Welcome to Euractiv’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“The new provisions ensure that calls and SMS within the EU will be at the same price as the domestic calls from 2029.”
– European Parliament’s rapporteur Alin Mituța wrote on X at the end of the inter-institutional negotiation.
Story of the week: Representatives of the European Council, Commission, and Parliament agreed on a compromise text of the Gigabit Infrastructure Act: The tacit approval remains a voluntary principle while the abolition of intra-EU communication ‘surcharges’ is set for 2029-2032. The political agreement reached on Tuesday will need further technical meetings so that a comprehensive final text is put on paper, which will need to be approved by the European Parliament and the Council of the EU. For details on the tacit approval derogation possibilities and deadlines for intra-EU communication ‘surcharges’ abolition. Read more.
Don’t miss: On Wednesday, Meta announced that they were taking legal action against the European Commission over an annual supervisory fee that companies listed under the EU’s Digital Services Act must pay, with TikTok confirming on Thursday to Euractiv that they intend to do the same. “We support the objectives of the #DSA and have already introduced several measures to help us meet our regulatory obligations, but we disagree with the methodology used to calculate these fees”, a Meta spokesperson told Euractiv, with TikTok giving a similar answer. Read more.
Also this week:
- EU Parliament supports automated data exchange for police cooperation despite concerns
- Platform work rulebook hangs by thread ahead of member states’ final nod
- Germany adopts strategy to prevent global online censorship, experts unsure
- German government provides additional funding for tech start-ups
Before we start: If you just can’t get enough tech analysis, tune in on our weekly podcast.
Artificial Intelligence
AI Act approved. Last Friday, the ambassadors of the 27 countries of the European Union unanimously approved the world’s first comprehensive rulebook for Artificial Intelligence, rubber-stamping the political agreement reached in December. The European Parliament’s Internal Market and Civil Liberties Committees will adopt the AI rulebook on 13 February, followed by a plenary vote provisionally scheduled for 10-11 April. The formal adoption will then be complete with endorsement at the ministerial level. Read more.
British AI approach. On Tuesday, the British government published a response to its Artificial Intelligence whitepaper consultation, including the pace of progress in AI, the UK’s regulatory framework, risk monitoring, and challenges that AI systems pose.
Meta to label all AI images. Meta plans to implement technology capable of identifying and categorising pictures produced by other companies’ AI tools. The company already labels AI images generated by its own system. BBC reported on Tuesday that Facebook, Instagram, and Threads will implement the new decision. Following a fake video of US President Joe Biden, it was suggested that Meta should label such content instead of removing it.
New language model on the way. According to Handelsblatt’s article, published on Wednesday, an Austrian team is working on a new language model based on AI. The article reported that thanks to a new architecture, it should consume less energy and deliver results faster than the most potent AI models currently available.
Bard becomes Gemini. Google’s generative AI model Bard, launched last year, became Gemini on Thursday, according to a blog post by Sissie Hsiao, Vice President and General Manager at Gemini experiences and Google Assistant. The tech giant also announced that it is rolling out Gemini’s mobile app and Gemini Advanced, which is more capable of complex tasks “like coding, logical reasoning, following nuanced instructions and collaborating on creative projects”.
A-I German-French alliance. Germany and France will join forces to “develop artificial intelligence tools for administration”, BFM Tech & Co reported on Tuesday. The idea is, in particular, to create a common instant messaging software, limiting costs and capitalising on the efforts already made by the two countries, the Interministerial Digital Directorate and the German Ministry of the Interior explained.
Competition
Commission’s green light for Orange-MásMóvil merger? While neither the parties nor the Commission confirmed the merger, French newspaper Les Échos asserted it on Wednesday. The EU executive should render its decision on 22 February, a week after Orange presents its 2023 annual financial results. According to Les Échos, the Commission should let Orange buy MásMóvil in exchange for selling MásMóvil 5G spectrum bandwidths to Romanian Digi. Hopes might be dashed for those seeing a testbed merger derogating to the unofficial rule set by Commissioner Margrethe Vestager of four telecom operators competing per national telecom market.
