Welcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“While considering the huge potential of new technologies, we must always ensure the safety of consumers.”
-European Commissioner for Justice Didier Reynders
Story of the week: This week, the European Commission showed how it intends to adapt its liability rules to new technologies, particularly Artificial Intelligence. The Product Liability Directive, which has been the ‘cornerstone’ of the single market for almost 40 years, has been revised to cover all types of software, including AI. The developer would be liable for its product post-market launch, particularly for patching up cybersecurity risks or any wrongdoings caused by machine learning. In cases where it is technically too complex to establish a causal link between a product and the damage, the causality is instead assumed under certain conditions.
A second proposal accompanied the PLD, the AI Liability Directive, anticipated by EURACTIV two weeks ago. The two proposals do not follow the same regimes since different Commission departments developed them. While the PLD follows a strict liability regime, the AILD is fault-based, meaning the claimant must prove the defendant breached the AI Act rules for it to apply. The other main differences are that the PLD only refers to material damages from the manufacturers. At the same time, the AILD also covers breaches of fundamental rights like discrimination and users of AI systems. Read more
Don’t miss: The EU Council’s Czech Presidency does not think that the AI Act’s obligations should directly apply to general purpose AI, following calls from several member states that there is no evaluation of how this could impact the market. Therefore, the proposal involves tasking the Commission to tailor the regulation’s obligations for these systems via implementing acts. The latest compromise text, circulated on Friday, also includes several provisions that would favour law enforcement, particularly about migration applications and sandboxes, transparency obligations, the governance architecture and the penalties. Read more.
Also this week:
- Leading lawmakers propose conditions for applying the AI Act to the metaverse.
- The European Parliament’s rapporteur strives for geographical balance on the Chips Act.
- Meta took down covert influence campaigns sponsored by Russia and China.
- Six member states laid out their ambitions for the upcoming Cyber Defence Policy.
- The Czech Presidency addressed some of the outstanding concerns on eIDs.
- The Commission’s proposed new sanctions against Russia include semiconductors and telecom equipment.
Before we start: This week, the European Commission presented two legislative proposals introducing liability rules for Artificial Intelligence, the revised Product Liability Directive and the AI Liability Directive. We discussed the two proposals and how they will interact with each other and with the AI Act with MEP Axel Voss and BEUC’s Deputy Director General Ursula Pachl.
A message by Salesforce
Strategic focus and external factors such as the Covid crisis have accelerated the digital transformation of the European Commission (EC).
To learn more about the EC digital transformation journey and the critical role of platforms, read this report:
Read the report >>
Artificial Intelligence
AI in the metaverse. The new batch of compromise amendments to the AI Act circulated on Wednesday put metaverse-specific provisions at the centre of the discussion for the first time. The co-rapporteurs proposed that the operators of the AI systems used in metaverse environments should fall under the scope of the regulation if these environments meet certain cumulative conditions. Environmental risks also feature prominently in the text. Significant changes were introduced in the obligations for high-risk systems, notably the risk management systems, data governance and technical documentation. At the same time, some of the most political discussions were put on hold, such as for foreseeable or unforeseeable risks. Read more.
Soft tool for tough reality. The German digital committee discussed UNESCO’s recommendations on AI ethics on Wednesday. This first globally-valid international law text on AI’s ethical development and use was adopted in November last year, following tedious discussions among the 193 UNESCO member states. According to Matthias Kettemann of the Hans Bredow Institute, the three significant fields of action are safeguarding civil rights, promoting diversity, and ensuring sustainability and global participation. Concerning the AI regulation, Kettemann said that this focuses more on the threats, while the Unesco recommendations focus on the “soft issues”. Countries such as Russia or China are not expected to follow the human rights-centred UNESCO recommendations, which do not have to be transposed into national law.
