Welcome to Euractiv’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“France shouldn’t boast and wave the word ‘sovereignty’ left and right. The government completely lacks coherence.”
– centrist Senator Catherine Morin-Desailly told Euractiv, commenting on the Mistral AI – Microsoft deal
Story of the week: The announcement of Paris-based company Mistral AI’s first commercial distribution partnership with US Big Tech Microsoft drew reactions from politicians in Brussels and Paris. Four Green MEPs, including the rapporteur and shadow rapporteurs of the EU’s AI Act, sent a letter to the European Commission, raising questions on transparency issues of the company’s lobbying and conflicts of interests of the Mistral AI’s main lobbyist: former digital secretary of State Cédric O. French centrist senator Catherine Morin-Desailly voiced similar concerns in December. Mistral’s new AI model, Large, will be available on the Azure cloud, just like OpenAI’s GPT-4. The company’s reliance on Microsoft’s cloud infrastructure comes as a shock for defenders of the French “cloud-to-the-centre” doctrine, which France tried to push within the European cloud certification scheme negotiations. Even though the new digital secretary of state Marina Ferrari said in an interview that “one should rejoice that Mistral breaks the Microsoft-OpenAI duopoly”, she failed to convince French MPs concerned about sovereignty and competition fallouts. Read more.
Don’t miss: The battle to lead the European Telecommunications Standards Institute (ETSI), one of the most influential organisations in setting technical standards for key global technologies, has entered a decisive phase amid continued tension with the EU executive. One of these candidates is Frenchman Gilles Brégant, current director of the French spectrum agency ANFR, Euractiv learnt from several well-informed sources. Brégant, who has the unique combination of being a European citizen and employment within a member state administration, is arguably the most agreeable choice for the Commission, which has been trying to counter US and Chinese influence amongst tech standards. Read more.
Also this week:
- Security challenges loom as EU Parliament starts using TikTok to campaign for elections
- Following TikTok, Meta announces 2024 EU election preparations
- After digital rights groups, consumer groups file complaints against Meta’s ‘pay-or-consent’ model
- MEPs approve law protecting journalists and human rights advocates (SLAPPs)
- European Parliament bans Amazon from its premises
Before we start: If you just can’t get enough tech analysis, tune in on our weekly podcast.
Artificial Intelligence
Google CEO acknowledged its AI tool “got it wrong”. Sundar Pichai told his employees in a memo that some images and text generated by Google’s AI tool Gemini were biased, which was “completely unacceptable”, and Google “got it wrong”. Pichai was reacting to social media users posting examples of Gemini’s image generator depicting historical figures in a variety of ethnicities and genders, such as black 1943 German soldiers. Pichai vowed to take several actions over Gemini.
Microsoft enters the telecom industry with its AI service. Microsoft announced on Monday it will sell an AI service that will be trained to protect against scam calls. The AI will be based on its Azure cloud. Called Azure Operator Call Protection, the AI can analyse content in real time and alert consumers of any suspicious activity. It does not require any installation and works on fixed or mobile telephones.
OpenAI lawsuit. The Intercept, Raw Story, and AlterNet have teamed up to address the unauthorised use of their journalistic content in AI and filed a lawsuit against ChatGPT-owner OpenAI, asserting copyright infringement. The companies allege that OpenAI used thousands of their articles to train chatbots without obtaining permission, offering payment, or providing credit for the content used, the Associated Press reported on Wednesday.
Watermarking AI content. The study “In Transparency We Trust? Evaluating Watermarking and Labeling AI-Generated Content” by the Mozilla Foundation, published on Monday, examines the difficulties in differentiating synthetic content online, despite efforts like watermarking and labelling. Seven methods, both machine-readable and human-facing, were assessed via a fitness check, but none were rated as “good,” revealing ongoing challenges in identifying synthetic content effectively.
Competition
Fears of Big Tech monopolistic expansion. As Microsoft prepares to €15 million in Mistral AI, the Commission received notification of the agreement and will look into it as part of its initiative to take a closer look at Big Tech investments in AI startups. Mozilla’s vice president of global policy Linda Griffin said that “it’s crucial that strategic partnerships like this do not lead to large technology companies expanding their influences and control from one market to another”, concluding that the fact regulators around the world, like the UK CMA, the Commission chose to remain vigilant was “good”.
