innovative SMEs. The non-paper argues that the rules currently definite innovation too narrowly, restricting it to R&D only and that there are too few references to the Green Deal and twin transition. Read more.
Law enforcement
CSAM diplomacy. Commissioner Ylva Johansson was in Berlin this week to discuss the fight against child sexual abuse with, among others, Federal Minister of Interior Nancy Faeser and Federal Minister of Justice Marco Buschman. The official visit was a ‘charm offensive’ addressed at a country that has been extremely critical to Johansson’s CSAM proposal.
Media
Top of mind. Feedback from seven member states on the proposed European Media Freedom Act has highlighted the flexibility and the independence of media regulators as key areas of concern amongst national authorities. In a document circulated last week and seen by EURACTIV, the capitals outlined what they saw as points for improvement in the text, including response times, the relationship between the Commission and the new European Board for Media Services, personal data, and spyware. Read more.
RT DE’s turn. RT DE, the German branch of state-backed media outlet Russia Today, has closed down following the latest round of EU sanctions. Following similar events in France last month, RT DE shut its doors due to a lack of funds resulting from measures put in place by Brussels in response to Russia’s invasion of Ukraine. The outlet criticised the EU’s moves in a statement issued last week and said the channel would continue to operate from Moscow. Read more.
Product liability
PLD 1st compromise. The Swedish EU Council presidency circulated the first compromise on the Product Liability Directive, obtained by EURACTIV, to be discussed at the Civil Law Working Party on 15 February. The presidency’s work focused on clarifying key concepts, like personal injury in terms of psychological health. The text now explicitly says that the product definition includes software-as-a-service and raw materials. The concept of defectiveness was refined to cover the foreseeable use and its misuse when required by sectorial product safety legislation, like on toys or industrial machinery. Importantly, if it is too difficult to prove the product’s defectiveness due to its technical or scientific complexity, as will probably be the case for AI, the manufacturer will not be able to rebut the presumption of defectiveness. Moreover, the causal link might also be assumed if the defectiveness in question has caused similar cases. The concept of manufacturer control has also been broadened. The compromise also seeks to clarify the application of the strict liability regime.
Platforms
The espionage question. Two US Senators have written to Meta with questions about documents that show the company was aware that developers in China and Russia had access to sensitive user data that could have enabled espionage. Mark Warner and Marco Rubio, chair and vice-chair of the Senate’s Select Committee on Intelligence, are seeking answers on whether the tech giant has identified the developers, any communications with them and the kinds of information they might have been able to access. Read more.
No porno for minors. French regulators will introduce new measures to prevent minors from accessing porn websites after legal challenges hampered previous efforts to take such a step. The new proposal is set to require those trying to access such material to obtain an app giving them a digital certificate and code. It comes as part of a broader pledge by France’s President Emmanuel Macron to protect children online.
Free speech shaken. This week, access to Twitter was briefly restricted in Turkey following criticism of the government’s reaction to the catastrophic earthquakes that hit the region on Monday. As usual in these cases, people turned to VPNs to circumvent shutdowns, with Proton saying it saw registration to its VPN service jumping by over 30,000% more than normal levels.
Metaverse hearing. The JURI committee hearing on the metaverse, requested by the Social Democrat group (S&D) is set to take place in March.
Research & Innovation
Fully operational. The European Innovation Council Fund has launched 42 new investment decisions, totalling €331 million, since its last update in November, the Commission announced this week. The injections, which focus on 13 deep-tech companies working on breakthrough innovation, mean that the EIC Fund is now fully operational and has taken a total of 77 investment decisions since the appointment of an external fund manager in September.
Standardisation
Sherpa meeting agenda. The ‘sherpa’ sub-group of the High-Level Forum on European standardisation will meet next Thursday to follow up on the priorities identified at the C-level and start preparing the Forum’s recommendation for next year’s Annual Union Work Programme, the EU work programme for standardisation. According to a draft agenda seen by EURACTIV, the sherpa meeting will detail the work plan for this year, including the expected deliverables and outcomes and a set of deep dive sessions with dedicated experts.
Tech diplomacy
EU-India TTC. A new Trade and Technology Council has been established between the EU and India, designed to boost strategic engagement between the two. This new TTC is set to facilitate work on critical areas such as connectivity, green technologies and resilient supply chains. Working groups will gather within the next few weeks to plan their operations.
Telecom
The consolidation question. Internal Market Commissioner Thierry Breton called on antitrust regulators to consider allowing more cross-border mergers within the telecoms industry, saying he saw it as key to creating a true single market for the industry. However, for the telcos, the national consolidation is the real problem, which has so far been met with resistance by EU competition head Margrethe Vestager. The ‘litmus test’ on whether the Commission will allow consolidation in the telecom market will be provided in the coming weeks with the Orange-MasMovil merger in Spain.
ETCA’s war footing. The European Competitive Telecommunications Association (ECTA), the organisation representing alternative telecom operators, has denounced a draft Commission recommendation on the regulatory promotion of Gigabit Connectivity, saying it was “stunned” by a leaked copy of the document. The text, ECTA says, is undemocratic in nature as it reverses some critical parts of the European Electronic Communications Code and would have a significantly adverse impact on investment and the contestability of markets, lead to price rises for consumers and harm the take-up of gigabit connections.
Not on my network. Elon Musk’s SpaceX has put in place measures to prevent Ukraine’s military from using its Starlink satellite service to operate its drones, the company’s president announced this week, saying that the service, which Ukrainian forces have used for communications throughout the war, was “never meant to be weaponised” and was “leveraged” in unintended ways by the army. Read more.
Brussels tour. Edward Bouygues, deputy CEO of Bouygues and president of Bouygues Telecom, was in town on Wednesday to meet MEPs from different political groups to persuade them about the senders-pay initiative.
What else we’re practicing this week:
Elon Musk’s Free-Speech Twitter Faces a Skeptical Germany (Bloomberg)
China pulls back from global subsea cable project as US tensions mount (FT)