Cybersecurity
Cyber defence ambitions. In a non-paper circulated this week and seen by EURACTIV, six EU countries have urged the Commission to be ambitious in its cyber defence proposal, due for publication in November. Among other things, Austria, Finland, France, the Netherlands, Spain and Romania preached a better allocation of responsibilities, stronger cooperation with NATO and private actors, national programmes to implement cyber priorities, a grand scheme for cyber skills and the creation of a coordinating role for cyber defence actions. Among the priorities indicated are also the use of quantum-resistant cryptography. Read more.
Weapons everywhere. Everything, including information and technology, can be weaponised in modern warfare, former Finnish Prime Minister Alexander Stubb told EURACTIV this week, expressing support for Estonia’s proposed creation of a fixed public spending target for cybersecurity. The problem of becoming too dependent on one supplier for a critical resource has also been proven by the war in Ukraine, Stubb said, and a similar lesson should also be applied to semiconductors, where the aim should be cooperation with rather than total decoupling from China. Read more.
Keeping the guard up. While there has been no radical change in cyber threats since the beginning of the war in Ukraine, attacks have become more intense and sophisticated, said Juhan Lepassaar, executive director of ENISA. While there has only been one significant attack with spill-over effects, the cost of ransomware attacks is increasing, with skills shortages and the protection of critical sectors of particular concern. The agency chief reiterated that the incident reporting system is not working, and member states are unwilling to share insights about the often cross-border attacks. Read more.
Data & Privacy
Germany’s data retention hurdle. Berlin remains divided when it comes to the issue of storing IP addresses as a means of tackling online child abuse. At a meeting this week, government ministers argued that an EU Court of Justice ruling that earlier this month overturned indiscriminate data retention meant that the storage of IP addresses was under the purview of national lawmakers, expressing support for the action. Critics, however, argue that IP retention could place broad suspicion on everyone and expose large volumes of personal data rather than effectively tackling the issue of online child abuse. Read more.
To fine or not to fine. TikTok could be facing a £27 million fine following an investigation by the UK’s Information Commissioner’s Office (ICO), which found that the platform might have breached the UK’s data protection law. A notice of intent preceding a legal fine has been served to the company by the ICO over its practices between May 2018 and July 2020. In that time, the ICO has concluded TikTok may have illegally processed the data of children under the age of 13, failed to provide clear information to users and illegally processed special category data. The findings are provisional and do not equate to a ruling that the platform acted illegally; the ICO will now liaise with TikTok before reaching its final decision.
More money for enforcement. The Irish Data Protection Commission (DPC) is set to receive another €3 million in financing next year as part of Ireland’s new budget, released this week. The funds, intended to cover an expanded staff, two new Commissioner posts, legal fees and refurbishments of the DPC’s new office, will bring the watchdog’s overall budget to more than €26 million, an increase of 13% from last’s year’s figure.
Digital Markets Act
Publication postponed. The DMA is set to be published on 13 October. The publication in the EU’s Official Journal was initially scheduled for 26 September, according to an internal document seen by EURACTIV, but was postponed due to technical problems. Meanwhile, the implementing acts are expected to be published for consultation in November and will cover the gatekeepers’ notification mechanism, whereas other aspects will be left to guidelines. Digital chief Vestager announced during BEUC’s event on Tuesday that the Commission is planning a technical workshop to tailor the compliance setting to the platforms.
Disinformation
Meta vs disinfo. Meta shut down two unconnected covert influence campaigns based in Russia and China, the platform announced Tuesday. The two operations, which targeted audiences across the EU and US and touched on, among other things, the war in Ukraine, were removed from the platform for violating its policy against Coordinated Inauthentic Behaviour. The Russian campaign, the larger of the two and the “most complex Russian-origin operation that we’ve disrupted since the beginning of the war in Ukraine”, Meta said, functioned by mimicking legitimate and high-profile news sites such as The Guardian and Der Spiegel and then using them to disseminate pro-Kremlin content across various social media platforms. Read more.
