Tech Brief: AI enforcement, unbudgeted chips, TTC’s ‘tangible’ progress

The Tech Brief is EURACTIV's weekly tech newsletter.

Welcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here

 

“Post-market monitoring shall include continuous analysis of the AI environment, including other devices, software, and other AI systems that interact with the AI system taking into account the limits resulting from data protection, copyright and competition law.”

– Ninth batch of compromise amendments to the AI Act

Topics covered this issue:

 

Story of the week

At the centre of the parliamentary discussions on the AI Act this week was the part on enforcement. The technical meetings had to be postponed following backlash from the shadows that lamented being given systematically too little time to review the amendments. Still, the progress at the technical level was significant as there are no substantial political differences among the groups, although the discussion on who should lead the enforcement of big cross-border cases is still ongoing.

The compromise on the table empowers national authorities to conduct unannounced on-site inspections and reverse engineer algorithms, aligns the EU database with the Council’s text, extends the post-market monitoring requirements to the AI interaction with devices and software and extends the concept of dangerous system to breaches of labour rights and consumer protection. Joint investigations and the right to redress are also included. Read more.

 

Don’t miss: The Czech presidency obtained unanimous approval for its version of the Chips Act, set to be formally adopted at the Competitiveness Council on 1 December. The last draft, reported by EURACTIV, contained a significant budget reduction of €400 million for the Chips Initiative, money meant to be diverted from Horizon Europe. Another big last-minute change involved opening up for officialsarrangements for those other than the European Chips Infrastructure Consortia to access EU funding. The text that went to COREPER removed the requirement to have a competence centre in each member state, but the original text will be reinstated following backlash from smaller countries.

Also, this week

  • The EU-US planned ‘tangible progress for the next transatlantic summit.
  • The Czech presidency’s text on the Platform Workers’ Directive failed to secure support from EU ambassadors.
  • Member states want broad national security exemptions in the Cyber Resilience Act.
  • ITRE and IMCO kicked off the technical discussions on the Data Act.
  • The EU Council adopted an updated mandate on the e-Evidence Regulation.
  • Member states are discussing cross-border removal orders to tackle child pornography.
  • Twitter’s Brussels office emptied out as the DSA looms.

 

Before we start: If you just can’t get enough tech analysis, tune in on our weekly podcast.

Competition in the metaverse

The metaverse poses all kinds of regulatory challenges. EURACTIV discussed with Friedrich Wenzel Bulst and Sophie De Vinck, two official from the European Commission’s competition department, how they expect the metaverse to affect current enforcement trends and if the new …

 

Today’s edition is powered by AWS

AWS and comprehensive data protection in the cloud

How do organisations successfully navigate compliance within Europe? What are the cross-border data transfer requirements? AWS experts Esther Stringham (AWS Legal) and Hans Bos (AWS Security Assurance) dive deeper into both topics.

Watch the webinars >>

 

Artificial Intelligence

General approach next. The Czech Presidency’s AI Act text received unanimous support from COREPER last Friday. Formal adoption of the general approach is planned at the Telecom Council on 6 December.

The SME pickle. The EU may be forging ahead regarding AI regulation, but some observers caution against allowing big players to dominate the emerging market. The Commission has likely underestimated the compliance cost for SME representatives, and they say the new legislative model is ill-equipped to deal with a market dominated by highly tailored B2B solutions. Read more.

Competition

Entrenched markets. A market study of mobile ecosystems conducted by the UK’s Competition and Markets Authority has found that both Apple and Google have substantial and entrenched market power in the supply of mobile browsers and browser engines within their respective mobile ecosystems. The study, which also looked at the distribution of cloud gaming services via app stores on mobile devices, raised concerns over the fact that Apple does not, in practice, allow them to be listed on its app store.

Consultation open. The Commission has opened a call for evidence on whether it should revise, reconfirm or discard the Technology Transfer Block Exemption Regulation and the related guidelines. Technology transfer agreements can facilitate R&D cooperation but might also facilitate collaboration and raise barriers for competitors to enter the market.

Mergers workshop. On 23 December, the Commission will hold a workshop on digital mergers to reflect on the specificities of the online sector. Besides DG COMP’s chief Olivier Guersent, there will be two panels on assessing digital mergers and reviewing acquisitions of low turnover targets with relevant significance.

