Welcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“The Czech EU Council presidency’s final compromise text takes into account the key concerns of the member states and preserves the delicate balance between the protection of fundamental rights and the promotion of uptake of AI technology.”
– Ivan Bartoš, Czechia’s Deputy Prime Minister for Digitalisation
Story of the week: The Czech presidency achieved its main victory in the digital sphere this week, as EU ministers adopted its text as a general approach to the AI Act. For those closely following EURACTIV’s coverage, the final text presents no last-minute surprises. Here it is for those looking for an overview of the main changes. With a caveat, as is usually the case, that the Council built some margin of manoeuvre to negotiate with MEPs, especially in law enforcement.
All the eyes are on the Parliament’s timeline now: committee vote in February and plenary vote in March. The governance and enforcement part, which is hardly controversial, has needed four technical and one political meeting so far, and the question of resources and staffing remains. This week, the article on placing AI systems on the market has been closed, and progress has also been made on the subject matter, scope and final provisions. But sceptics point to the fact that some controversial parts of the proposal have hardly been touched yet.
Next Wednesday, a potential item on the agenda could be General Purpose AI. The infamous Annex III on high-risk use cases also needs to be discussed, but hardly anyone wants to open that conversation before Christmas. Another question is whether the centre-right EPP will support the final text. The atmosphere between lawmakers has steadily improved, but the AI definition and biometric recognition might lead large chunks of the conservatives to vote negatively, weakening the Parliament’s position.
Don’t miss: The Commission’s justice and consumer department (DG JUST) has been studying the AdTech sector to prepare for an update of the Unfair Commercial Practices Directive. In an exclusive interview, Commissioner Didier Reynders explained the main problems the EU executive is looking at transparency, unsubscribe process and cookie ‘fatigue’. The idea would be to start with a voluntary initiative as a pilot for some already called the Digital Fairness Act. And DG JUST is not the only Commission service looking at the sector. Read more.
Also this week:
- ETSI has been excluded from the draft standardisation request on the AI Act.
- MEPs have reached a political agreement on the platform workers’ directive.
- The Czech presidency obtained a general approach to the European digital identity.
- The EU Council is moving to exclude Software-as-a-Service from the scope of the Cyber Resilience Act.
- The EDPB decisions on three cases concerning Meta’s platforms could reportedly have a dramatic impact on their business model.
Before we start: If you just can’t get enough tech analysis, tune in to our weekly podcast.
ETSI’s out of the game. The Commission has excluded the European Telecommunications Standards Institute (ETSI), one of the three European standardisation bodies, from its draft standardisation request for the AI Act. The move comes as part of broader tensions between the EU executive and ETSI, which the Commission has accused of being too dominated by the private sector and non-European influences, the reduction of which Brussels’ standard-setting strategy is centred around. The latest draft text, which downgrades ETSI to a consulting role, also contains some other significant changes. Read more.
Mind your bias. On Thursday, the EU’s Agency for Fundamental Rights released timely research on AI used in predictive policing and content moderation, pointing at their potential risks of perpetuating and reinforcing biases. The agency recommends the implementation of algorithm assessments before and during their deployment to conclude on a case-by-case basis whether these systems are fit for purpose. Read more.
Speaking of risks. The EU’s AI Act must include protections for people on the move, regardless of their migration status, a coalition of over 160 civil society organisations has said in an open letter published this week. The Commission’s original proposal, the group says, failed to adequately address potential harms due to using AI in the context of migration, particularly in areas including predictive systems, biometric identification and emotional recognition technologies.
The Consumers’ Voice. The EU consumer organisation BEUC criticised the general approach, saying that the definition is too narrow, the high-risk list too limited, effective redress is missing, horizontal rules of fairness are lacking, and private entities should be banned from using biometric identification.
Case closed? Amazon has reached a deal to be announced next month to conclude investigations by Brussels antitrust regulators into whether its data use undermined rivals, including pledged measures such as increasing the visibility of rival products and adding an alternative offer for buyers that deprioritises delivery speed.
We don’t trust you. The US Federal Trade Commission said on Thursday that Microsoft’s past behaviour regarding mergers does not bode well for the embattled Activision acquisition currently under scrutiny by numerous competition authorities. For instance, during its purchase of ZeniMax Media in 2020, Microsoft reneged on promises made to the European Commission during its investigation of the deal, casting suspicion on those made about the Activision one, the FTC says.