Diplomats do something. Networks like these demonstrate the complexity of addressing disinformation, lawmakers said at a hearing on Thursday but added that the EU’s diplomatic service needs to develop a more comprehensive and coordinated strategy for tackling the issue. Multiple MEPs called for the EU External Action Service, the bloc’s foreign policy arm, to reassess its approach to strategic communication. The EEAS’s head of communications, Lutz Güllner, responded that any plan to address disinformation effectively would require a holistic view of the issue and its potential solutions, particularly given that the manner of the assault by those weaponising information could not be how the EU responds. Read more.
eGovernance
Getting more practical. The discussions on regulating the European digital identities (eIDs) have been tediously slow, as the file is highly technical. Now, the working methods are being discussed in detail, including the costs, the offline use and the interplay with other regulations. Earlier this week, the Czech Presidency presented its fourth compromise text, which was discussed on Wednesday’s Telecom Working Party meeting. The text addresses some outstanding issues related to certification, use cases and data protection. More here.
Gig economy
Two’s company; three is a crowd. The Transport (TRAN) committee is due to vote on its non-binding opinion relative to the platform workers directive next Monday. A draft version obtained by EURACTIV indicates MEPs want to increase the threshold passed, at which the legal presumption of employment is triggered. While a minimum of two out of five criteria must be met in the original Commission proposal, TRAN lawmakers now want to see that changed to a “majority of criteria” – thus alleviating platforms’ concerns that the commission proposal as it stands would make reclassification almost automatic. There appears to be a centre-right majority (EPP/Renew/ECR) for the opinion, which is expected to pass with a limited margin.
Algorithmic management. The shadow rapporteur meeting that took place on Tuesday (27 September) had MEPs focus on algorithmic management and the involvement of humans in decision-making processes. A set of undated compromise amendments EURACTIV obtained suggests not much has changed from Gualmini’s May 2022 legal report. Of note, the text enshrines that any decision touching on a worker’s dismissal “or equivalent detriment” could only be taken with a human in the loop. Almost all the algorithm’s elements to assess a worker have been subject to collective bargaining. The text has also been broadened to include “semi-automated” decision-making systems.
Priority file. According to an internal document from the Commission, which EURACTIV obtained, the platform workers directive has been singled out as Commissioner Nicolas Schmit’s DG Employment priority file, alongside the “coordination of social security systems” bill.
Industrial strategy
Chips Act draft report. In his draft report, the Chips Act’s rapporteur, Dan Nica, has addressed the concern that the legislation’s benefits could predominantly fall at the feet of larger member states with the financial capability to invest in “mega fabs”. The aspect of geographical balance is strongly felt in the EU Parliament (and Council) but is set to meet opposition by the concerned chipmakers and larger member states. Other significant changes regard the definition of first-of-a-kind facilities, the list of critical sectors that now includes automotive, monitoring supply chains, forming consortia, quantum technology and capacity building. Read more.
From chips to toilet paper. The eight Russian sanctions package could expand to cover virtually all semiconductors, according to a draft list proposed by the Commission and seen by EURACTIV. The text is likely to be finalised before the end of next week. Currently, it includes a lengthy list of products ranging from cars and steel to household appliances such as refrigerators and personal hygiene items, including soap and toilet paper. On the tech side, any telecommunication equipment will also be covered, including phones, cameras and optical fibre. Notably absent, however, is the ban requested by ‘hawk’ countries on Kaspersky Lab, the Russian cybersecurity firm accused of having ties to the Kremlin. Read more.
€200 million for digital tech. The EU Commission will invest €200 million in digital projects and is asking European companies, public administrations and other institutions for proposals. This is the third round of calls for proposals under the Digital Europe program. The deadline is 16 November. From this fund, €170 million shall be invested in data spaces, developing an AI platform to provide easy access for business and public administrations to trustworthy AI tools made in Europe, cloud-to-edge infrastructure, and specialised education programmes in the area of advanced digital technologies. The remaining €30 million are for European Digital Innovation Hubs to support the private and public sectors in their digital transformation. Read more.
