The View from Brussels #253

Highlights from the Past Week

CW 19 / Monday, 8 to Thursday, 11 May: Plenary Sessions Week (Strasbourg);

CSAM I – COUNCIL LEGAL SERVICE DEEMS THE REGULATION PROPOSAL TO BE UNLAWFUL: The legal service of the EU Council of Ministers has expressed serious reservations about the legality of the planned proposal to fight child sexual abuse material (CSAM). As stated in the Opinion, the EU Commission’s proposal represents a serious restriction of the rights to privacy and data protection. The EU Commission’s technology-neutral proposal is seen to leave too much room for interpretation. This would conflict with rulings of the European Court of Justice, which requires surveillance standards to be targeted and clearly formulated. (see Euractiv and Netzpolitik – DE)

CSAM II – DACH JUSTICE MINISTERS INTERVENE: Meanwhile, the justice ministers from Germany, Austria, Luxembourg, Liechtenstein and Switzerland have joined forces to demand that the findings of the legal service of the Council and the European Parliament Research Service should be discussed by the Council and incorporated into the assessment of the proposal before a general approach is pursued on the proposed regulation. (see Netzpolitik – DE)

CSAM III – FOLLOWING ON FROM PARLIAMENT AND COUNCIL, COMMISSION WITH LEGAL EXPERTS: After the EU Council’s legal opinion about the CSAM proposal, another legal opinion is now expected to be added, this time from the European Commission’s legal service – before the file goes to the Permanent Representatives Committee (COREPER) on 17 May. The Council Presidency aims for a partial general approach, but many controversial issues, such as detection orders, are still wide open. (see Euractiv)

ARTIFICIAL INTELLIGENCE – COMMITTEES APPROVE REPORT: MEPs endorsed the AI Act report in the leading committees with a vast majority, paving the way for a vote in plenary in mid-June. All previously negotiated compromise amendments (PDF) were adopted. The split vote on the biometric recognition systems, the only one tabled upon the insistence of the centre-right EPP, was not even close, with 58 votes to maintain the full ban, and only 10 abstentions. (see EP press release, Euractiv)

CYBERSECURITY I – EXPERTS CALL FOR FUTURE DEBATE ON ENCRYPTION AND SCANNING: A group of experts are asking European Parliament members and EU countries to listen to their expertise on encryption and artificial intelligence and tweak the draft EU law on child sexual abuse online.

In an open letter sent last week, 30 cybersecurity and legal academics and researchers said they had “serious concerns” that the Commission’s proposal to fight the illegal content was based on flawed evidence and risked jeopardising the safety of the Internet.

The European Commission’s earlier results from consulting experts “are at odds with computer science and current research findings with regard to the impact of the draft Regulation on end-to-end encryption, and with regard to the effectiveness, efficiency, and indeed the very feasibility of the technologies proposed”, the group of 30 wrote. (see Politico Pro, paywall)

The European Commission countered the criticism, reiterating that its proposal “in no way discourages or prevents the use of end-to-end encryption”. “The focus should be on quickly finding the most effective solutions,” the Commission spokesperson went on to say. “We cannot afford to lose a second.”

In responding to the researchers’ assessment that the EU executive was basing its law on flawed evidence that was “at odds with informatics and current research”, the Commission said it “does not comment on comments”. (see Politico Pro, paywall)

CYBERSECURITY II – CLOUD CERTIFICATION SCHEME BACK ON THE TABLE: A draft of the controversial EU Certification Scheme for Cloud Services has been presented to members of the European Cybersecurity Certification Group ahead of its meeting on 26 May. The draft puts most of the much-discussed sovereignty requirements at a new security level (high+). The only European companies that can qualify for this category are those that are not controlled by foreign companies. As far as data localisation is concerned, the ‘high+’ level requires that all data processing takes place in Europe, while the ‘high’ level would have to at least propose this as an option. Measures aimed at keeping EU data out of foreign jurisdictions and requiring internal controls of employees and suppliers apply equally to both ‘high+’ and ‘high’ levels. (see Euractiv or Reuters)

CYBERSECURITY III – EUROPEAN CYBERSECURITY COMPETENCE CENTRE OPENS ITS DOORS IN BUCHAREST: Last week, the European Cybersecurity Competence Centre launched its new headquarters in Bucharest, Romania, located on the campus of the Polytechnic University. The Centre aims to support innovation and industrial policy in the field of cybersecurity and to develop and coordinate EU cybersecurity projects. (see COMM press release)

DATA PROTECTION – PARLIAMENT REJECTS TRANSATLANTIC DATA PRIVACY FRAMEWORK (TADPF): In a resolution adopted on Thursday, MEPs argue that the United States should not be granted an adequacy decision deeming its level of personal data protection essentially equivalent to that of the EU and allowing for transfers of personal data between the EU and the US.

