AI Act amendments, Germany’s data retention, standardisation politics – | #cybersecurity | #cyberattack

Welcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here


“It’s really tricky, if you find an agreement with the shadows you need to be sure that it is supported by members of both committees because one would not be enough. It’s a calculation game.”

-A European Parliament official on the AI Act


Story of the week: The political struggle over the AI Act marked a watershed moment this week, with as many as 3,300 amendments tabled by the different political groups. Although that might not be a record in itself for the European Parliament – CAP in 2012 received over 7,000 amendments – it is certainly remarkable that the AI Act managed to surpass the GDPR, signalling the importance and political attention attributed to the file.

EURACTIV provided a summary of the most significant proposals and the positioning of the main political groups on the critical parts of the proposal: AI definition, high-risk categorisation, prohibited practices, governance and fines. Perhaps the most unexpected development has been the change of position of LIBE’s rapporteur Dragoș Tudorache in support of a full ban on biometric recognition, although the most sceptical are seeing this as a tactical manoeuvre to have a bargaining chip in future negotiations.

Interestingly enough, both co-rapporteurs decided to present their amendments on their own, whereas those of the European People’s Party and the Greens were co-signed. To what extent the leading MEPs will be able to control their groups will be a determining factor in the negotiations, especially for Renew as the IMCO’s shadow, Svenja Hahn, seems closer to the centre-right than to Tudorache – see, for example, her amendments on general-purpose AI.

Brando Benifei might also have his fair share of problems in dealing with his group internally, as, for instance, the Tracking Free Ad Coalition presented a separate amendment to include online advertising in the list of high-risk systems. All these elements point to a tough and potentially very long negotiation, which will only get to full speed after the summer break.


Don’t miss: German Interior Minister Nancy Faeser has endorsed securing IP addresses in order to target online child sex abuse using the so-called “quick freeze” method. Germany has previously – and controversially – pushed for general data retention as a means to combat online crime but a 2017 ruling by the EU Court of Justice put these plans on hold with a final ruling still pending. The new proposal, however, would mean internet providers would only be required to store individuals’ data for a limited period if there was suspicion that they had been involved in criminal activity. While the expansion of resources on which law enforcement could draw in this area has been welcomed by some, concerns about the data protection implications have also been raised, not just in terms of potential abuse by authorities, but also with regard to the risk of data leaks. Read more. 


Also this week

  • All the European standardisation organisations might be requested to draft the technical standards for the AI Act.
  • EU ministers met in Luxembourg for the last Telecoms Council of the French Presidency.
  • The Climate Neutral Data Centre Pact shows its first cracks as the usual animosity toward the dominance of American players comes to the surface.
  • Germany presented its startup strategy.


Before we start: EURACTIV caught up with the Czech Deputy Prime Minister for Digitisation, Ivan Bartoš, directly from Luxembourg during the Telecoms Council. We discussed the approach of the upcoming Czech Presidency to the open questions of the AI Act and Data Act, two of the main digital files Prague will have to deal with. We also discussed the telecoms’ ‘fair share’ proposal and the never-ending ePrivacy Regulation.

The digital approach of the upcoming Czech Presidency

EURACTIV caught up with the Czech Deputy Prime Minister for Digitisation, Ivan Bartoš, directly from Luxembourg during the Telecoms Council. We discussed the approach of the upcoming Czech Presidency to the open questions of the AI Act and Data Act, two …

Today’s edition is powered by VivaTech

Metaverse, NFT, Cryptocurrencies,.. Web3 is booming!

Unravel the technology of the future at VivaTech, Europe’s biggest startup and tech event, on June 15-18 in Paris!

Get your pass before it’s too late


Artificial Intelligence

Standard procedure. Three European standardisation bodies are to jointly develop the technical standards that will implement the EU AI Act, according to a draft request seen by EURACTIV this week. The request is addressed to the European Committee for Standardisation (CEN), the European Committee for Electrotechnical Standardisation (CENELEC) and the European Telecommunications Standards Institute (ETSI). The approach normally involves all the standardisation bodies that are already involved in the sector of the request. On AI, the work of CEN and CENELEC is already structured around the CEN-CLC/JTC 21, which works in parallel to ISO/IEC JTC 1, making them a natural choice. Less clear is why the Commission is sending a request to ETSI, given the position expressed by commissioner Breton when presenting the standardisation strategy, and the general perception in the EU executive that Huawei has too much influence in ETSI. In spite of the request, the Commission might decide to exclude ETSI at a later stage. Read more.