Cybersecurity

National security exemption. The Czech presidency circulated the first compromise on the Cyber Resilience Act, focusing on the scope to introduce significant carveouts for the security, military and defence sectors. While the wording is rather standard from the Council, the exclusion of defence devices might prove problematic given their dual-use nature. On Wednesday, COREPER approved the interim report that will be presented at the next Telecom Council, which indicates the topics for future discussions: scope of the critical products, administrative burden, lifetime limitation and ENISA’s role. Read more.

EUCS presentation. On Friday, ENISA will present the cybersecurity cloud certification scheme to the European Cybersecurity Certification Group. The format, which does not include a discussion, seems designed to avoid leaving a paper trail that could be leaked. The two subgroups’ approach, reported by EURACTIV last week, might be combined with a (not so) new idea: including the sovereignty provisions into an annexe to the scheme, that could be triggered in critical cases when defence or national security is at stake. The US administration might raise the issue at the next TTC meeting in Washington on 5 December, and a political discussion at the Telecom Council on the following day is not excluded.

Cyber intimidation. The European Parliament was hit by a major cyber-attack on Wednesday, shortly after lawmakers voted to classify Russia as a state sponsor of terrorism. The DDOS (Distributed Denial of Service) attack downed the institution’s website for several hours, and Parliament President Roberta Metsola said that a pro-Kremlin group had claimed responsibility for the assault. Read more. 

Laws call for funds. A report by ENISA looking at budgeting by essential and digital service providers has found that the NIS directive and other regulations, as well as the threat landscape, are the main factors determining the allocation of funds in security budgets. The analysis also found that the health and banking sectors bear the highest direct costs regarding cybersecurity incidents and that only 5% of SMEs have cyber insurance.

Infrastructure kicks off. The Commission and European Cybersecurity Competence Centre (ECCC) have jointly launched a call for expressions of interest from actors wishing to participate in hosting cross-border security operations centres. Driven by AI and other technologies, the centres are set to procure cyber threat detection tools and services alongside the ECCC, with an initial contribution of €30 million under the Digital Europe Programme.

Data & Privacy

ITRE initial discussions. The first technical discussions on the Data Act took place this week, covering horizontal issues. Centre-left pushed back against the rapporteur’s exemption for medium companies. On trade secrets, there seems to be a consensus to deal with the issue at the data level and introduce extra safeguards. All groups agreed that alignment with the DGA is essential. The initial discussions also underlined an agreement on keeping the gatekeeper exclusion, but the Greens/EFA group’s idea of focusing more on unbundling is also gaining traction. Similarly, the part on international data transfers also seems uncontroversial.

IMCO first CAMs. The IMCO rapporteur for the Data Act circulated a first batch of compromise amendments, seen by EURACTIV, in which functional equivalence has been largely removed. With the support of Renew, a new article with obligations for the providers of destination in terms of information sharing and cooperation ‘in good faith’. A new definition of  ‘exportable data’ has been added, including metadata but excluding trade secrets.

Meta vs EDPB. Meta is appealing a September ruling by the Irish Data Protection Commission that fined the platform €405 million over Instagram’s handling of minors’ data. This week, the European Data Protection Board was notified that the company would take it to court to challenge the second-highest penalty for a GDPR violation.

No sufficient link? Clearview AI made its case in a London court this week as it appeals against the UK data protection watchdogs £7.5 million fine and enforcement notice. The controversial company argued that it is based outside the UK and EU and that the authority had not established a sufficient link with any data processing and behaviour monitoring that its clients might be carrying out on UK citizens.

EDHS timing doubts. Speaking at a conference in Prague, those working in the field expressed concern that various challenges still on the horizon, such as negotiating costs and the delegation of competencies, could throw the Commission’s aim of having the programme fully operational by its planned launch in 2025 into doubt. Read more.

Progress report. Wednesday’s COREPER also approved the presidency’s progress report on the Data Act. The report, seen by EURACTIV, does not include new information compared to previously reported.

