Welcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“The co-rapporteurs have done a great job finding the least controversial part.”
– A European Parliament official on the first batch of compromise amendments to the AI Act
Story of the week: The herculean effort of reaching a compromise on the over 3,000 amendments to the AI Act has officially started this week, as the first batch of compromises, obtained by EURACTIV, have been circulated ahead of the technical meeting on Monday. Understandably, the co-rapporteurs decided to start from the least controversial part of the proposal to make some progress before the summer break. The approach to the amendment stage is also clearer now: the leading MEPs will proceed in blocks, addressing at once the articles and recitals clustered around specific topics.
The most politically significant proposal is the complete removal of the derogation from conformity assessment. This emergency procedure would enable national authorities to use an AI system that has not been deemed compliant in case of a public emergency. The rest of the compromises relate to the administrative procedures for notifying authorities, which would need to have personnel competent in fundamental rights protection, and the requirements for notified bodies, introducing anti-revolving doors measures for high-risk AI system providers and NIS2-level cybersecurity standards.
The Parliament’s compromise also covers the standardisation process, introducing stricter timing and stakeholder representation requirements. Ensuring the inclusion of societal stakeholders was also one of the key points made by the European Telecom Standards Institute (ETSI), one of three standards bodies that have received a draft standardisation request from the Commission on the AI Act. However, ETSI also proposed moving the definition of AI and categorising high-risk systems to technical standards in a letter sent to the EU executive and seen by EURACTIV. The standardisation body also made interesting remarks concerning risk management, the alignment with existing standards and the conformity assessment process. Read more.
Don’t miss: The Digital Markets Act and Digital Services Act were formally adopted by the European Parliament on Tuesday. On the same day, internal market commissioner Thierry Breton shared some details on the enforcement of the two landmark regulations. Breton’s service DG CNECT will set up horizontal units dealing with societal, economic and technical issues. This structure should help the Commission fill in the gap of resources for the DMA implementation since the horizontal units will be largely financed with the DSA’s supervisory fees. Still, they will provide the technical expertise for enforcing the rules on gatekeepers as well. In total, the European Commission will dedicate to the enforcement of the DSA and DMA 100 full-time employees, with the latter being equally shared between DG CNECT and DG COMP, the competition service. A European Centre for Algorithmic Transparency will also be put in place in cooperation with the Commission’s Joint Research Centre. It will mostly focus on vetting very large online platforms under the DSA. Read more.
Also this week:
- The Czech Presidency circulated the first compromise on the Chips Act.
- Amazon saw several competition fronts opening in just one day.
- Meta’s nightmare on interrupting EU-US data flows got one step closer.
- Progressive lawmakers want to crack down on astroturfing lobbyists.
- The Commission announced its agenda for deep-tech.
Before we start: The Commission’s Joint Research Centre recently published a report with a comparative analysis of the national strategies for Artificial Intelligence across the EU. We discuss the topic with Raquel Jorge, one of the report’s authors, diving into the state of AI uptake in Europe, what best practices are emerging, the challenges from the lab to the fab and potential approaches on regulatory sandboxes.
Artificial Intelligence
Czech Presidency kicks off. The first Telecom Working Party of the Czech Presidency took place on Tuesday. On the table, there were a series of options Prague shared a few weeks ago. Based on this preliminary discussion, most member states want a narrower definition, with an EU diplomat making it likely that Annex I will be merged directly with Article 3, but leaving the door open for defining techniques later on via implementing acts. The discussion on which high-risk applications should be removed or included under Annex III is still in its infancy, but the consensus is that the wording needs to be sharper. The Presidency’s proposal to add an extra layer of high-level criteria to assess risk has been welcomed by several EU countries, although it was coldly received by the European Commission. The member states do not seem keen on letting the EU executive launch its own market investigations and enforcement. On the national security exemption, the diplomats requested further legal analysis.
Competition
Bundeskartellamt bites again. Germany’s antitrust body now also decided that Amazon is of “paramount significance across markets”, as has already been established with Google’s parent company Alphabet and Facebook’s parent Meta. The national competition authority has been using Section 19a of the Act against Restraints of Competition, which has been in force since January 2021, to initiate multiple proceedings against the Big Tech players. Andreas Mundt, the authority’s president, had previously announced that national bodies should play an active role, for instance, in cases where the behaviour of companies only affects some member countries or situations that are not a high priority for the European Commission. Read more.