The telcos’ alternative. Major telecoms companies are facing questions from the Commission about a planned merger that would see giants such as Vodafone, Orange, and Deutsche Telekom join forces to develop a new AdTech to evade tracking restrictions implemented by Apple and Google. The project, which has already been locally trialled, would see the creation of digital tokens that advertisers could use to gain insight into user behaviour, a response to increased privacy measures implemented by tech companies.
Have your say. The Commission has published the public consultation for its recommendation to combat the piracy of live online content, aimed for implementation in the first half of next year. The idea is to put forward a toolbox for combatting the offence and to encourage member states to implement their own measures.
SaaS is out. The Council’s new compromise text on the Cyber Resilience Act attempts to clarify the proposal’s scope. It places Software-as-a-Service (SaaS) firmly outside, contrary to what member states like the Netherlands and Germany have been asking. At the Telecom Council meeting on Tuesday, Commissioner Thierry Breton explained that including services like Spotify and Netflix would go against the regulation’s legal basis. However, the scope still needs to be fully clarified, notably in how web services and mobile apps interact with the new rules. Read more.
Discussing about discussing. During the ministerial discussion on the Data Act, Dutch minister Alexandra van Huffelen hit out at the cybersecurity cloud certification scheme, arguing that its sovereignty requirements could have negative implications for the European economy. The call for a political debate was seconded by Finland, Poland, Ireland, Estonia and… Spain. Madrid stands out since it is the only country supporting the sovereignty requirements, but since it takes the helm of the EU next year, they may have a vested interest in avoiding this hot potato landing on their desk. And yet, these calls elicited no reaction from Breton.
Winter is coming. Preparations should be made for major cyberattacks by Russia this winter, Microsoft has warned. Ongoing trends suggest that the coming months could bring assaults on critical infrastructure and cyber-influence operations in Ukraine and across Europe, the company said this week, setting out a plan to detect, disrupt, defend and deter such efforts in the digital sphere.
Companies’ resilience. Some 62% of organisations surveyed in Cisco’s Security Outcomes Study reported having experienced significant security incidents that jeopardised business operations, and 96% of executives consider cybersecurity a top priority.
Data & Privacy
Starting 2023 with a boom. The European Data Protection Board (EDPB) adopted three dispute resolutions concerning Meta this week, which will be formalised in January. The probe was initiated by Max Schrems’ NOYB, which contested Meta’s approach of not asking users for their consent to process their personal data for advertising purposes, but considered that part of a ‘contract’ since it was included in the platforms’ terms and conditions. According to the Wall Street Journal, the EDPB ruled Meta’s approach illegal. Although the fines are expected to be particularly hefty in these cases, most significantly, if the decisions are confirmed, they would undermine Meta’s entire business model.
Parliamentary discussions. The MEPs working on the Data Act in the Parliament’s industry committee met on Wednesday for the first political discussion on the B2G data-sharing obligations. The political groups started from very distant positions on fundamental aspects of the provisions, such as the type of data and companies that should be involved, but the positions have been slowly converging. Meanwhile, in the internal market committee, lawmakers called for political discussions on functional equivalence, barriers to switching and egress fees.
Not for me to judge. The EU Court of Justice has dismissed an appeal by WhatsApp against an EDPB ruling in August 2021 which found the company had violated the GDPR in its data processing practices, resulting in a €225 million fine. The EU court said the case was not admissible since the decision was not directly addressed to WhatsApp but to the Irish DPA. Still, a case could be brought before a national court.
Just forget it. Search engine operators are required to remove data that can be proven inaccurate by users from online search results, the EU Court of Justice has ruled. In a case brought by two executives seeking to uphold their right to be forgotten online, the court ruled that if the information is proven manifestly inaccurate, operators must de-reference it. Read more.
Clubhouse in hot waters. Italy’s privacy watchdog has fined Clubhouse’s parent company €2 million for numerous violations like a lack of transparency on data use, the ability for users to store and share audio without consent, the indefinite storage of audio recordings by the platform and the sharing of account information without an adequate legal basis.
LIBE’s timeline. The civil liberties committee plans to consider the Data Act amendments next Tuesday. A shadow meeting is scheduled for 12 January, and the committee vote on 30 January.