According to the text, the EU-US Data Privacy Framework is an improvement on previous frameworks, but does not provide for sufficient safeguards. MEPs note that the framework still allows for bulk collection of personal data in certain cases, does not make bulk data collection subject to independent prior authorisation, and does not provide for clear rules on data retention.

MEPs note that the Data Privacy Framework creates a Data Protection Review Court (DPRC), aimed at providing redress to EU data subjects, but its decisions would be secret, violating citizens’ right to access and rectify data about them. Moreover, DPRC judges could be dismissed by the US President, who could also overrule its decisions, so the Review Court is not truly independent, say MEPs. (see EP press release)

DATA ACT – COUNCIL SEEKS EXTENDED NEGOTIATING MANDATE: The Swedish Council Presidency wants to learn how far the 27 Member States are willing to diverge from the negotiating mandate in order to find a compromise with the Parliament on the Data Act. In the 4-column document of 2 May (PDF), which gives an overview of the different positions and first agreements, it talks about possible sidesteps from Chapter V on the mandatory transfer of private data to public authorities. This issue will be the focus of the second trilogue, which is scheduled to take place on 23 May. (see Contexte, paywall, FR)

EIDAS – COUNCIL PRESIDENCY TESTS ROOM FOR MANOEUVRE FOR EID NEGOTIATIONS: Stockholm intends to reach an agreement with the European Parliament on the European Framework for Digital Identity. This is according to the 4-column document of 5 May (PDF), which sets out the state of play of the inter-institutional negotiations.

It calls on Member States to be open to the Parliament on the topic of obligations for user parties and on the topic of governance, two chapters where co-legislators’ positions diverge. At the meeting of deputy ambassadors on 17 May, the Presidency intends to request a revised negotiating mandate for the second trilogue on this file on 23 May. (see Contexte, paywall, FR)

MEDIA I – PARLIAMENT APPROVES REPORT ON THE IMPLEMENTATION OF THE AVMS DIRECTIVE: The European Parliament adopted a report last week on the implementation of the Audiovisual Media Services Directive (AVMSD), which included criticism on the belated transposition from certain EU countries.

The deadline for the transposition of the Directive was in September 2020, although progress is lagging behind in some countries. In May 2022, the Commission accordingly referred five Member States – Czechia, Ireland, Romania, Slovakia and Spain – to the ECJ.

The report also looks at the definition of European audiovisual works, obligations on online platforms, protection of minors and the impact of artificial intelligence, amongst other topics. (see Euractiv)

MEDIA II – MEDIA FREEDOM ACT WITH OVER 1,200 AMENDMENTS: On 5 May, the deadline for amendments to the European Media Freedom Act (EMFA) expired in the Culture Committee of the European Parliament. By then, more than 1,200 amendments (PDF) had been tabled by MEPs in the Culture Committee. The rapporteur, Sabine Verheyen (EPP, DE), published her draft report (PDF, 117 amendments) on 20 April. A vote is currently scheduled for 7 September in the committee and for October in the plenary.

In the meantime, the Swedish Presidency is aiming to obtain a COREPER mandate next month. (see Politico Pro, paywall)

CHIPS ACT I – COREPER CONFIRMS NEGOTIATION RESULT: The EU Deputy Ambassadors have endorsed the trilogue result reached on 18 April on the EU Chips Act (see Twitter). There are still some formal steps to be taken before the Act enters into force in the summer. The vote in the Industry Committee is scheduled for 22 May.

The Chips Act aims to raise 43 billion Euro by the end of the decade, mainly from national subsidies. The new regulation also aims to improve monitoring of the market and anticipate any problems in the supply chain. On Wednesday, the Commission launched a new pilot system where the industry can report on any malfunction.

CHIPS ACT II – COMMISSION LAUNCHES PILOT SYSTEM TO MONITOR SEMICONDUCT SUPPLY CHAIN: Last Wednesday, the Commission launched the Semiconductor Alert System, a new pilot system to monitor the semiconductor supply chain.