Digital rights

Declaration endorsed. The European Declaration on Digital Rights and Principles for the Digital Decade passed the COREPER scrutiny and will now be signed by the three main EU institutions.

e-Commerce

Marketplaces pilot. A new pilot project linked to the Product Safety Pledge is set to see e-commerce platforms, including Amazon and AliExpress, join forces with Euroconsumers. The project will see the latter’s testing capabilities incorporated to promote online product safety and boost marketplaces in removing dangerous items for sale on their platforms.

eGovernance

eIDs green light. The Czech presidency’s text on the European digital identity received the green light from COREPER on Friday and will also be on the agenda of EU ministers on 6 December.

Interoperable public services. A newly adopted proposal is set to help strengthen cross-border interoperability and cooperation in the EU public sector by creating a network of interconnected digital public administrations. The Interoperable Europe Act proposal, published by the EU executive this week, is intended to boost cooperation between member state public administration and digitalise public services across the EU.

Gig economy

Two’s a party; three’s a crowd. While the presidency scored a few victories at COREPER this week, a significant seatback concerns the Platform Workers Directive. The last version of the text hardly changed from the previous iteration. Only Ireland, Finland, Croatia, Slovakia and Cyprus are comfortable with the Czech draft – whilst others, notably France, are signalling they could agree. Another camp, made up mostly of Baltic and Eastern European member states, is pushing to have an even more stringent presumption (four out of seven criteria). By contrast, seven EU countries, including Spain, Portugal and the Netherlands, called for a compromise closer to the Commission’s initial proposal. Even the Commission pushed back against the compromise, considered to provide legal uncertainty. Meanwhile, Germany and Italy kept to themselves and did not openly pick a side.

Agree to disagree. Other issues kept delegations split, notably over the suspensive effect clause, which would ensure that a worker who triggered the presumption continues to be considered an employee during rebuttal proceedings. The Commission drafted this so platforms couldn’t voluntarily prolong proceedings eternally and keep workers as self-employed whilst this happened. A large number of delegations have asked that this be taken down because this is a national competence. Other disagreements abounded over a last-minute article the Presidency added to the compromise last week, which would give social partners leeway to stray from the specifics of the directive should a collective agreement be found. The Commission expressed concerns that this may create legal loopholes and that a collective agreement could in no way deviate from GDPR obligations. The Czech presidency insists it aims to reach a general approach at the EPSCO Council meeting on 8 December, and it is due to share a new text next week.

One step forward, one step back. A vote over the platform workers’ directive in EMPL has been postponed from 30 November to 12 December. A new batch of updated compromise amendments shows rapporteur Elisabetta Gualmini is sticking to her guns. Bar few changes, including one which indicates that providing insurance or other social benefits cannot be seen as an indication of subordination, everything stays the same: criteria for the legal presumption have been deleted altogether, whilst an extensive set of new criteria has been added to inform and motivate the rebuttal of the burden of the proof. Internal divisions remain in the centre-right and might come to a head following the committee vote.

Follow the trend. As regulatory pressure on travel platforms grows, Airbnb, Booking and the like are looking for ways to make short-term rentals more sustainable. The idea is to disperse the tourist flows outside the usual tourist hotspots to prevent them from overheating and spread the economic benefit to more rural areas. The appetite to avoid tourist peaks already started under COVID and can be seen across different travel platforms, some of which are trying to actively nourish it. Local authorities are also taking similar initiatives. Read more.

Industrial strategy

LEONARDO is alive. Europe’s 2nd (and the world’s 4th) most powerful pre-exascale supercomputer was launched in Italy this week. The project stems from a partnership between the Commission and a number of other actors who together put forwards an investment of €120 million to fund the computer located at the Bologna Technopole to focus on environmental sustainability. In a joint project with Barcelona Supercomputing Center, the new facility will work on a digital twin for the two cities.

France’s €20 billion. The France 2030 plan, presented by the French government last year, is set to see an investment of around €20 billion into the digital and green transitions over this and next year, according to a preliminary assessment published last week. The funding will cover energy innovation, nuclear research and development projects and the electric vehicles industry. Read more.