Member states’ concerns. At the Telecoms Council on Friday, the national governments made their list of grievances regarding the AI Act. Belgium, Finland, Malta, and Denmark raised the issue of the definition, which should be made clearer, more flexible and potentially narrower. The Netherlands, Finland and Denmark stressed that the high-risk categories are too broad and should be proportionate. Innovation and impact on SMEs are top concerns for the Dutch, Belgian, Spanish, and Maltese governments. Other issues raised were the governance structure, the relation with other EU legislation and in particular the GDPR, and the proportionality of the fines.

Football facial recognition. Last weekend’s Champions League clashes in France have reignited a debate about the use of facial recognition in the country. France’s data protection authority, CNIL, currently bans the use of the technology in public spaces for the purpose of processing biometric data and past attempts by football clubs to deploy it has drawn censure from the watchdog. However, following the chaos on Saturday, the mayor of Nice has called for the prohibition to be lifted. Read more.

Age tech approved. The German Commission for Protection of Minors in the Media has given its approval to three different AI systems to be used for ensuring that young people are not exposed to harmful content. The body, which oversees safeguards for minors on national TV and the internet, endorsed the use of software including “facial age estimation”, “age verification” and “Yoti” digital ID technology, but also requires certain safeguards such as a five-year “buffer” period, meaning that people must be identified by the software as being at least age 23 in order to access 18+ content. Read more.


Czech state aid. The European Commission has launched an investigation into plans by Czechia to provide public support for Digital Terrestrial Television (DTT) operators to determine whether they are in accordance with EU state aid rules. The probe was prompted by complaints in 2016 and 2018 over the alleged incompatibility of the country’s approach and last year the Czech government informed the EU of its intention to compensate DTT operators in relation to two periods of simultaneous broadcasting (or “simulcasting”) between 2017 and 2020. Following a preliminary investigation, the Commission has now opened an in-depth investigation to explore questions such as whether the compensation brings additional material improvement to the market and contains sufficient safeguards.


Platforms’ accountability. Germany’s top court ruled on Thursday (2 June) that online video sharing platforms such as YouTube could be liable for content uploads that infringe copyrights if they fail to act immediately after learning of such uploads. The court’s judgment follows guidance from the Court of Justice of the European Union (CJEU). While the CJEU determined that online services should not generally be held directly liable for illegal uploads, there were some exceptions for accountability. The German court now sent the cases back to the lower courts. Read more.


Gearing up. Microsoft announced on Tuesday the launch of a “Cybersecurity Skills Plan” to address the shortage of professionals in France. The company has created an educational kit for high school students to raise awareness, has forged additional partnerships with engineering schools, developed training for people already in work and plans to open a school to train job seekers. “With this nationwide training plan, our ambition is to train 10,000 new cybersecurity professionals by 2025,” said the president of Microsoft France, Corine de Bilbao. Microsoft is basing its plan on two studies: a study which reports that 15,000 positions are available on French soil but are not filled, and a survey which reveals that 70% of French companies plan to increase their spending on security.

Data & privacy

Lacking ambition. Dissent is brewing within the self-regulatory coalition of data centre operators and trade associations formed last year with the aim of making the industry climate neutral by the end of the decade. The Climate Neutral Data Centre Pact (CNDCP) aims to establish targets and metrics to make the sector climate-neutral and last week published its first target on water usage effectiveness. Some signatories, however, are now raising concerns that the proposal is “unambitious” and two of them told EURACTIV, on condition of anonymity, that they were unhappy with the level of transparency surrounding and sheer usefulness of the data behind the decision. Read more.

Speak out now. Only three member states took the floor to comment on the Data Act during Friday’s Telecoms Council, raising fairly different points. The Netherlands stressed that the B2G access provisions in case of public emergencies are too broad, called for legal clarity on the use of multiple vendors simultaneously, highlighted the need for interoperability of IoT data and urged the upcoming Czech Presidency to keep in mind the EDPB opinion. The Finnish government called for harmonised rules for data access across the EU, stronger data users’ rights and a balance between access and fair competition. The Italian Minister Vittorio Colao made the case for the definition to be made clearer to avoid opportunistic behaviour and possible legal disputes, stronger safeguards for IP rights and broader exceptions for public interests and national security reasons.

Join the queue. The Dutch security services have become the latest European authority to be accused of using Pegasus software to access the devices of targets. According to Dutch broadcaster Volkstkrant, the tech was deployed against Ridouan Taghi, suspected of having ordered a number of assassinations. The use of the spyware has come under heavy scrutiny since an investigation last year revealed that it had been purchased and utilised by a number of governments to spy on figures including politicians, journalists, lawyers and activists. The Spanish government has recently come under fire for allegedly using the tech to target the phones of people in the pro-Catalan independence movement and in April, the European Parliament launched a formal inquiry into the use of spyware in the EU. Read more.