An updated notice. On Thursday, the European Commission approved an updated Market Definition Notice, mandating the delineation of competitive boundaries among companies in evaluations of mergers and most antitrust cases. This is the first revision of the Notice since its adoption in 1997, but the Commission already launched the evaluation of it in 2020.
Antitrust cloud case brings rivals to the negotiating table. As the Commission’s directorate for Competition continues its examination of the CISPE complaint on Microsoft’s alleged monopolist bundle of its Office suite with its Azure cloud offer, both organisations announced publicly on Wednesday that they were talking to each other. The complaint was filed at the end of 2022, and the two organisations started to have closer contact at the end of 2023. The details of the negotiations are still confidential, but the companies agreed that in the event of a deal, its content would be made public.
Cybersecurity
OECD compares cyber-labour forces in Germany, France, and Poland. A report published by the OECD on Tuesday underlines that despite the high level of employment in cybersecurity, there is still a significant labour shortage problem. The shortage in Europe is estimated to be more than 300,000 skilled workers. “This is a global trend, the cybersecurity skills shortage,” said Despina Spanou, Head of Cabinet of EU Commission Vice-President Margaritis Schinas. The report examined current trends from 2018 to 2023 in employer demand in France, Germany and Poland based on online job advertisements and demonstrated that in Germany and France, there is a strong demand for knowledge of ICT security laws and standards as well as knowledge of information security strategies.
About 50% of French citizens victims of massive data breaches. Viamedis and Almerys, two companies managing third-party payments for most health insurance companies in France, were victims of cyber attacks in January, announced the data protection authority (CNIL) on Wednesday. Data from 33 million people was stolen during the data breach, including birthdate, social security number, health insurer, and contract guarantees. According to the Data Protection Authority (CNIL), bank information and health data were not leaked.
Data for sale. Eighteen thousand user credentials of Anydesk, a remote desktop software, were found up for sale in hacker forums for $15K, resulting in the firm forcing all users to reset their passwords. “We immediately took all necessary steps to investigate and mitigate the incident and continue to cooperate with all relevant authorities”, Anydesk said in a statement.
Experts concerned. An open letter by security experts, published by the Center for Democracy & Technology on Monday, emphasises concerns about the amendments to the UK’s Investigatory Powers Act (IPA), particularly about “the obligation for providers to notify the Secretary of State before making technical and other relevant changes to their products; and the requirements for providers to refrain from making any technical changes to their services pending the review of the legality of a notice issued under the IPA”.
Commission suggests two new cybersecurity certificates. A week after adopting the voluntary European Cybersecurity Certification Scheme on Common Criteria (EUCC), the Commission published its work program on cyber certifications on Wednesday. On the agenda are notably the definition of the European Certification Scheme for Cloud Services (EUCS), aiming at harmonising cloud security certifications, and the European Cybersecurity Certification Scheme for 5G (EU5G). These certifications shall complement the Cyber Security Act and the Cyber Resilience Act. The Commission notably suggested creating two new cybersecurity certifications to complement recent legislative developments, including a Certification of European identity Wallets and a Certification of managed security services.
Data & Privacy
Prüm II position adopted. On Thursday, the European Parliament adopted its position on the Prüm II regulation, a Commission proposal for automated data exchange for police cooperation, despite concerns by the European Economic and Social Committee, political parties, and civil society organisations. Read more.
France confused. In their rush to vote down burdensome amendments on a bill regulating consulting companies, Renaissance MPs also voted down amendments last Thursday that support its own cloud security strategy – casting doubt as to its consistency in pushing the scheme forward. Read more.
Privacy ≠ Cybersecurity. On Monday, the French Ministry of Education made public a Court decision ruling that the source code of Parcoursup, the software used by the Ministry to allocate high school students to universities, should not be made public, over cybersecurity concerns. This decision was met with surprise by French MPs specialising in digital. Organisations have been trying to obtain the source code of Parcoursup algorithm for the past six years unsuccessfully.
