05.10.2022

View from Brussels #224 

Highlights from the Past Week

CW 39 / Monday, 26 to Thursday, 29 September: Political Group and Committee Meeting Week (Brussels); 

LIABILITY – EU COMMISSION PRESENTS AI AND PRODUCT LIABILITY DIRECTIVE: The European Commission last week adopted proposals for a Directive on AI Liability (PDF) and for a revised Product Liability Directive (PDF).  

The AI Liability Directive is related to the planned AI Regulation, which is currently being discussed in the Council and the European Parliament. The directive aims to modernise the legal framework for product liability and extend it to issues in the field of AI. In addition to material damage, immaterial damage caused by discrimination, for example, should also be covered. The aim is to make it easier for users to enforce their rights in the event of damage caused by an AI product. The directive also aims to create legal certainty and a level playing field for AI product providers and developers in the EU. 

At the heart of the AI Liability Directive is an obligation on manufacturers to disclose evidence. Aggrieved parties should have easier access to information necessary to establish a link between the damage caused and a faulty AI application. In addition, the so-called “presumption of causality” removes the difficulty for victims of having to explain in detail how the damage was caused by a particular fault.  

The revised Product Liability Directive modernises and strengthens the existing rules based on the strict liability of producers for compensation of personal injury, damage to property or loss of data caused by unsafe products. The Directive aims to guarantee fair and predictable rules for businesses and for consumers through the following elements: 

  • Modernisation of liability rules for circular business models as well as for products in the digital age 
  • Creating a more level playing field for manufacturers in the EU and non-EU countries 
  • Equality of consumers with producers 

(cf. EU Commission press release) 

EU-US PRIVACY SHIELD – US EXECUTIVE ORDER WAS EXPECTED ON MONDAY: On 25 March, an in-principle conclusion of negotiations on a successor agreement to the EU-US Privacy Shield, which was annulled by the ECJ in 2020, was announced. According to media reports, US President Joe Biden will soon sign an executive order on the “transatlantic data privacy framework” (TADPF). While the signing was originally expected for 3 or 4 October, recent legal disputes, as well as the impact of the hurricane, could lead to a short-term postponement (see Politico Pro, Paywall, EN). 

Following the publication of the Implementing Regulation, the EU Commission is expected to present an Implementing Decision on the adequacy of protection under the new transatlantic data protection framework (Adequacy Decision). 

DIGITAL MARKETS ACT – COMMISSION WORKSHOPS TO PREPARE: Competition Commissioner M. Vestager is concerned about how to gather third-party feedback on remedies proposed by major digital platforms; as efficiently and as early as possible in the process. She said this in a speech at the BEUC Consumer Protection Conference. However, according to media reports, an exact date for these guidelines has not yet been set. 

In the meantime, implementation measures for the DMA have also been announced; for the first quarter of 2023, according to the Commission’s consultation website. According to media reports, however, it could be as early as November. 

Until the DMA becomes effective, the Commission still needs to recruit enough enforcement officers. Currently, it is planned that about 80 employees will work on the implementation and enforcement of the regulations. “We need new resources”, Vestager said. “But there are quite a few steps to be taken. Right now, we are crossing our fingers and waiting for higher powers to take decisions.” 

The publication of the DMA in the Official Journal of the EU will now take place on 13 October instead of 26 September. The reason for the delay is said to have been problems with the translation (see Euractiv). 

CYBERSECURITY – CRITICISM OF CLOUD LABEL SPREADS: Denmark, Estonia, Greece and Poland have now sided with Sweden, the Netherlands and Ireland in calling for caution and a “political” debate on the EU draft on cybersecurity for cloud providers. 

The four countries echoed an earlier letter warning that the so-called data sovereignty requirements in the draft cyber-label would have “far-reaching consequences” for “all cloud service providers” and require discussion in the EU Council. Only last week, Germany had expressed doubts about the draft label (see Politico Pro, Paywall). 

DIGITAL EUROPE – EU COMMISSION PUBLISHES NEW CALLS FOR TENDER: The EU Commission wants to invest 200 million euros in digital projects and is asking European companies, public administrations and other institutions for proposals. This is the third round of calls for proposals under the Digital Europe programme. 

Companies and institutions from all EU member states, EFTA/EEA countries and associated states can apply – until 16 November. 

GERMANY – CDU/CSU CONTINUES TO DEMAND DATA RETENTION: In a motion introduced in the German parliament, the Bundestag, last week, the CDU/CSU demanded a “legally secure” storage of IP addresses. “Thousands and thousands of proven offences committed in Germany” could not be solved every year because the necessary IP addresses were missing, according to the rejected application. 

In response to the European Court of Justice’s ruling on German data retention, the CDU/CSU parliamentary group is calling for the storage of IP addresses “for the prosecution of child sexual abuse and child pornography offences” without any reason. 

The parliamentary group wants a “practicable regulation for the storage of port numbers so that digital crime scene traces can be reliably assigned to the originator”. In addition, an “appropriate, high level of data protection and, at the same time, secure and fast retrieval procedures” are to be introduced, “including urgent jurisdiction of the public prosecutor’s office in case of imminent danger”. The Quick Freeze procedure, which the ECJ referred to in its ruling and which is included in the coalition agreement of the SPD, Bündnis90/The Greens and FDP, is considered unsuitable by the CDU/CSU with reference to the “unanimous assessment of the investigating authorities”.  

However, a study by the European Parliament’s Scientific Service in 2020 already showed that data retention does not have to go hand in hand with an increase in the number of investigations (see Euractiv). 

