Table of Contents
This is your big-picture overview of what is happening in Brussels, what people are talking about, what the EU institutions are working on, and what issues are drawing the EU’s focus.
These are the latest developments on the files being followed by i2Coalition to keep track of any relevant developments in the policy areas of interest.
Here you’ll find insights and previews of what may happen during the next mandate in terms of trends, legislative proposals, and initiatives.
General update
“Security, Europe!” Polish presidency officially takes over
On January 1st, Poland took over the Presidency of the Council of the European Union. During the official inauguration ceremony in Warsaw on 3 January, Poland’s Prime Minister, Donald Tusk, expressed optimism about the country’s Presidency, emphasising Poland’s commitment to guiding Europeans with “courage and reason” during this term.
The Presidency’s motto “Security, Europe!” reflects Poland’s focus on various security aspects, including military, defense and cybersecurity. In that vein, the Presidency committed to strengthening the EU’s digital resilience.
Additionally, a leaked presentation from the Polish Presidency’s Telecom Working Party highlights key priorities in telecommunications and information security. These include harmonized implementation, AI governance, and enhanced collaboration between the EU and international partners. Internally, Poland aims to put forth Council Conclusions on reliable and resilient connectivity as well as to advance on topics such as data, cloud and roaming. Furthermore, two Transport, Telecommunications and Energy (TTE) Council meetings will take place, one on 4-5 March focusing solely on cybersecurity and a second one on 6 June. Externally, priorities include engagement in UN processes like the Global Digital Compact, WSIS+20 and Internet Governance.
When it comes to internal political dynamics, Polish President Andrzej Duda was absent from the ceremony, highlighting ongoing political tensions between the government and the opposition-nominated President. Adding a layer of domestic political complexity, the Presidency coincides with Poland’s upcoming presidential elections which could have an impact on the country’s Presidency.
Overall, now that the turmoil following the EU elections is practically over, the Polish Presidency will work on numerous legislative and non-legislative files.
Speaking of which, you will notice the EU Elections section is absent from this month’s monitoring. The December 2024 edition was the last report to feature it. By now, you should be an EU elections expert as you have followed very closely this tremendously important and challenging period. Until next time!
Policy update
CSAM Regulation
📜 Regulation (EU implementation) 🕐 Ongoing legislative procedure 🔗 Commission proposal
What is it? The CSAM regulation is a highly controversial piece of legislation that introduces harmonized rules for service providers to detect, report and remove child sexual abuse material on their services. Platforms and providers are concerned that the regulation could undermine end-to-end encryption and human rights. The regulation will also create an EU reporting center, which may conflict with existing US mechanisms.
Status: The controversial text reached a stalemate and has not been adopted during the previous mandate. However, the European Commission published an extension of derogation on e-privacy that will allow companies to continue the voluntary scanning until April 2026.
What to expect under the Polish Presidency:
After yet another failed attempt by the Hungarians to reach a partial compromise in December 2024, the Polish Presidency has inherited a file that promises to continue giving headaches to EU lawmakers. Poland, aware of the difficulty of easing EU interior ministers’ concerns of how the bill could amount to mass surveillance, will not give priority to the file: in the tentative calendar of the Presidency, the CSA Regulation is marked for a possible “progress report” during the Justice and Home Affairs Council of June 13. In comparison, the Polish are aiming at closing the trilogues on the related Directive and intend to focus on age verification and assurance, as well as on the impact of social media on youth.
GDPR Harmonization Regulation
📜 Regulation (EU implementation) 🕐 Ongoing legislative procedure 🔗 Commission proposal
What is it? This Regulation will set up concrete procedural rules for the authorities when applying the GDPR in cases which affect individuals located in more than one Member State. It will also aim at reducing disagreements and facilitating consensus among authorities, clarifying procedural deadlines for investigations and due process rights when a DPA investigates a potential breach of the GDPR. It comes in the context of the upcoming GDPR revision.
Status: The Regulation was proposed in July 2023, and it is currently under discussion by the co-legislators.
Trilogues have begun, what to expect next then?
- As anticipated, no agreement was reached under the Hungarian Presidency of the Council. Indeed, the European Parliament pushed to reach an inter-institutional agreement under the Polish Presidency.
- Several technical meetings and trilogues were held in December. The next technical meeting is expected on 13 January. Although no date has been officially confirmed, the next trilogue will be held early in February.
Cloud Cybersecurity Certification Scheme (EUCS)
📜 Non-legislative (technical scheme) 🕐 Ongoing procedure 🔗 Early draft by ENISA
What is it? This certification scheme aims to create Europe-wide standards for cloud security for cloud providers and services. It is not yet mandatory, but there are signs that it could gradually become so, especially for more sensitive uses (e.g., cloud services for healthcare purposes). From a purely technical draft, the EUCS has become increasingly political, with some member states pushing for the inclusion of a sovereignty clause.