Cybersecurity
Security challenges loom as Parliament starts using TikTok. On Tuesday, the European Parliament posted its first video on TikTok. However, the Parliament’s plan to use it in campaigning for the June EU elections, despite prior cybersecurity bans, raises questions about its secure implementation as specifics regarding the Parliament’s approach remain undisclosed. Euractiv looked into a possible safe implementation, while the latest episode of Euractiv’s Beyond the Byline podcast also focused on the subject. Read more.
EU-level cloud certification negotiations resume. The European Cybersecurity Certification Group met last week to discuss the controversial European Cybersecurity Certification Scheme for Cloud Services, in which France would like to infuse its SecNumCloud 3.2 security requirements at the EU level. However, this is considered a protectionist move by the Netherlands, which would lead a charge against it. The Belgians suggested removing French proposed sovereignty requirements from the highest assurance level but keeping it voluntary for each jurisdiction. France is preparing a non-paper defending the sovereignty requirements, in response to fears that these requirements might lead to a race to the top where actors will want to adopt the highest security level, even with less sensitive data.
NIS 2 transposition. Vincent Strubek, the director of the French security authority ANSSI, announced that the transposition of a draft bill of the landmark cybersecurity NIS 2 directive was ready. The bill will transpose the Digital Operational Resilience Act as well. The name of the bill is not yet known. France and all EU countries have until October 2024 to transpose the directive.
Data leak unveils Chinese spying method. Some 550+ documents published on GitHub, whose authenticity has been verified, show how the Chinese company I-Soon hacks and collects data on behalf of the Chinese government. Targets comprise 20 foreign governments or territories, especially in South-East Asia, but also including Nigeria, the UK and NATO. Some documents also show surveillance of Chinese ethnic minorities in Tibet and Xinjiang. As the source is yet unknown, the Washington Post does not rule out that the leak could come from a rival company competing for lucrative governmental contracts.
Security agency raises alert about increased cyber threats ahead of Olympic Games. On Tuesday, the French cybersecurity agency ANSSI published a report on the state of cyber threats in France. It notably recorded a 30% jump in ransomware attacks in France in 2023 compared to 2022. The ANSSI will be in charge of securing the Paris Summer Olympic Games, assessed as increasing the risk of cyberattacks.
Plans of the Paris Olympic Games traffic security plan robbed. A public servant of the Paris city council had his bag snatched in a Paris railway station on Monday, containing documents and a USB key with information on how the city council plans to secure traffic during the Olympic Games. However, later the Paris prosecutor’s office informed France Info TV that the USB memory stick of the professional contained information on Parisian road traffic during the Olympics, rather than sensitive security-related data.
Data leak at the National Family Allowance Fund. The French National Family Allowance Fund (CNAF) confirmed last Friday that some of its data had been accessed by hackers. Hackers used passwords leaked on the darknet to access beneficiaries’ accounts and thus their data. The data privacy authority CNIL has launched an investigation. According to the hacking group LulzSec, 600,000 accounts were corrupted, but the CNAF considers that only “multiple thousands” were illegally accessed by hackers.
Cybersecurity report. Key findings of SecurityScorecard’s Global Third-Party Cybersecurity Breach Report, published on Wednesday, reveal that 75% of third-party breaches focused on the software and technology supply chain. Third-party attack vectors accounted for at least 29% of breaches, while healthcare organisations were impacted in 35% of cases.
Quantum forum. The Quantum Internet Alliance introduced on Monday the world’s first global quantum internet technology forum at the Mobile World Congress 2024 in Barcelona. The forum, known as the QIA Technology Forum, aims to expand engagement on quantum internet across industry, academia, and ecosystem partners worldwide.
Data & Privacy
BEUC complains about Meta’s ‘pay-or-consent’ model. Eight organisations from the network of the European Consumer Organisation BEUC filed complaints on Thursday to their national data protection authorities against Facebook and Instagram’s ‘pay-or-consent’ model. These complaints are the latest in a series of challenges based on consumer law or data privacy against Facebook and Instagram’s parent company Meta. Read more.