Amazon’s bad week. On the same day of the Bundeskartellamt’s announcement, the UK’s Competition and Markets Authority also opened an investigation on Amazon. Also, in this case, the concern of the antitrust watchdog regards the fact that Amazon is both a retailer and a marketplace; hence it might favour its own products against those of competing sellers. The CMA’s probe will focus on third-party sellers’ data, the criteria for featuring in the ‘Buy Box’ and accessing Amazon’s loyalty programme Prime.
Acquisition inquiry. The UK’s Competition and Markets Authority (CMA) has also launched an investigation into Microsoft’s acquisition of gaming company Activision Blizzard, with a Phase 1 decision expected by the start of September. The €68.7 billion deal was announced earlier this year and is set to make Microsoft the third-largest player in the gaming world by revenue. The merger is already the subject of scrutiny from the US Federal Trade Commission, which was revealed last month and focuses on the implications of the move for the US labour market. Read more.
Raiding the raiders. Competition concerns led the Commission to conduct unannounced inspections of the premises of companies providing online ordering and delivery services in two member states this week. The inspections, a preliminary step in a broader investigation, were triggered by concerns over alleged cartel behaviour whereby companies agreed to share national markets. German takeaway company Delivery Hero and Spanish counterpart Glovo were named by Reuters as the companies raided and could face fines of up to 10% of annual global turnover if found to have breached EU competition law.
Data & privacy
Influencer: update your CV. The Irish Data Protection Commissioner shared with its European peers its draft decision on blocking Meta from transferring the personal data of EU residents to the United States, as first reported by Politico. The other data protection authorities now have one month to provide their inputs. In case of disagreement, the decision would be referred to the European Data Protection Board’s dispute resolution mechanism. An eventual stop to the data flows would be the extreme consequence of the Schrems II ruling, in which the EU top court declared the US does not have adequate privacy safeguards. In the last annual report, Meta menaced that it would have to stop Facebook and Instagram in Europe if it could not transfer the data to its US-hosted servers, a threat that little impressed EU top ministers. Washington and Brussels are working on a Privacy Shield 2.0, but the negotiations are still far from having the legal framework in place in the coming months.
Targeted ads debate. A draft opinion on the proposed political ads regulation, released this week by LIBE rapporteur Anna Donáth, would see significant restrictions placed on using personal data in ad targeting. Amongst the report’s proposals are a ban on the processing of any personal data other than that which had been “expressly provided” by individuals for political advertising and a prohibition on the use of minors’ data in targeting or the deployment of targeting techniques in content intended for minors. Read more.
Germany & CSAM. New data shows that the hosting of child sexual abuse content in Germany has exploded tenfold from 2020 to 2021, and the country ranks fourth as the most exploitative location in the EU. At the same time, Berlin has been busy questioning EU proposals to tackle the phenomenon due to mass surveillance concerns through what critics call “chat control”. The debate on storing IP addresses continues within Germany. But while it often appears as if child protection and data protection were mutually exclusive, German MEPs have suggested alternatives to combat child abuse. Read more.
Here we go again. France’s data retention regime is once again before the EU Court of Justice after several associations decided to contest Arcom’s system of sending warnings in case of online piracy of cultural works. Under EU law, access to connection data can only be granted under two conditions: if it concerns serious crime and is subject to prior control of such access by an independent authority. According to the complainants, these two conditions are not met in this context. France, for its part, argues for an exception, considering that the massive nature of the offences in question reveals the seriousness of these acts. In a sign that this issue goes beyond France- Denmark, Finland, Sweden, and Norway sided with the government at Tuesday’s hearing to defend the possibility of using IP addresses in the fight against “ordinary” crime.
BEUC vs TikTok. The European Consumer Organisation (BEUC) has written to the Chair of the European Data Protection Board to express concerns about a recent change to the legal basis by which TikTok processes personal data for surveillance advertising which means it now relies on legitimate interests rather than consent. According to BEUC, this contravenes several articles in the GDPR and ePrivacy Directive, and the group calls for “swift action” from authorities to ensure TikTok’s compliance. BEUC also filed a complaint against the Chinese social media under consumer law, but the final outcome left the association unsatisfied.