Digital Markets Act
First workshop done. On Monday, the first DMA workshop took place on self-preferencing. Many media reports focused on the fact that Google’s representative Oliver Bethell had hinted that search services like Maps and Shopping might escape the DMA’s definition of core platform service. However, perhaps more significant is that Google has publicly engaged with stakeholders for the first time showing their hand. More cynically, the workshop initiative might also be seen as the Commission trying to relieve some public pressure as everyone is still waiting for the draft secondary legislation to drop.
eIDs general approach. The Council formalised its position on the European digital identity proposal this week, with compromises met across some areas, from record matching and assurance level to certification and interoperability. The implementation timeline has also been solidified, with the Commission required to adopt acts on the regulation’s technical and operational specifics, along with cybersecurity requirements to be followed within the first six months of it being in place before the two-year deadline is reached. Read more.
You can do better. According to a report by the European Court of Auditors released this week, the Commission has fallen significantly short on its Action Plan for digitalising public services across the EU. A critical flaw in the 2016-2020 eGovernment Action Plan, the auditors said, was that member state action was voluntary, and discrepancies between the digitalisation in various individual countries remain high. Read more.
eGovernance accessibility. This week saw the publication of the Commission’s public consultation on the Web Accessibility Directive, an initiative designed to increase the accessibility of public-sector websites and mobile applications for vulnerable citizens.
EMPL report approaching. Elisabetta Gualmini, the rapporteur for the platform workers’ direction, told EURACTIV that a political agreement had been reached in the Parliament this week, with every side giving up on something. She also said that, while most people were obsessed with the rebuttable presumption, the most significant part of the proposal, in her view, is algorithmic management. While the leading MEP seems confident about Monday’s committee vote, the real question mark remains the plenary. Read more.
No means no. EU labour and social affairs ministers met in Brussels on Thursday (8 December) hoping for an 11th-hour compromise among member states over the platform workers’ directive – but that failed. This follows several setbacks by the Czech presidency, who’d faced a blocking minority in previous COREPER meetings because the compromise wouldn’t bring more legal certainty than what is already the case in case law and national legislation.
Not a good year. According to Atomico’s 2022 State of European Tech report, Europe’s start-up scene is falling behind. Despite a strong 2021 and a positive start to the year, the second half of 2022 saw a significant decline in investment, with late-stage companies hit particularly hard and the number of new unicorns dropping sharply. The tech workforce has also been hit hard, and founders are having difficulty raising funds, Atomico found, also pointing to the lack of progress on diversity when it comes to investment.
No continent for human rights. Last year, a group of NGOs filed a complaint alleging that the EU had been irresponsibly contributing to developing “surveillance” capacities in third countries, particularly in the context of the Commission’s Emergency Trust Fund for Africa. The Ombudsman has concluded that the human rights implications of this project fell short and that more robust efforts must be made in future.
Wiretapping reform. Italy is seeking to reform wiretapping practices in the country due to their costs and potential misuse for political gains. Measures presented by Justice Minister Carlo Nordio would clamp down on wiretapping, rates of which he said are much higher than the European average and which has become a tool of pressure used against both the press and political opponents. Read more.
Greece’s raging scandal. MEP and leader of Greece’s socialist opposition, Nikos Androulakis, will take his country’s government to the EU Court of Justice to find out why he was under surveillance. Athens has admitted that secret services tapped the politician’s phone but didn’t disclose the reason by shielding behind ‘national interest’. Read more.
CSAM field trip. MEP Javier Zarzalejos, the rapporteur for the CSAM proposal, visited the UK’s Internet Watch Foundation (IWF) this week to examine how civil society organisations are helping to tackle online child pornography.
Outstanding issues. The Council this week completed its first technical-level revision of the proposed Media Freedom Act, concluding the Czech presidency’s work on the file. The outstanding issues, which are now the upcoming Swedish presidency’s responsibility, were summarised last week in a progress report, including the regulation’s legal basis, scope and definitions, oversight and enforcement and provisions covering media service providers. Read more.
More media bans. Four TV channels have been included in the EU’s latest round of sanctions on Russia. Accused of being part of Moscow’s “propaganda machine”, the broadcasters will be taken off the air and banned from other modes of distribution, much like RT and Sputnik were in March. The channels have not officially been named but were reported by Politico as being NTV/NTV Mir, RENT TV, Rossiya 1 and Pervyi Kanal.