MEPs back EU wallet in plenary. With 335 votes in favour and 190 against, the digital identity framework passed in the European Parliament’s plenary in Strasbourg on Thursday. It will now need to be endorsed by the Council to become law and aims to allow citizens to identify and authenticate themselves online without having to resort to commercial providers. The wallet is voluntary and electronic signatures should be free for EU wallet users.
€2.5 million fine against Ireland. The Court of Justice of the EU imposed a fine on Ireland on Thursday, for its failure to notify the full implementation of the revised Audiovisual Media Services Directive (AVMSD). Additionally, Ireland will have to pay a daily €10,000 fine from now until the full transposition of the AVMSD. The Irish government reacted by explaining it was fully committed to implementing the directive into Irish law and noted that the fines are lower than the maximum the Court could impose.
Right to data access. As announced on Wednesday, the European Data Protection Supervisor (EDPS) is joining the European Data Protection Board’s (EDPB) Coordinated Enforcement Action focusing on individuals’ right of access within EU institutions, alongside 27 other data protection authorities across the Europan Economic Area.
Digital diplomacy
Franco-Czech marriage called off. Czech billionaire Daniel Křetínský will not buy the French Atos IT services business, as the two parties failed to agree on terms and pricing. The failure is expected to further complicate Atos’s restructuring negotiations with its creditors. Burdened with almost €4 billion in debts, Atos negotiated with Křetínský to conclude a deal with more cash than initially planned, which eventually led to parting ways.
Digital Services Act
Complaint over alleged infringement of the DSA by LinkedIn. On Monday, the digital rights organisation EDRi and its partners submitted a complaint to the European Commission regarding a potential infringement of the DSA ad targeting restrictions. LinkedIn, a very large online platform under the DSA, is prohibited from targeting online advertisements based on profiling users using sensitive personal data such as political opinion, race or sexual orientation.
eGovernance
Paper on internet governance. CENTR, the organisation that advocates for European country code top-level domain name registries, like .de for Germany or .no for Norway, released a paper on Monday that delves into the inception, discussions, and pivotal attributes of the multistakeholder model in internet governance.
Industrial strategy
Taiwanese chipmaker opens factory in Japan, in bid to mitigate supply-chain risks. The Taiwan Semiconductor Manufacturing Company Limited (TSMC), the second most valuable semiconductor company after Nvidia and the tenth largest company in the world by market capitalisation, opened its first chips gigafactory in Japan on Saturday last week. TSMC controls more than half of the world’s chip production and, amid private and public pressure, has started diversifying its supply chains in the face of possible disruption risks due to a potential Chinese invasion on the Taiwanese island. The plant was established in 2021, construction started in April 2022 and production should start at the end of 2024.
Law enforcement
Member states tired of new tech regulations. The implementation of already-adopted regulations should be prioritised over the creation of new laws, argues a document sent by the Belgian Presidency of the EU Council to the EU delegations on the future of the bloc’s digital policy, dated 19 February and seen by Euractiv. The draft conclusions by the Council of the European Union on the future of EU digital policy touch upon the digital acts of the past years, cutting-edge technologies, cloud infrastructure, and digital transformation. According to the document, delegations can comment on the draft by 5 March, based on the guidelines and template circulated by e-mail. Read more.
New CSAM approach. According to Netzpolitik’s article, published on Tuesday, the Belgian Presidency proposed a refined approach to the regulation aimed at preventing and combating online child sexual abuse material (CSAM), in a document sent to the Law Enforcement Working Party. The text suggests focusing on categorising services by risk to enable more targeted detection orders and safeguarding cyber security and encrypted data, “while keeping services using end-to-end encryption within the scope of detection orders”. Contributions from delegations will shape further development, including assessing impacts on the proposed EU Centre’s functions and tasks. The agreed concept will be reflected in the legislative text.
Pornhub chatbot warned users not to seek CSAM videos. According to a Wired article, published on Thursday, over the last two years, individuals searching for child abuse content on Pornhub’s UK website have encountered interruptions. Whenever users input words or phrases associated with abuse, a warning message appears indicating that such content is illegal. Additionally, in half of these instances, a chatbot has directed users to resources where they can seek assistance.