Privacy (double) standards. New draft regulations proposed by the Israeli government have caused controversy over the implication that they would afford stronger protections to personal data originating in the EU than in Israel. The rights afforded would include rights to deletion and notification, amongst others, and would apply to data transferred to Israel by entities based in the EU. The proposal has been met with opposition and the potential for a legal challenge should it be introduced.
Searching for friends. The UK has announced an “in principle” deal on data sharing with the Republic of Korea, the first data adequacy agreement signed by the country since its departure from the EU. The agreement will reduce the restrictions on data transfers which the UK says will boost digital trade between the two states. The EU has deemed the UK’s post-Brexit data protection standards adequate, but concerns have been raised in Brussels over the potential for EU individuals’ data to be shared with third countries if the UK begins to strike new external deals. The move is in line with London’s broader data reform agenda, details of which were published last month.
Digital Markets Act
‘Fair’ choice screens. Top executives from several Google rivals have penned an open letter calling for enacting a set of principles that would enable consumers to effectively change their default settings. The leaders of DuckDuckGo, Ecosia and Qwant released the letter on Tuesday, the same day that the DMA was adopted by the Parliament, and set out the 10 guidelines they say should be put in place to make the switch. Amongst the suggestions are the inclusion of an option to make the change in the top-level menu, the intermittent reappearance of choice screens, for example, after system updates, and the application of the selected service to all access points. Read more.
Digital skills
Russian supplies. The German digital association Bitkom called on the German government to quickly launch the #greencard22 programme to facilitate the emigration of IT experts from Russia and Belarus. This would be a “win-win for all sides”, Bitkom argues, as it would weaken the aggressor and thus help Ukraine. It would also help Germany combat its skilled worker shortage, with 96,000 vacant jobs in the IT industry. Official security checks should be performed, and IT specialists from the two countries would have to reject Russian aggression. The proposal is currently being discussed among politicians. Read more.
Disinformation
Crackdown on state propaganda. Tech firms will be required to limit “state-sponsored or state-linked disinformation” on their platforms under a new amendment to the UK’s answer to the DSA, the Online Safety Bill. The amendment will link the legislation to the National Security Bill, which is currently making its way through parliament and is now set to include a new Foreign Interference Offence. The move will place a legal obligation on platforms to take proactive and preventative measures to identify such content and minimise users’ exposure.
eGovernance
Teasers before the summer. The European Parliament’s committees working on the European Digital Identity (eIDAS) have tabled their amendments. The leading ITRE committee addressed the crucial point of the “unique identifiers”, which the industry committee would like to apply only in a cross-border context. The Commission told EURACTIV that having a single identifier was unnecessary “and when identifiers are used, the strictest legal and technical safeguards must be applied”. Especially for countries like Germany, this is a very sensitive issue, as a lifelong, unique identifier would be unconstitutional.
Web authentication. Various proposals are on the table on how to address the issue of authenticating web pages. Internet leaders have expressed concern about the proposal’s Article 45, which would force web browsers to accept a system of Qualified Web Authentication Certificates (QWACs) from Certificate Authorities (CAs), irrespective of whether they met the browser’s security standards. Some political parties in Parliament proposed to delete the article altogether. Others proposed amendments through which web browsers could retain the right to suspend a qualified certificate when end-user privacy and security is compromised. The vote on amendments and the final report in the ITRE committee is scheduled for 26 October, and the final vote is in the plenary of November.
Gig economy
Convergence to come. The European Parliament’s first shadow meeting on the platform worker directive took place on Tuesday. The political groups have started to bridge their differences, and have converged in principle on a two-step process to verify the rebuttable presumption, which is still to be well defined. They also agreed that the definition of worker status would be left to national legislation. Still, the question remains to what extent the shadows of the EPP and Renew represent their respective groups. The first compromise amendments are expected after the summer.
Ciao ciao. Shopping delivery platform Gorillas announced on Monday that it was pulling out of the Italian market to focus on Germany, France, the UK, the Netherlands and New York City, where it generates most of its revenue (90%). The company said it had informed its workers of its decision and had begun discussions with the unions as part of a collective dismissal procedure. Three of its warehouses are already closed in Milan, Rome and Bergamo and the others are expected to be shut down in “the coming weeks”.
