Welcome to Euractiv’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“Foundation models differ from more traditional narrow AI models on the basis of their numerous capabilities.”
-Spanish presidency’s preparatory document for the next trilogue on the AI Act
Story of the week: At the start of this week, the Spanish EU Council Presidency shared a preparatory document touching on the core areas of the AI Act. On foundation models, the tiered approach of the EU Parliament has been taken on board, only with a different terminology. On top, there are ‘very capable’ foundation models, like OpenAI’s GPT-4, which would have to go through external vetting before and after market launch. General Purpose AI systems at scale, like ChatGPT, also be subject to external red-testers and risk management obligations. All foundation models would be subject to transparency requirements. The European Commission sent a non-paper to the Parliament later in the week that followed the Council text word for word, except for a paragraph that proposed some vaguely defined metric for very capable foundation models, namely in terms of the amount of data consumed in training and potential impact, all conveniently left to be defined in implementing acts. An interesting detail that might be missed in a first reading of this very dense document is that the Commission is essentially taking over the AI Office, arguing that, like with the Digital Services Act, they should be in charge of policing the larger AI systems.
Much like the DSA, the plan is to finance this new office through a levy on the providers of very capable foundation models and GPAI used at scale. The Council and Commission seem aligned on this point and many others, and in fact, appear to be teaming up vis-à-vis the Parliament at technical meetings. Only in law enforcement, the EU executive’s non-paper has some differences with the presidency’s text. In particular, the Commission considers that the national security exemption as currently formulated goes against the treaties and that the four eyes principles should be derogated only in cases of immediate operational constraints for border control authorities. The presidency also prepared possible landing zones on fundamental rights impact assessment, sustainability obligations and workplace dispositions. All these key aspects of the file are expected to be discussed at the trilogue next Tuesday (24 October).
But those hoping that the AI saga would conclude next week are bound to be disappointed. While agreements in principle are being reached on some important aspects of the file, policymakers are still to put it in writing, and, as all policy insiders know, the devil is in the details. At least nine technical trilogues have been scheduled until 6 December, the real deadline for the Spaniards to broker an agreement. One of the most difficult parts to hash out is proving the categorisation of high-risk systems, which was one of the main topics of discussion at the political trilogue earlier this month. The European Parliament’s legal office issued an extremely negative opinion on the exception conditions, arguing they contradict the very purpose of the AI Act and would lead to legal uncertainty. Civil society organisations have been saying that for quite some time. EU lawmakers are now back to the drawing board, but it will be difficult to ignore such influential legal advice even if the temptation to include a filtering system is still there.
Don’t miss: The Connecting Europe Facility committee met on Monday to approve allocating EU funds for subsea cable projects. However, the lack of clarity in distributing funds led to questioning from some EU countries since the quality score did not match with the distribution of the grants. The Commission aimed to finance as many projects as possible, but the scarce resources and opaque allocation criteria are generating frustration among the very countries that are meant to support the EU’s grand strategy of subsea cable. Read more.
Also this week:
- The UK’s AI Safety Summit is set to highlight the risk of losing control over state-of-the-art AI models.
- ENISA warned that AI might be a disruptive factor in the next European elections.
- The European Cybersecurity Competence Centre finally has an Executive Director.
- The Commission asked member states to speed up the set-up of the Digital Services Coordinators while requesting information from Meta and TikTok.
- A Commission’s campaign to promote its proposal to fight the dissemination of child sexual abuse material is being investigated by the European Data Protection Supervisor.
Before we start: If you still crave more tech analysis, tune in to our weekly podcast.
Today’s edition is powered by META
Training engine mechanics in the metaverse
Aviation companies like Lufthansa Technik use VR training programmes to help mechanics effectively learn and practice crucial engine repairs over and over, helping them to be prepared to keep engines in top condition.
Find out more
Artificial Intelligence
UK’s catastrophic mood. While it is still unclear who from the EU side will participate at the UK’s Artificial Intelligence Safety Summit on 1 and 2 November, an early draft of the communiqué was shared in the Council on Monday. The conclusions point to the potentially catastrophic dangers of frontier models, Big Tech terminology to dub state-of-the-art large language models. In particular, Downing Street is worried that rouge actors might use AI to develop bioweapons or large-scale cyber-attacks or that the AI models might shut down human control and “seek to increase their own influence” (and maybe start chasing Sarah Connor). Read more.