Media
Anti-SLAPP law’s final seal of approval. The European Parliament approved in plenary on Tuesday, with an overwhelming majority, a law protecting journalists and human rights advocates from abusive legal proceedings designed to stifle freedom of speech, marking the end of a six-year push to get the law across the line. The final text includes provisions on early dismissal of manifestly unfounded cases, a broad definition of what constitutes a ‘cross-border’ case, and provides for compensatory damages for the defendant. EU countries will have until 2026 to implement the directive. Read more.
European media and Axel Springer hit Google with €2.1 billion lawsuit. 32 European media groups from 17 countries hit Google with a €2.1 billion lawsuit on Wednesday, saying they had suffered losses over the US company’s practices in digital advertising. The complaint was filed in a court in the Netherlands due to the country’s reputation for antitrust damage claims. Plaintiffs include Axel Springer SE and MediaHuis, owner of Euractiv.
Russia’s information war. Since 2014, Russia has used information operations to undermine Ukraine, as observed by the Digital Forensic Research Lab, according to a post by the Atlantic Council, published on Thursday. Following the DFRLab’s February 2023 report, “Undermining Ukraine,” a new edition explores Russia’s intensified efforts in 2023, introducing new tactics while reinforcing effective ones.
Platforms
Meta prepares for EU elections. Meta will focus on combating misinformation and countering the risks posed by AI in preparation for the June 2024 European Parliament elections, the company announced on Monday. Meta, the parent company of the social media platforms Facebook, Instagram, Threads, and WhatsApp, is now following in the footsteps of ByteDance’s TikTok, which announced its preparations for the elections on 14 February. According to Meta’s blog post by Marco Pancini, head of EU affairs, “content that could contribute to imminent violence or physical harm, or that is intended to suppress voting” is being removed from Facebook, Instagram, and Threads. Read more.
No Amazon in Parliament. The European Parliament decided to ban Amazon representatives from accessing its buildings on Tuesday, due to multiple events where the global retailing giant did not attend meetings requested by members of the European Parliament, the European Parliament press service confirmed Euractiv. This follows the news from early February, when, as Euractiv also reported, members of the Parliament’s employment committee wrote a letter to the institution’s president, Roberta Metsola, saying that lobbyists from Amazon should have their badges to the Parliament revoked “until the company’s management is willing to engage in genuine dialogue with the Parliament”. Read more.
Short-term rentals rules adopted. On Thursday, MEPs adopted in plenary in Strasbourg the compromise text on short-term rentals, which, like the vote of the European Parliament’s Committee on the Internal Market and Consumer Protection (IMCO), was welcomed by Airbnb. Once the Council approves the text, it will be enforced 24 months later. Read more.
Political advertising rules adopted. On Tuesday, the Parliament adopted transparency rules for political advertising, aiming to safeguard election and referendum campaigns against interference. These regulations will oversee political advertisements, particularly those online, and establish a framework to facilitate political entities in advertising more efficiently throughout the EU. “The rules adopted today play a pivotal role in helping citizens discern who is behind a political message and make an informed choice when they head to the polls”, said MEP and rapporteur Sandro Gozi on Tuesday.
Telecom
Connectivity package presented at Mobile World Congress. The annual MWC Barcelona took place from Monday to Thursday. Several companies presented their latest innovations, Lenovo presented a computer with a transparent screen, Motorola’s rollable phone and Samsung a smart… ring! Single Market Commissioner Thierry Breton went there and repeated the three pillars of the connectivity package presented last week: securing investment, changing the regulatory framework, and protecting infrastructures.
Iliad invests in Tele2. The French telecom group Iliad, owned by billionaire Xavier Niel, announced on Monday it will acquire a little less than 20% of Tele2, a major telecom operator in Sweden and the Baltics, buying the shares of the Kinnevik group. The deal should be finalised in the third quarter of 2024. Created in the early 1990s, the Iliad group owns telecom operator Free and is now doing business in Italy with Iliad, and with Play in Poland.
What else we’re reading this week:
Mistral AI co-founder: ‘We can compete with Google or OpenAI’ (Le Monde)
AI Targeting, Used in US Airstrikes, Is Just The Beginning (Bloomberg)
Alibaba Unveils Big Cloud Price Cuts as AI Rivalry Deepens (Bloomberg)
[Edited by Zoran Radosavljevic]