Climate tech investments. The European Investment Fund (EIF) has committed €45 million to a fund jointly run with OTB Ventures for investment in tech companies working on innovative breakthroughs in enterprise AI automation, space technology, fintech and cybersecurity. The projects will have a particular focus on climate-tech solutions and is projected to raise €150 million.

Spain’s cloud strategy. The Spanish government launched a new strategy for cloud services for public administration based on a hybrid infrastructure and consolidation of data centres.

Law enforcement

e-Evidence closing. The Czech presidency asked and obtained from EU ambassadors an updated mandate on the e-Evidence regulation this week to secure a final agreement with the Parliament at the next trilogue on 29 November. The main outstanding issues are the definition of residency, the optionality to raise grounds for refusal, the suspensive effects of the notification or, in alternative, the obligation to delete transmitted data. Read more.

Cross-border CSAM. The Czech presidency’s latest compromise text on the Commission’s proposal for tackling child sexual abuse material has put forward a new section dedicated to cross-border content removal procedures. Also included in the new text are updates to provisions covering the independence of Coordinating Authorities responsible for overseeing these responses and the technicalities of individuals’ redress mechanisms. Read more.

No longer welcome. A speaker set to appear at a Parliamentary hearing on Spain’s involvement in the Pegasus scandal was uninvited this week after civil society groups wrote to lawmakers alleging that he had been working to discredit the organisations that borough the story to light. A second speaker, however, was retained after EPP support. Read more.

No court review. A LIBE committee proposal to request that the Court of Justice review the compatibility of the Second Additional Protocol to the Cybercrime Convention with EU law was rejected by lawmakers in the plenary this week. Civil society groups have raised concerns about the fact that the Protocol allows the transfer of personal data from EU private service providers to law enforcement in current or future parties to the Protocol, warning that its approval could lead to breaches of EU law.

Media

Nothing to see here. Publication of a journalistic investigation into political corruption was halted by a French court this week, eliciting outrage from lawyers and media groups who argue that it infringes upon press law and fundamental rights. The court ruled against the publication of Mediapart’s story, which focuses on two politicians from Les Républicains, without giving the outlet a chance to argue its case. Read more.

Democratic journalism. This week, the Commission published a €10 million call for journalism partnerships, half of which will, for the first time, be linked to public interest journalism or sectors of particular relevance to democracy. The funding, a €3 million increase on the previous two years, will be provided via the Creative Europe project.

Platforms

No staff, no office. The last remaining staff at Twitter’s Brussels office have reportedly left the company, just as regulatory scrutiny of big tech ramps up with the passage of the DSA into force last week. Emptying the office could spell trouble for the platform, as already the latest figures on the application of the Code of Conduct on Countering Illegal Hate Speech Online showed a negative trend. Read more.

Research & Innovation

Horizon projects. European Research Council (ERC) Starting Grants amounting to €636 million in funding have been awarded to 408 researchers as part of the Horizon Europe programme. The grants, aimed at early career scientists with two to seven years of post-PhD experience, will allow recipients to build teams and launch projects.

Telecom

5G on planes, Wi-Fi on cars. On Thursday, the Commission announced an update to the implementing decision on the spectrum for mobile communications on aircraft, designating certain radio frequencies for in-flight 5G. The 5GHz frequency bands were also amended to allocate some bands to Wi-Fi for in-road transport, which member states should implement by 30 June 2023.

Transatlantic ties

Show some results. At the third transatlantic Trade and Technology Council meeting set for 5 December, all sides are keen to demonstrate tangible progress from the previous two sessions. According to a draft statement for the upcoming summit, seen by EURACTIV, digital infrastructure in third countries, undersea cables, emerging technologies and an AI roadmap rank among the key areas set for the next summit, which will be ‘dense’ as Vestager and Breton will have to fly back for the Telecom Council. Standardisation, supply chain security and export controls are other points for discussion. Read more. 

 

What else we’re reading this week:

Lex in-depth: the cost of America’s ban on Chinese chips (FT)

Meta seeks government protection from Rees-Mogg’s EU law bonfire (The Guardian)

 

Theo Bourgery-Gonse contributed to the reporting.

[Edited by Alice Taylor]

Read more with Euractiv

Supporter

AI4TRUST

Funded by the European Union


Subscribe to our newsletters

Subscribe