Deepfakes and manipulation campaigns. ENISA, the EU cybersecurity agency, has warned that powerful new AI models might become a disruptive factor in the EU elections next June as malicious actors could use them to run large-scale information manipulation campaigns. The warning is part of the 2023 Threat Landscape, in which the cybersecurity agency takes stock of the evolving trends annually. The spotlight is on possible disruptions related to AI chatbots, like the renowned ChatGPT and any form of AI-fuelled information manipulation. The first test of a deepfake tilting an election occurred earlier this year in Turkey, where one of the main candidates for the presidential elections withdrew from the race after a manipulated sex tape went viral. Read more.
Stanford’s transparency index. Stanford HAI’s Center for Research on Foundation Models announced its Foundation Model Transparency Index on Wednesday, rating foundation model developers’ transparency. The findings show uneven results but no foundation model scored more than 55%.
Supercomputers and space law. The European Commission will present an initiative to open up European supercomputers to AI start-ups at the beginning of next year, according to an early draft of the Work Programme seen by Euractiv. Also on the digital agenda are an EU space law and a strategy for the space data economy.
AI system principles. The Commission launched a stakeholder survey on the draft G7 guiding principles for developers of advanced AI systems. The 11 guidelines are much more developed at this stage, but the way the survey was released – quietly on a Friday and with a one-week window – does not seem intended to maximise participation.
Competition
Let’s build that bridge. EU Commissioner for Justice and Competition Didier Reynders talked about privacy and data protection being the key issue in merger control at the 2023 ICN Annual Conference in Barcelona on Wednesday, hosted by the Spanish National Markets and Competition Commission. Reynders, who has taken the interim of DG COMP with Margrethe Vestager’s departure, is also the boss of the EU data protection department and, therefore well-placed to fill a regulatory gap that has now been certified by seminal case law.
Investigating cloud services. The British Competition and Markets Authority published an issues statement on Tuesday introducing the initial scope of the cloud services market investigation, which also includes potential solutions in case competition problems would emerge during the investigation process.
Cybersecurity
Executive Director saga ends. After almost two years of delays, the European Cybersecurity Competence Centre has an executive director, ending a controversial saga. Luca Tagliaretti, formerly the deputy executive director of EU-LISA, has been elected to lead the governing board of the EU Cybersecurity Competence Center for the next four years during a meeting in Athens last Friday. The question is if he will now manage to make the ECCC an actor of weight in the EU cybersecurity posture.
Belgium under cyberattack. Several Belgian public service websites were affected by a suspected DDOS cyberattack on Sunday, and were made accessible again at dawn on Monday. The sites affected included the websites of the Federal Public Service Finance, the Prime Minister’s Chancellery and the monarchy, and the Senate website. Other websites of the Belgian institutions were already attacked last Thursday.
Cyber warfare, the new norm. According to an article on Website Planet, the Israeli-Hamas conflict shows that cyber welfare is “the new normal”. The most common are the denial of service (DoS) attacks. However, hacktivist groups’ technologies seem to be less effective in the conflict between Israel and Hamas than they were against Russia in the Ukrainian-Russian War.
Another study on cyber attacks. The cyber threat landscape increased for SMEs. According to a new report by the DIGITAL SME Information Sharing and Analysis Centre, the increase amounts to 57%, with a total of 155,683 phishing campaigns, demonstrating the versatility of cyber threat actors.