Fundamental rights at stake? Following the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) publishing a draft report on the General Data Protection Regulation (GDPR), DOT Europe asked for a legal analysis, which found that the draft report is risking violating the fundamental rights “of the parties under investigation” and “threatens to undermine core concepts and principles of the GDPR”.
Don’t tell your secrets to Gemini. The privacy hub of Google’s Gemini reminded users not to enter “confidential information in your conversations or any data you wouldn’t want a reviewer to see or Google to use to improve our products, services, and machine-learning technologies”. The page updated on Thursday says, “Google collects your Gemini Apps conversations, related product usage information, info about your location, and your feedback”.
Digital diplomacy
Fingerprints at the Parliament. The European Parliament will replace the manual registration of lawmakers’ attendance with a system based on scanning their badges and, voluntarily, fingerprints, according to a document about a bureau meeting on Monday, seen by Euractiv. The Parliament’s administrative body already discussed the matter in previous meetings, including last October, when bureau members discussed challenges around the proposal, like managing sensitive personal data such as fingerprints and compliance with the European Data Protection Supervisor recommendations. Read more.
Get out, Amazon. Lobbyists from Amazon should have their access badges to the European Parliament revoked “until the company’s management is willing to engage in genuine dialogue with the Parliament,” members of the Parliament’s employment committee have written in a letter to the institution’s president, Roberta Metsola. The letter, which has been seen by Euractiv but had yet to be sent, lists a series of incidents in which the US online retail behemoth did not heed the Employment & Social Affairs (EMPL) Committee’s requests for hearings and exchange of views. The EMPL Committee President, Dragos Pîslaru, has agreed to sign the letter, his office told Euractiv. Read more.
Digital Services Act
DSA briefing. A media briefing took place on Wednesday by Stiftung Neue Verantwortung about the Digital Services Act (DSA) with the think tank’s project director, Julian Jaursch. He reminded, among other things, that while larger online platforms have begun complying with DSA provisions, smaller platforms may face more significant changes and challenges. A policy brief followed the briefing on Thursday, emphasising that establishing a community of practice, including regulators, users, researchers, civil society, and companies, is crucial for effective DSA enforcement.
Plenary debate. On Wednesday, during February’s first plenary session, MEPs participated in a debate concerning disinformation and hate speech on social media. While most members supported the DSA as a potential solution to combat disinformation and hate speech, others voiced reservations, emphasising the importance of safeguarding freedom of expression. Questions were also raised regarding the criteria for identifying hate speech and disinformation.
Beyond the DSA. The DSA is not enough, the platform’s business models should be changed, said the French National Digital Council (CNN) on Wednesday in a contribution to the General Assembly of Information (EGI). The EGI project is to advise lawmakers by the summer with a concrete plan on how to enhance the right to be informed. The main proposal of CNN was to go beyond the DSA and compel platforms to open their platforms to third-party enrichment by the plugin and API developments (allowing one to tailor one’s interface), enhanced moderation possibilities, and choose between different information feeds.
Gig economy
Platform work rulebook hangs by a thread. Negotiators from the European Commission, Council and Parliament struck a deal on the Platform Work Directive – for the second time – on Thursday, with all eyes now on member states, who have been asked to rubberstamp it next week. Following failed interinstitutional negotiations over the directive last Monday, the Belgian Presidency circulated yet a draft text, significantly watering down the file’s flagship chapter on the legal presumption of employment. A debrief is expected to take place at a meeting of EU ambassadors on Friday, while a vote is expected to be held next Friday. Read more.
Industrial strategy
Germany to support start-ups. The German government plans to support local tech start-ups with €1.75 billion, but experts point out the envisaged funding would be a drop in the ocean, given that Germany is lagging far behind internationally in this field. The funds will go to start-ups in artificial intelligence, climate, quantum and biotechnology to strengthen German high-tech companies. Read more.