Digital Services Act

Stalling games. Nothing has moved on the finalisation of the DSA text for the past two weeks. The fine-tuned text was met with hostility by the shadows in the European Parliament, who had been excluded by the rapporteur from contributing to the process. The opposition is particularly vocal from the Renew and Green groups, who contest the new version of recital 28. For the MEPs, the measure pushed by France, Italy, and Spain would introduce a stay-down mechanism for copyright infringements, going against the principle that bans general monitoring. Another recital on gambling websites wanted by Malta is also hard to digest for the MEPs, who expect the French Presidency to come back with a counter-proposal or initiate an interinstitutional fight.

No news is bad news? However, the fact that nothing has moved prompts suspicions that France might just wait for its EU Presidency to be over to abandon the role of the honest broker and push even harder on this. In fact, Paris might not even need to do that, as by setting up the text approval in COREPER, the French would put the Parliament before a ‘take it or leave it’ scenario. “MEPs have the false perception that they have cards to play in their hands, whereas they don’t,” an EU diplomat told EURACTIV. If that is the case, expect an official institutional reaction from the Parliament.


Food security narratives The EU is set to launch an initiative to tackle Russian narratives that place responsibility for disruption to global supplies of grain and fertiliser at the feet of Western sanctions, EURACTIV learnt this week. Due to the war, Ukraine has been unable to export its harvests via the Black Sea, jeopardising supplies to Africa and the Middle East in particular. While Russian President Vladimir Putin has blamed Western sanctions for the chaos, the EU this week sought to counter this and appealed to global leaders not to accept the Kremlin’s narrative. The EU and African Union have also agreed on a united approach to messaging around food security, which grounds responsibility with Putin. Read more.

Last report. The final instalment of the Commission’s COVID-19 disinformation reports was published this week, closing up a programme that has, for nearly two years now, tracked major tech players’ efforts to combat the pandemic-related disinformation being spread on their platforms. Multiple companies reported decreases in information being flagged as COVID or medical misinformation, along with declines in the numbers of visitors to the specialised pandemic information sites and a number of platforms established. The lessons learned from the programme, the Commission says, will feed into the establishment of a “more robust reporting framework” for the Code of Practice on Disinformation, a strengthened version of which is expected to be signed by signatories later this month.


Addressing the deadlock. eIDs was another key topic for telecom ministers on Friday. A recurrent theme in the debate was the need to ensure the cross-border interoperability of the digital wallet, with the Netherlands questioning whether the unique identifier proposed by the Commission is the best solution. The Hague and Warsaw stressed that the system should not be mandatory, as public institutions should continue to offer an alternative. The Danish and Austrian governments highlighted that the legislation should leave them enough flexibility to decide on the best technological solution and be compatible with existing infrastructure. Italy raised the point that browsers should be made compatible with the wallet.

Why we need this. The Commission put forward arguments why the European Digital Identity Wallet (EUDI) and the Once-Only Technical System (OOTS) are not identical after the Council expressed concern about overlaps and therefore potential redundancy, as a leak of two documents dated February and published by Contexte shows. The Commission argues that the wallet allows users to interact with private organisations, unlike the OOTS, and that the OOTS, unlike the wallet, is based on a data space between public administrations. The Commission also stated that regular alignment meetings should take place “to take stock on the advancement of reaping the synergies between the two systems”.

Industrial strategy

German Startup Strategy. The German Ministry of Economics and Climate Protection (BMWK) presented its draft startup strategy on Friday. Among its “very important measures” are the European Tech Champions Initiative and the DeepTech and Climate Fonds, showing the new German government’s determination to step on the gas regarding digitalisation. The strategy provides for regular monitoring as the ministries will swiftly implement the measures in their respective areas of responsibility and report on them to the BMWK.


More war victims. French journalist Frédéric Leclerc-Imhoff was killed in Ukraine this week during a trip to the country by France’s new Europe and Foreign Affairs Minister, Catherine Colonna, who said she was “deeply shocked” by the event and called for an immediate and transparent investigation. Leclerc-Imhoff, who worked for BFMTV, was killed in a shelling attack while covering the evacuation of civilians from cities in the east of Ukraine. At least eight journalists have been killed since the start of the war in February, though some organisations list much higher numbers of fatalities. Read more.

EU funding. The Commission published this week an appeal for funds to monitor and defend media freedom and pluralism. Totalling €4.1 million, the funds will come from the Creative Europe Programme and will be split between addressing structural and immediate issues, with €1 million going to strengthening media councils and developing journalistic standards and the other €3.1 million devoted to continuing the EU’s rapid response mechanism for journalists at risk. The latter programme provides support such as legal aid and safe havens for media workers under threat and has in recent months been used to help Ukrainian journalists forced into exile by the war.