Status: This procedure is advanced, but the Commission is hoping to conclude it within the mandate.
Waiting for the upcoming meeting’s date:
- The ECCG has set out to meet in January to resume discussions on the EUCS.
- The last meeting – the 22nd – took place on June 18, 2024. The latest version of the EUCS, dated last April, makes no provision for a fourth security level and is therefore devoid of the binding sovereignty criteria desired by France.
- The European Commission has yet to confirm the date of the upcoming meeting expected to take place in January, or when it will publish its very-much-awaited guidelines.
Network fees
📜 Unknown 🕐 Upcoming legislative or non-legislative act
What is it? Following strong telco-lobbying, the European Commission is considering adopting a legislative act that would somehow push large content providers (e.g., Netflix, YouTube) as well as potentially other actors (e.g., Cloud and CDN providers) that make up a large percentage of the traffic on the Internet, to contribute to the development of network infrastructure.
Status: There are still many unknowns as to whether or not the Commission will introduce network fees in a Digital Networks Act or other proposals.
Reactions to the Telecom Council Conclusions and kick start of the studies for the DNA:
- In a Joint Statement published on 12 December, a diverse group of stakeholders (including CCIA, Internet Society, MVNO Europe, Epicenter.Works, and the Digital Poland Association “Cyfrowa Polska”) called on Executive Vice-President Henna Virkkunen to adopt an evidence-based approach in crafting the Digital Networks Act (DNA). The statement highlights the Telecom Council Conclusions on the White Paper, urging consideration of BEREC’s reservations and stakeholder concerns regarding the White Paper on the Future of Connectivity and the Draghi Report.
- In parallel, the European Commission entrusted consultancies EY and WIK to conduct preparatory studies for the Digital Networks Act. The assignation has been confirmed by Pierre Hausemer (EY Consulting Partner for the EU Institutions):
- Study 1: Completing the Digital Single Market – Regulatory Enablers for Cross-Border Networks (led by EY);
- Study 2: Review of Access Regulation under the EECC and Future Access Policy in a Full Fibre Environment (led by WIK);
- Study 3: Financial Conditions, Demand, and Investment Needs of the Electronic Communications Sector (led by WIK).
- Consultancies in charge will involve stakeholders through dedicated workshops and interviews to be held in Q1 2025. Institutional stakeholders including BEREC, RSPG Group and National Regulatory Authorities will also be involved. The final deliverables are expected during 2025, likely by June.
Future trends
Happy New Year 2025!
And… welcome to 2025! New year, new EU. Indeed, 2025 finally offers a clear enough picture of what the institutions will look like for the next five years, following the EU elections back in June 2024. It took 6 months and now the turmoil is over. Or is it? Let’s delve into what we can expect for the new year.
On the Council’s side, as you read above, cards have been reshuffled on January 1st as the Polish took over the Presidency of the Council of the European Union. The outgoing Hungarian Presidency was rich in debates notably regarding Telecoms and children protection. Now, we’re expecting Internet Governance, AI, cloud and cybersecurity to take the center stage. Stay tuned!
On the Commission’s side, we’re still eagerly waiting for the Work Programme to be published. It is expected by 11 February, although some rumours in Brussels say it might be late. The Commission’s 2025 Work Programme will be a very important piece as it will help us navigate the upcoming legislative year with some additional clarity.
Finally, on the European Parliament’s side, we’re expecting an own-initiative report (INI) on Tech Sovereignty. As a reminder, own-initiative procedure allows the European Parliament, in the areas where the treaties give it the right of initiative, to draw up a report on a subject within its remit and present a motion for a resolution. The INI report is then presented to the European Commission which then has to assess whether or not it will subsequently publish a proposal based on the Parliament’s report. It therefore has no binding impact per se. Now, the Parliament’s industry committee (ITRE) is moving ahead with a report on tech sovereignty, and more specifically what that concept (a key element of tech czar Henna Virkkunen’s portfolio) should look like. The far-right Group Europe of Sovereign Nations (ESN) will lead on the report. The report, officially called “European technological sovereignty on digital infrastructure”, will aim to shape the task ahead for the new tech and security chief Henna Virkkunen. Finally, it will look into identifying technologies where Europe is over-reliant on other regions and developing a response. It could include cloud services and artificial intelligence where U.S. firms dominate.
Overall, this year promises to be packed as all three institutions have digital policies on their radar. Stay tuned!