Data & Privacy
Cookie pledge – doomed to fail? The participants of the cookie pledge met on 2 and 9 October with the Commission, with the idea of bringing in further technical work on the pledging principles. According to the summary report, seen by Euractiv, there were several presentations from publishers, advertisers, experts, and activist Max Schrems, the thorn in the Commission’s side. The Commission said it would involve the EDPB in the draft of pledging principles that will be discussed in the next plenary at the end of November. However, none of the participants Euractiv talked to seems convinced anything meaningful will be concluded before the end of the year, the deadline the Commission gave to sign the pledges. Perhaps it was too ambitious for DG JUST to think they could wrap up years of controversy in a few months. Or perhaps failure, in this case, is not a bug but a feature. Reynders already made clear he sees voluntary initiatives as a prelude to binding regulation, and the EU executive has already commissioned a study to back a future Digital Fairness Act due in Q2 2024. Nothing justifies a legislative intervention like the failure of a non-binding initiative.
Surveillance and the Olympics. A committee will be set up to address the advantages and disadvantages of experimenting with algorithmic processing of video surveillance images for the 2024 Olympic Games in Paris. The committee will consist of a panel of leading figures and a panel of user departments.
French online bill. The French Assemblée Nationale adopted the bill on Tuesday. The new law in the digital space touches on cyber harassment, online fraud and the protection of minors. The bill also attempts to introduce more competition among cloud infrastructural providers.
Digital Markets Act
Choice screen preferences. A study by BEUC, the European Consumer Organisation, about the design of choice screens in the context of the Digital Markets Act (DMA) shows that users prefer familiar choices over unfamiliar ones. BEUC notes that the choice screens have to be well-designed for users to pick them. This is also what a Mozilla study showed in September. The study also reveals that consumers get more choices in online services due to the DMA.
Digital Services Act
Speed it up, will you? The Commission wants member states to speed up the establishment of the DSA’s Digital Services Coordinator to deal with illegal online content and bolster incident response coordination through a resolution adopted on Wednesday. Commissioner Thierry Breton, the driver of the initiative, met with the MEPs part of the DSA Working Group on the side of the plenary, mostly to discuss how the new digital rulebook can address the disinformation related to the new Israeli-Palestinian conflict and how to activate the crisis protocol. However, the Commission’s call to accelerate ignores that many EU countries are already struggling with the current timeline. Read more.
Does loud mean effective? On Thursday, the Commission requested information from Meta and TikTok about their risk mitigation measures to protect the integrity of elections followed by the terrorist attacks. TikTok must also share compliance with other elements of the DSA, especially provisions related to the online protection of minors. The tech giants have to provide information by next Wednesday about their crisis responses, and by 8 November about the elections’ integrity and minors’ protection. These requests follow Breton’s activism as the EU digital policeman following the deflagration of a new crisis in the Middle East. But not everyone is convinced this is the right way to fight disinformation.
Industrial strategy
A STEP towards competitiveness? The European Parliament voted in plenary in favour of a negotiating mandate for a new Strategic Technologies in Europe Platform (STEP) on Tuesday, but lawmakers warned this must only be a first step towards a full-fledged sovereignty fund. The negotiators hope to agree on a final text before next June’s EU elections. Read more.
Institutional corner
Committee reform. The much-awaited reform of the European Parliament’s committee seems to be at long last on its way. The restructuring was laid out in a reflection paper circulated by the secretariat last month, which suggests the creation of a Digitalisation, Innovation and New Technologies committee that “regrouping all the competences on general digital infrastructure and horizontal digital issues currently shared among ITRE, IMCO, JURI and LIBE would eliminate the biggest source of conflicts of competence and of complex modalities of cooperation of this legislature.” However, one can already foretaste new conflicts of competencies arising with the Competitiveness, Internal Market and Industry committee.
Law enforcement
Why are you (micro)targeting me? The Commission’s use of microtargeting techniques on Twitter/X to promote its law to prevent the dissemination of child sexual abuse material (CSAM) is under investigation over concerns it might have violated the EU data protection and privacy rules. The countries concerned are the Netherlands, Sweden, Belgium, Finland, Slovenia, Portugal, and the Czech Republic, precisely those whose governments have opposed the EU executive’s legislative proposal. The ads have been viewed more than four million times based on interests such as privacy, political orientation and religious beliefs. Read more.