GERMANY – CDU/CSU CALLS FOR MORE ROOM FOR INNOVATION AND COMPETITIVENESS IN EUROPEAN AI LAW: According to the will of the CDU/CSU parliamentary group, the German federal government should inform the Bundestag “sufficiently and regularly” about the status of the negotiations on the AI Regulation in the Council of the EU. The German government should also work to ensure that the AI Regulation creates an environment in Europe that is open to innovation and in which rapid scaling of AI developments is possible, write the MPs in the motion.  

Furthermore, the government should work towards clearly defining “the relationship between individual requirements of the AI Regulation and the content of other EU legislation”, such as the General Data Protection Regulation or the Product Safety Directive in order to prevent legal uncertainties. Existing possibilities of normalisation, standardisation and certification formats should be intensively used within the framework of AI regulation,the MEPs write further. 

The motion was referred to the lead committee on digital affairs for further discussion. (see Bundestag Info, DE) 

GERMANY – BSI PUBLISHES ORIENTATION GUIDE ON IT-SIG: The German Federal Office for Information Security (BSI) has published a new orientation guide on the use of attack detection systems. This provides guidance on the requirements for operators of critical infrastructures and operators of energy plants and energy supply networks as well as auditing bodies. 

Operators are obliged to take appropriate organisational and technical precautions to prevent interference. They are also required to operate their information technology systems, components or processes with integrity, authenticity and confidentiality. The guidance provides information for operators and auditing bodies on how the legal obligation can be implemented and audited individually (see BSI press release, DE). 

GERMANY – IT SAFETY MARK FOR SMART CONSUMER DEVICES: The German Federal Office for Information Security (BSI) now allows applications for the IT security label for a variety of smart devices. Previously, smart devices such as cameras, speakers, cleaning and gardening robots, toys and TV products were eligible to apply for the IT security label, but the product category has now been opened up to most IoT and smart home products under the label “Smart Consumer Products”. 

The new product category of the IT security label is based on the established European security standard ETSI EN 303 645. The standard was co-developed by BSI experts as part of the European standardisation work. It addresses IoT devices that may pose a risk to the information security and privacy of users (see BSI press release, DE). 

Relevant Publications, including from the EP Think Tank: 

Outlook for the Current Week

Here you will find a list of the upcoming dates of the European Parliament and an overview of the agenda for the coming plenary session week. The meeting calendar for 2022 is available here (PDF). Among other things, the final confirmation of the directive on common chargers is scheduled for Tuesday. 

You can find an overview of the most important dates of the week of the Council here or the meeting calendar here. You can access the official calendar of the Czech Presidency here (PDF). 

Among them are: 

Summits and Ministerial Meetings: 

Preparatory Bodies: 

Information about the weekly Commission meeting can be found in the preview (PDF) or (at short notice) in the current agenda.
The following topics are on the agenda for this week: 

  • Youth Action Plan in EU external action 

The judicial calendar of the ECJ can be found here. 

European Parliament Committees

CW 40 / Monday, 3 to Thursday, 6 October: Plenary Session Week (Strasbourg); 

 

LIBE Committee (Civil Liberties) 

Current Meetings 

  • none 

Further Meetings (calendar)

  • Monday, 10 October 2022, 15.00-18.30 (Brussels) 
  • Tuesday, 25 October 2022, 14.30-18.30 (Brussels) 

JURI Committee (Legal) 

Current Meetings 

  • Monday, 3 October 2022, 19.00-21.00 (Strasbourg) 

Extract from the provisional agenda 

The current agenda does not contain any obviously relevant topics for the Internet industry. 

Further Meetings (calendar) 

  • Wednesday, 26 October 2022 
  • Thursday, 27 October 2022 

Dossiers Timetable (19 September 2022) 

ITRE Committee (Industry) 

Current Meetings 

Extract from the provisional agenda 

Tuesday, 4 October 2022, 20.00-21.30 

 

4. Exchange of views with Ms Kadri Simson, Commissioner for Energy, on the state-of-play on the energy markets and recent and forthcoming energy proposals 

 

Further Meetings (calendar) 

  • Thursday, 13 October 2022, 9.00-12.30 (Brussels) 

Dossiers Timetable (27 September 2022) 

IMCO Committee (Single Market) 

Current Meetings 

  • none 

Further Meetings (calendar) 

  • Monday, 10 October 2022, 15.00-18.30 (Brussels) 

Dossiers Timetable (September 2022) 

CULT Committee (Culture) 

Current Meetings 

  • Monday, 3 October 2022, 19.00-21.00 (Strasbourg) 

Extract from the provisional agenda 

 

11. Implementation of the Audiovisual Media Services Directive 

CULT/9/08913 

2022/2038(INI) 

Rapporteur: 
  Petra Kammerevert (S&D)   
Responsible: 
  CULT     
Opinions: 
  IMCO  Marc Angel (S&D)   
  • Exchange of views 

 

Further Meetings (calendar) 

  • Monday, 24 October 2022 (Brussels) 
  • Tuesday, 25 October 2022 (Brussels) 

PEGA Committee (Pegasus Investigation Committee) 

Current Meetings 

  • Thursday, 6 October, 9.00-12.00 (Brussels) 

Extract from the provisional agenda 

 

2.Debate with Members of the European Parliament targeted with spyware 

 

Further Meetings 

  • Thursday, 20 October, 9.00-12.00 (Brussels) 

INGE2 Committee (Special Committee on Foreign Interference) 

Current Meetings 

  • none 

Further Meetings (calendar) 

  • Thursday, 27 October 2022 (Brussels) 

Further Parliamentary Calendar Dates

  • CW 41 / Monday, 10 to Thursday, 13 October: Political Group and Committee Meeting Week (Brussels); 
  • CW 42 / Monday, 17 to Thursday, 20 October: Plenary Session Week (Strasbourg); 
  • CW 43 / Monday, 24 to Thursday, 21 October: Committee Meeting Week (Brussels); 
The View from Brussels 1 October 2018