Experts unsure of Germany’s digital policy strategy. While the German government believes its international digital policy strategy, adopted on Wednesday, will foster bargaining power on the international stage while preserving democratic values and ensuring access to the internet without censorship, experts lament the lack of concrete measures. “The strategy now presented by the German government is a plea for democracy and freedom, prosperity, sustainability and resilience in the global digital age,” Volker Wissing, federal minister for Digital Affairs, explained. Read more.
Law enforcement
Trilogues on the way. Last week, the trilogue mandate for the interim regulation’s extension of the draft law aiming to detect and remove online child sexual abuse material (CSAM) was challenged under Rule 71(2) and was voted in plenary on Wednesday this week. The vote has been adopted, giving the interinstitutional negotiations the green light to start. Euractiv learned that a trilogue meeting is planned for next Monday. Meanwhile, separately from the CSAM draft law, the Commission proposed on Tuesday an update on the directive to fight child sexual abuse, saying that the current rules are outdated.
CSAM suggestions. On Monday, DIGITALEUROPE published its suggestions for the CSAM law, writing that “the right conditions” would be important for the industry to “develop and deploy mitigation measures by providing appropriate derogations from the ePrivacy”. The organisation also suggests that the Parliament’s text should be included on infrastructure services and the protection for end-to-end encryption, and the detection orders should be restricted in case of known CSAM.
Child safety at OpenAI. According to a post by OpenAI, the company is looking for a “Child Safety Enforcement Specialist” in San Francisco to review content that violates the company’s policies, ensure moderation runs smoothly, and assist investigations.
Media
Protecting journalistic freedom. According to the First Advocate General, Maciej Szpunar of the Court of Justice of the European Union asserts that an order to pay damages that is excessive acts as a deterrent, impacting both journalistic freedom and freedom of information. Szpunar suggests member states reject or revoke enforcement of such judgments to safeguard freedom of expression.
Platforms
Parliament to use TikTok for elections. The European Parliament is preparing to use TikTok during the upcoming election campaign despite EU institutions banning it from corporate devices last year due to cybersecurity concerns, the press service confirmed to Euractiv on Wednesday. Read more.
Hungarian digital authority not independent? MEPs have expressed their concerns about the independence of Hungary’s appointed authority to enforce the EU’s brand-new content moderation rulebook in a letter sent last week. Read more.
Standards
Standardisation work programme. The European Commission published its annual work programme for European standardisation last Friday, with four out of eight policy priorities addressing standard setting in technology and quantum computation infrastructure topping the list. Four policy priorities deal with technology – addressing quantum communication infrastructure, cybersecurity requirements, a trusted data framework, and the European digital identity. Read more.
Telecom
Commission updates Gigabit recommendation. On Tuesday, the Commission published an updated Gigabit recommendation that sets guidelines for national regulatory authorities to implement the European Electronic Communications Code (EECC). In May 2023, the Body of European Regulators for Electronic Communications published an opinion criticising the Commission’s first draft, considering it disregarded important provisions of the EU’s telecom laws.
Italian Telecom says no. Telecom Italia has turned down Italy’s bid of €750 million for its submarine cable unit, Telecom Italia Sparkle, which prolongs the sale of a vital asset for the government, Bloomberg reported on Wednesday.
Transatlantic ties
UN Cybercrime Convention still up in the air. The ongoing concluding session on the UN Cybercrime Convention, which will end on Friday, has yielded no concrete results so far. Notably, the private sector and civil society consider the text seriously deficient, while UN member states disagree on major parts of the draft, such as protecting personal data.
What else we’re reading this week:
Why China is betting big on chiplets (MIT Technology Review)
A fake app masqueradingas password manager LastPass just got pulled from the App Store (TechCrunch)
Activision Had Planned Layoffs Before Merger, Microsoft Says (Bloomberg)
Alina Clasen contributed to the reporting.
[Edited by Alice Taylor]