Go vote. The French government has teamed up with Meta to invite young people to vote in the upcoming legislative elections. As with the presidential election, the platform will publicise the dates of the vote, the voting and proxy procedures, and provide some educational material on the powers of parliament and the role of deputies. The aim is to encourage young people to go to the polls on 12 and 19 June, as only 59% of 18-25-year olds voted for the president last April, according to an Ipsos survey. The government has also teamed up with the car-sharing website Blablacar and Airbnb, informing users who book a journey or accommodation on these weekends of the proxy arrangements.

Sandberg steps down. Facebook COO Sheryl Sandberg announced on Wednesday that this autumn she will leave the role she has held at the helm of the company for the past 14 years, causing an initial dive in Meta shares. Sandberg’s tenure at the company has seen some challenges, including the Cambridge Analytica scandal and the leak of documents by Whistleblower Frances Haugen last year. Sandberg will remain on the Meta board and the COO title is expected to be taken by Javier Olivan, currently Meta’s chief growth officer, though the role itself will reportedly undergo some changes.

Inflation remedies. An increasing number of people are turning to Airbnb to offset the cost of living crisis, a new survey has found. Over 40% of the 36,000 EU hosts canvassed last year say that the income earned from opening their doors to guests has helped them cope with rising prices. According to the survey’s findings, more than one-third of hosts said the additional income was helping them to make ends meet, and guests are increasingly using the service to seek more affordable options for family travel.

Research & Innovation

Skewed metrics. A new UK visa scheme risk has been branded as discriminatory due to its use of controversial ranking metrics which could see universities from many regions of the world all but excluded. The new “high potential individual” programme will provide visas for graduates from 50 top-ranked global universities to work in the UK, using three league tables to determine which institutions will make the cut. Criticised as having too heavy a focus on research performance to the detriment of other markers of success, these rankings are dominated by US universities, which account for 37 out of the top 50. The list of eligible institutions includes just three from the EU and none from Africa, South America or South Asia, meaning that talented scholars from many regions of the world will be unable to access the scheme.


Who defines the timeline? The Commission’s digital chief Margrethe Vestager intervened in the ‘fair share’ debate at the Globsec 2022 Bratislava Forum on Thursday to say that the EU executive is ‘far away’ from finalising its proposal to make platforms contribute to network costs. The statement seems intended to slow down the pressure from commissioner Breton, who announced a measure before the end of the year. Vestager’s reasoning is that the Commission is still assessing the issue, the scope of the proposal and how the financial burden might be redistributed. Similarly, the EU’s director for connectivity, Rita Wezenbeek, also pulled the brakes at a recent event saying that the Commission needs more market information.

Growing internet use. Internet penetration in Croatia is at a high 82%, with more than 71% of the country’s 4 million population, or around 2.9 million people, active on social media networks, according to figures by DataReportal, carried by Poslovni FM. The figure of 3.34 million internet users in the newest EU member is 1.9% higher than in 2021, it added.

Transatlantic ties

Algorithmic Amplification. Media literacy initiatives, clearer information for users, and “circuit breakers” or time delays to stop the spread of harmful content were just some of the potential voluntary measures proposed by a Trade and Technology Council (TTC) working group to combat the harm of algorithmic amplification. The TTC, which brings together US and EU officials, held its second meeting in May, a gathering dominated by a discussion of Russia’s war in Ukraine. An Input Paper for a workshop by one of the Council’s Working Groups in March this year details the identified impacts of online algorithmic amplification, the responses of platforms and further potential measures that could be taken.

IMCO’s Californian trip. MEPs from the IMCO committee visited Silicon Valley last week with the aim of better understanding the latest developments in the US digital market, particularly with regard to areas including AI, e-commerce and consumer protection. The delegation met with officials from a number of leading tech companies including Meta, Google, Apple, Uber, Airbnb and PayPal, as well as with academics and local authorities. Amongst the topics discussed at the meetings were the impact of the DSA and DMA on tech giants and American SMEs’ views of EU legislation. According to a source informed on the matter, the most interesting discussions were held with the smaller companies, as the CEOs of Big Tech were all in Davos that week for the World Economic Forum.


What else we’re reading this week:

‘End of an era’: Sheryl Sandberg leaves behind powerful – if complicated – legacy (The Guardian)

‘Everything is gone’: Russian business hit hard by tech sanctions (FT)

IBM’s policy lead: The Chips Act is no sure thing (Protocol)

Original Source link

Leave a Reply

Your email address will not be published.

eighty two − 76 =