Industrial strategy
Chips Act, compromise I. Changes to scope, the role of competency centres and the privileges afforded to “first-of-a-kind facilities” are amongst the changes proposed in the Czech Presidency’s first compromise text on the Chips Act. Obtained by EURACTIV, the text is set for discussion at a technical meeting on Friday. Prague is pushing for making the European Chips Infrastructure Consortia open to new members and for more prescriptive provisions on the consortia’s statutes. Another important change regards the monitoring and crisis response mechanism, which would involve national authorities and the Commission in a coordination role. The Presidency also proposed lower fines for SMEs. Read more.
Digital debut. France has a new digital minister due to the government reshuffle concluded this week following the June legislative elections. The appointment of Jean-Noël Barrot to the role of minister delegate for the digital economy was welcomed by many tech players in France, who had been critical of the previous government for its lack of a minister dedicated solely to digital issues, Barrot’s position as minister delegate means he will participate in all meetings of the Council of Ministers, unlike his predecessor Cédric O, who held the title of Secretary of State and only attended meetings touching on topics directly relevant to his portfolio. Read more.
(Not so) Trusted cloud. US cloud service providers are making it clear that France’s “trusted cloud” label, which is given to companies deemed to afford users the greatest level of protection, including against the extraterritoriality of US law, will not stand in the way of their aims. Franco-American giants have been seeking ways to offer cloud solutions to French companies while maintaining their status as label recipients, but this has not been without pushback. French firms have raised doubts about whether this is a realistic plan, and some have argued that plenty of French cloud providers, intrinsically lacking the issue of US legal entanglements, already exist. Read more.
Delayed, vague and thin. Germany’s digital strategy was initially promised for the first half of 2022 but was delayed until 31 August. EURACTIV has seen the draft, which experts say falls short of expectations. Precise timetables, allocated budget, and measurability is often lacking. But the responsible ministry for transport and digital affairs has assured further adjustments and improvements. While digital topics are split over several ministries, the digital strategy shall act as a unifying tool with which the different bodies can coordinate their approaches. Read more.
Path to the path. The trilogue negotiations on the Path to the Digital Decade are not going as fast as the ambitious timeline implied. A major hurdle between the EU Council and Parliament has proven to be gender representation and skills. The Commission stepped in to play the peacemaker role, but the issue is still not completely solved as MEPs want to expand the reference to the digital divide also to geographical and gender-based imbalances. The progress on the article defining the collaboration between member states and the Commission has also been scarce, and the Council insists on deleting the article on the policy recommendations. Interestingly, in both the recitals and the articles there is elaborate wording to include both 5G networks and Wi-Fi as key drivers of the digital transformation so as not to displease anyone.
Media
Bad news from the front. The challenge of balancing freedom of the press with the protection of national security is proving a significant one in Ukraine, with Reporters Without Borders (RSF) this week calling on officials to remove limits on journalists accessing certain areas of the country after reports emerged of some having been detained. Some journalists, however, have been accused of giving away sensitive information about the location of civilian and military targets in their broadcasts and publications, in some cases leading to attacks and even deaths. That was allegedly the case of TF1, which has been accused of revealing the positions of Ukrainian soldiers leading to one dead. Last month, President Zelenskyy called on journalists to be responsible in their reporting and remain aware of the potential for Russian troops to use the information they share in planning assaults. Read more.
Platforms
The dark side of lobbying. Progressive MEPs have written to Parliament President Roberta Metsola calling for so-called “astroturfing” or shadow lobbyists to be banned from accessing the institution. The letter follows a recent op-ed by Georg Riekeles who worked in the cabinet of Commissioner Michel Barnier, in which the former Commission official denounced this practice detailing the role played by these groups in lobbying against the DSA. Social-democrat Paul Tang, Rene Repasi and Christel Schaldemose asked Metsola to identify and suspend parliamentary access to these shell groups. So far, the associations accused of pretending to speak on behalf of SMEs while advancing the interest of Big Tech are Targeting Start-ups, SME Connect, Allied for Start-ups and Connected Council, a European Parliament official told EURACTIV, adding, however, there are probably more. A reply from President Metsola is expected in the coming weeks.
Sharing is caring. Airbnb will have to share with tax authorities information on rental contracts, according to the European Court of Justice’s Advocate General. The opinion, which is non-binding but usually followed by the court, stems from a case centred on a 2017 Italian law requiring that short-term rental companies such as Airbnb pass on this information to authorities. While it was agreed that the company’s argument that appointing a tax representative constitutes a “disproportionate restriction on the freedom to provide services”, the ruling is a setback for Airbnb, which has faced off with several EU authorities over tax-related issues.