Go away, please. Latvia has blocked independent Russian TV Rain from broadcasting after designating it as a national security threat. The station, which left Russia after being shut down by Moscow following the invasion of Ukraine, was fined last week for showing a map of Russia that included occupied Crimea and describing Russian troops as “our army”. Read more.
Media strike. Two private broadcasters in Serbia – N1 Srbija and Nova, known to be highly critical of the authorities – stopped broadcasting for 24 hours on Tuesday in protest at the poor state of media freedom in the Western Balkan EU candidate country. Read more
Committees’ competition. The European Parliament’s Conference of Committee Chairs also recently authorised the internal market (IMCO) committee to conduct an own-initiative report on “Virtual worlds: opportunities, risks and policy implications for the Single Market”. The initiative received the support of the EPP and S&D groups, but who will take the lead is still to be decided. The legal affairs (JURI) committee will also host a hearing on the metaverse. These initiatives a part of a strategy to position the committee as the point of reference in this increasingly hot topic.
Investment announcement. On Wednesday, Meta’s top lobbyist Nick Clegg was in Brussels to sing the praises of the metaverse and announce a €2.4 million investment in independent academic research on the topic. Perhaps more significantly, UK’s former deputy PM admitted that the metaverse would be much more about AR and VR.
Online Safety Bill version 34356. The Online Safety Bill, the UK’s answer to the DSA, was reintroduced into Parliament on Monday after being shelved in the summer following Boris Johnson’s exit from office. A fundamental change has been made to the latest version of the draft bill, however, following criticism from some that its provisions concerning “legal but harmful” material would lead to the over-removal of content by platforms, posing a threat to freedom of speech. Last week, the government announced that these bill elements would be removed, meaning companies would no longer be required to have policies covering this material concerning adult users. However, they will still apply to children.
Empowering consumers. A new study by the Consumer Empowerment Project, backed by Euroconsumers and Google, has found that consumers overall feel that the role of digital services in their lives is a positive one. Still, that lack of awareness or trust in providers were two of the most significant barriers to utilising services, and that generational and socio-economic gaps remain.
Research & Innovation
Next two years’ programme. The main Horizon Europe work programme 2023-24 was adopted this week, providing approximately €13.5 billion in funding for researchers and innovators across Europe.
EIC in 2023. The 2023 work programme of the European Innovation Council (EIC) has been adopted, making €1.6 billion worth of funding available for scientists and innovators.
Defence funding. The Commission this week gave the green light to an investment of around €1.2 billion to fund research projects focused on high-end defence capabilities.
Another week, another letter. Germany, Austria, Estonia, Finland, Ireland and the Netherlands have all joined a call for the Commission to clarify its plans to make Big Tech companies contribute to telecoms network costs, notably asking for it to be dealt with separately from the revision of the Broadband Cost Reduction Direction – which EURACTIV understands was already the case. Read more.
Trade war or not? At the post-TTC press conference, anyone agreed an EU-US trade war should be avoided. Still, the question remains that the US Congress’ intention is precisely that of subsidising the American industry – and it is indeed the only thing US lawmakers seem able to agree on. The EU’s Cyber certification scheme was discussed at the accurate transatlantic Trade and Technology Council, US Secretary of Commerce Gina Raimondo confirmed without giving any details.
Biden’s trade ambitions. Boldened by the mid-term elections, US President Joe Biden is said to be poised to ask Congress for the powers to negotiate trade agreements – which seems unlikely. The Biden administration is thirsty for foreign policy victories, and its plan would turn the TTC into a platform to negotiate a new trade agreement with the EU. However, Europeans have shown little appetite for that.
Apple’s version of Right2Repair. Apple launched a self-service repair programme in eight European countries this week, making manuals and product parts available to customers wishing to undertake their own repairs. The Right to Repair campaign has hit back at the measure, which follows a similar pilot in the US, arguing that its scope is narrow and geographically limited, its costs extensive and procedures complex.
What else we’re studying this week:
A globally critical chip firm is driving a wedge between the U.S. and Netherlands over China tech policy (CNBC)
The Brilliance and Weirdness of ChatGPT (The New York Times)
Theo Bourgery-Gonse contributed to the reporting.