Meanwhile, in the Parliament. Euractiv learned this week that grooming will be taken out of the detection orders’ scope in the CSAM proposal but will still be part of the mitigation and risk assessment measures, as discussed in a shadows’ meeting on Wednesday. MEPs want grooming to be dealt with in a separate legislation. The text is not mature yet for the committee vote, which has been postponed to a date TBC. However, next Wednesday, Commissioner Ylva Johansson is expected in LIBE for a hearing following the committee’s request to DG HOME to provide all communications with Thorn and other child protection organisations. One of the authors of the Balkan Insight article that drew some controversial connections between HOME and these organisations will also participate in the hearing, as will Europol.
Media
EMFA trilogue. The first trilogue on the Media Freedom Act took place on Thursday. Besides the customary exchanges, the co-legislators rubberstamped the text on the right of the customisation of audio-visual offers and audience measurement. The next trilogue is planned for 29 November.
Platforms
Influencers business. Consumer authorities and the Commission will look into influencers’ business practices, a market estimated to have a global value of nearly €20 bn this year. Commissioner for Justice Didier Reynders said the business model comes with legal obligations: “influencers too must follow fair commercial practices, and their followers are entitled to transparent and reliable information”. The results of this ‘social media sweep’ will be included in the Digital Fairness fitness check, an exercise meant to feed into a future Digital Fairness Act.
Telecom
The struggle continues. As the ministers responsible for the telecommunications portfolio are due to gather in Leon for an informal meeting early next week, expect most of the discussions to focus on what to expect from this brand-new Digital Networks Act. It remains to be seen if the Spanish Council presidency will keep pushing for the senders-pay principle, although it is not specifically mentioned in the agenda or discussion paper. Commissioner Breton will try to sell his upcoming white paper, which is his way of setting the scene for the next Commission (whether or not he will be in charge of the digital portfolio). But only because no legislative proposal is coming anytime soon, do not expect the intense lobbying on one side or the other to stop, since 90% of white papers result in legislative action. Broadcasters and NGOs issued a joint statement against network fees ahead of the ministerial meeting, while the telcos have launched an expensive new campaign in favour of the fair share.
Behind the scenes. Meanwhile, strong wording favouring a senders-pay initiative made a last-minute appearance in the Commission work programme for next year. On Thursday, the Commission presented the results of the exploratory consultation to the Telecom Working Party, shedding some light on what might have tilted the balance against the senders-pay: network vendors seem more in support than market-based bilateral negotiations with a dispute resolution mechanism. Their opinion is particularly relevant since Ericsson and Nokia are the only European champions left in this field. What to expect from the DNA, then? Euractiv understands the proposal is only expected for 2025 and would touch upon three main topics: R&D investments much like in the Chips Act; radio spectrum, perhaps with a targeted amendment of the Electronic Communications Code to turn the policy programme into a binding instrument; and market consolidation.
Latvia and telecom. The Latvian government committed on Wednesday to helping Ukraine restore and develop its telecom infrastructures, supporting it in meeting the EU telecom acquis, and helping it to participate in EU and international programmes. Latvia is looking to capitalise on this strong position by leading in reconstructing and upscaling Ukraine’s ICT networks. Read more.
PangeaCo and Telefónica gets green light. The Commission cleared the acquisition of PangeaCo by KKR and Telefónica on Tuesday, in line with the EU Merger Regulation. According to the Commission, the merger does not raise concerns about competition because it only has a limited impact in the European Economic Area.
No white smoke on GIA. On Thursday, the Spanish presidency did not reach a majority for a general approach to the Gigabit Infrastructure Act. The discussions on the file will only be picked up again on 14 November, when a fourth compromise text is expected to be discussed, as the attaches’ agenda is already cramped and they want to finalise the easier stuff first.
New challenges. According to a document from an informal meeting of telecommunications ministers, dated for next Tuesday, the telecom sector faces new challenges and opportunities “due to the convergence between telecommunications and cloud-based software-defined networks”. Because of this, the “regulatory and competition policy paradigm” has to be updated.
What else we’re reading this week:
US-China chip war: Beijing unhappy at latest wave of US restrictions (BBC)
Inside the quest for unbreakable encryption (MIT Technology Review)
Will the AI Act clip the wings of regulators? (Euractiv)
[Edited by Zoran Radosavljevic]