Internet governance
ITU election results. Doreen Bogdan-Martin was elected this as the new Secretary-General of the International Telecommunication Union (ITU). Currently leading the organisation’s development bureau, the American, who will be the first woman to lead the UN tech agency, smashed with 139 votes the Russian candidate, Rashid Ismailov, who only got 25. The election was widely seen as a matter of foreign policy, mainly as there is a push by some authoritarian governments to push in ITU their agenda for a more state-controlled internet. The EU’s candidate for the post of deputy secretary-general, the Lithuanian Tomas Lamanauskas, was also successfully elected.
Law enforcement
A group of civil society organisations from across the EU are calling for a halt to an EU-funded project that they say is on the verge of rolling out “dangerous AI tools” marketed as “management solutions of migration flows”. Development of the ITFlows project’s EUMigraTool, the coalition says, should be immediately halted, as should the pursuit of related technologies that could be used to target groups and individuals and criminalise migration more broadly. Such predictive systems, the group says, could be used to predict irregular migratory flows, leading to potential abuses by governments to block border crossings and deprive people of their right to asylum and non-discrimination.
Platforms
Running out of cash. Meta has instituted a hiring freeze and announced further restructuring, leaving employees concerned about potential layoffs at the company. CEO Mark Zuckerberg this week told employees that he had hoped for greater economic stabilisation but that, in its absence, “we want to plan somewhat conservatively.” His comments follow cuts at several other tech companies in recent months and come after reporting earlier this year that Meta had axed existing plans to expand its engineering workforce and had already instituted separate hiring freezes. Budgets across the company are also expected to be reduced, Zuckerberg said this week, adding that the overall aim was “to steadily reduce headcount growth over the next year.” Meta is the company that is the most heavily invested in the metaverse, leading to significant financial exposure.
Research & Innovation
More funding for Ukraine. The Commission’s MSCA4Ukraine Scheme has launched a call for applications to support Ukrainian researchers who the war has displaced. The scheme, which has a budget of €25 million, will provide fellowships for doctoral candidates and post-doctoral researchers to continue their work and studies at host institutions in EU member states and countries associated with Horizon Europe. The scheme also aims to support researchers’ reintegration into Ukraine and to rebuild the country’s research and innovation capacity once the situation improves.
Telecom
Telcos’ coalition grows. Fifteen European telecom providers issued a strong call for big tech to contribute to network costs, part of an ongoing debate over the EU’s proposed initiative to mandate cost-sharing measures to fund the rollout of 5G and fibre cables. The group includes many more operators than the original four – Vodafone, Deutsche Telekom, Orange and Telefonica and argued that the EU had already missed opportunities offered by consumer internet and should act quickly not to repeat the same mistakes when it came to future developments, such as the metaverse. Read more.
The (energy) cost of connectivity. Mobile networks risk blackouts this winter due to potential power or energy rationing, and there are too few backup systems in many European countries, telecoms industry officials are warning. As riskier days approach, many EU countries and telecom operators are trying to get ahead of the issue and develop ways to ensure continued communication even in the event of widespread power outages. Read more.
India’s strategic autonomy. Tech giants’ concerns are rising over the Indian government’s push to require smartphone compatibility with its domestic navigation system. As part of Prime Minister Narendra Modi’s focus on boosting self-reliance and decreasing dependence on foreign systems such as GPS, India has developed a regional navigation satellite system, NavIC. Now, Modi’s government is looking to expand its use by requiring smartphone manufacturers to introduce it to phones sold from January 2023. The tech giants, however, have reportedly voiced concerns over the costs and disruption entailed in making such a switch. Read more.
What else we’re reading this week:
Texts show roll-call of tech figures tried to help Elon Musk in Twitter deal (FT)
Meta’s new AI can turn text prompts into videos (MIT Technology Review)
Laura Kabelka and Theo Bourgery-Gonse contributed to the reporting.
[Edited by Alice Taylor]