Ready to enforce. Ofcom, the UK’s communications regulator, is gearing up to implement the Online Services Bill once it comes into force, setting out its plan this week. Once its powers are in action, the regulator says, it will start by publishing its first draft guidance for risk assessments and Codes of Practice on illegal content, designed to advise platforms on compliance with the legislation, followed by Codes and guidance on protecting children and adults from legal harms. It also says it plans to prioritise engagement with high-risk and high-impact services. The strategy comes the same week that the parliamentary committee on Digital, Culture, Media and Sport (DCMS) introduced an amendment which would bolster Ofcom’s independence by preventing the Secretary of State for DCMS from ordering the authority to alter codes of practice. What remains to be seen is if the post-Boris Johnson government will resist the move.
Another battle. Amazon is arguing for the “lowest possible” book delivery charges, according to its response to a public consultation by French postal regulator Arcep, opened in the light of the December 2021 law that plans to establish a floor price for book delivery. “General bookshops offer a local service and mostly recent titles, whereas more than two-thirds of Amazon’s catalogue consists of books published more than two years ago,” the company wrote in its contribution obtained by AFP, arguing that its policy would not harm traditional booksellers, who have expressed their support for a minimum of 4.5 euros.
Research & Innovation
Deep-tech funding. The Commission this week released its new European Innovation Agenda, setting out five key pillars via which it plans to strengthen the EU’s deep-tech innovation. Among the initiatives planned are mobilising resources to fund scaleups, creating regulatory sandboxes and test beds for experimentation, developing pan-European innovation ecosystems to connect regional programmes, and increased upskilling efforts and fostering a more innovation-conducive policy framework. Read more.
No EU, no funding. The European Research Council (ERC) has announced that 115 grants set to go to researchers based in the UK will be terminated after the recipients chose to remain in the country rather than move themselves and their work to the EU. Tensions over the Northern Ireland Protocol have prevented the UK from associating with the Horizon Europe programme. The 150 researchers who won major grants were told in April that they had to leave the UK to receive the funds. The UK government has pledged to supply alternative funding.
Telecom
Net neutrality. A French Senate report on the country’s economic sovereignty calls for the creation of a ‘toll’ on digital giants to fund operators’ infrastructure investments – while the EU executive has already indicated that it is working to share these costs more equitably among players. “This request from operators seems to us to make sense,” Sophie Primas, a right-wing senator and the main rapporteur of the report published on Wednesday, told AFP. “It’s an old idea that comes up regularly,” said the president of telecoms watchdog Arcep, Laure de La Raudière, saying it was “legitimate to have a debate […], but we must not undermine net neutrality.”
Not so fast. While the idea is gaining traction, opponents are starting to get active. European broadcasters and VoD players said they found it “unacceptable” in a statement issued Friday. “We strongly oppose any calls for network fees or other types of ‘direct contributions’ to finance the ongoing telecoms infrastructure development in Europe,” they wrote, arguing that they already contribute a lot to the continent’s economy through investment obligations in culture, taxes and job creation.
Share the fair share. SMEs also want a piece of the cake, piggybacking on the telecom companies’ request to make platforms pay for their infrastructure. According to the Digital SME Alliance, the European Commission should ensure that these resources are invested in making digital connectivity affordable for SMEs.
Keep it going. The Commission has called on telecom companies to prolong existing initiatives that have allowed refugees from Ukraine to use their phones with low or no roaming charges for the past three months. The arrangement began in April and was assessed by the Body of European Regulators for Electronic Communications (BEREC) as having been very successful. It is now set to expire, prompting a joint statement facilitated by the Commission and Parliament pushing for its extension.
Ending the mess. A French senator wants to clean up the deployment of the fibre network in France, as the cascade of subcontractors is giving rise to numerous problems on the ground (broken cabinets, nodes, etc.). The right-wing legislator, Patrick Chaize, plans to table a draft law next week that would include coercive and financial measures. At the same time, he intends to launch a parliamentary enquiry.
What else we’re reading this week:
China: Buyout of UK’s largest microchip plant raises concerns (BBC)
Leaked Videos Show Disney Is the Biggest Ad Tech Giant You’ve Never Heard Of (VICE)
Intel Seeks Salvation in German Town of Boom and Bust (Bloomberg)
[Edited by Alice Taylor]