The pilot allows stakeholders to raise awareness on any critical disruption along the semiconductors’ value chain and helps the Commission to gather information needed to establish a precise assessment of risks and to quickly react to any potential crisis situation via the European Semiconductor Expert Group.

The Semiconductor Alert System will be included under the third pillar of the European Chips Act, which aims to strengthen the preparedness and monitoring of the European semiconductor field in close collaboration with all stakeholders. (see COMM press release)

DIGITAL EUROPE – COMMISSION CALLS FOR €122 MILLION: The Commission last week opened the first set of calls for proposals under the 2023-2024 Mayn Work Programme of the Digital Europe Programme to strengthen digital technologies and competences across the EU.

The calls for proposals, worth over €122 million, are open to businesses, public administrations and other entities from EU Member States, EFTA/EEA countries, and associated countries. (see COMM press release)

DIGITAL ASSEMBLY – SWEDISH COUNCIL PRESIDENCY INVITES TECH BUBBLE TO STOCKHOLM: In accordance with the regular June scenario, the current Council Presidency, alongside DG Connect, invites the Brussels EU tech bubble to the Digital Assembly. This time, the event will take place from 15-16 June at Scandinavian XPO Arlanda near Stockholm. More information and registration options can be found on the associated webpage.

FRANCE – SOLO BREAKAWAY FOR FRENCH CLOUDS: Paris last week unveiled an act paving the way for the Digital Services Act, the Digital Markets Act and the Data Governance Act in French law. With the far-reaching technology act, France aims to help its domestic cloud champions compete against US giants Amazon, Google and Microsoft, with this to be achieved through the introduction of its own national regulatory requirements. It also anticipates regulations from the Data Act, which is still under negotiation.

The act contains numerous regulations on topics such as cybersecurity, foreign propaganda, online child protection and cyberbullying. The platform and audiovisual regulator, Arcom, is to be given more blocking powers under the new act: Without a judge, the regulator will be able to block porn websites that do not comply with age verification obligations; it will also be able to block media that are under international sanctions, such as Sputnik and RT.

Other measures include a so-called anti-fraud filter, a temporary ban on social media for users convicted of cyberbullying, a short-term rental database to help local authorities regulate more efficiently, and a requirement for hosting providers to remove flagged child sexual abuse material within 24 hours.

The text is due to go to the senate in early July, meaning it will not be finalised in the French Parliament until after the summer recess at the earliest. (see Politico Pro, paywall)

Relevant Publications, including from the EP Think Tank:

• EU cyber-resilience act (Briefing)
• Plenary round-up – May I 2023 (At a Glance)

A Selection of the EU Commission’s Consultations

• Digital Services Act – conducting independent audits – Feedback on the delegated regulation: 5 May to 2 June 2023
• Delegated Regulation on data access provided for in the Digital Services Act – Feedback period: 25 April 2023 to 23 May 2023
• Cyber Solidarity Act – Feedback on the regulation: 20 April 2023 to 7 July 2023 (extended)
• Net Zero Industry Act – Feedback on the regulation: 20 March to 27 June 2023
• European Critical Raw Materials Act – Feedback on the regulation: 20 March 2023 to 30 June 2023
• High-speed broadband services in the EU – Review of the rules – Feedback on the regulation: 27 February to 16 May 2023
• The future of the electronic communications sector and its infrastructure – Consultation: 23 February to 19 May 2023

Outlook for the Current Week

You can find a list of the upcoming dates of the European Parliament here. The meeting calendar for 2023 is available here (PDF).

An overview of the most important dates of the Council week can be found here and the meeting calendar can be accessed here.

The official calendar as well as the programme of the Swedish Presidency can be found on the associated website.

Included among the Council dates are:

Summits and Ministerial Meetings:

• Education, Youth, Culture and Sport Council (incl. EMFA Progress Report), Monday, 15 and Tuesday, 16 May – Agenda, A Items, Background Brief;
• Economic and Financial Affairs Council, Tuesday, 16 May – Agenda, A Items;

Preparatory Bodies:

• Working Party on Competitiveness and Growth (Industry) ( Net Zero), Monday, 15 May (Agenda);
• Working Party on Tax Questions (Indirect Taxation) ( VAT in Digital Age), Monday, 15 May (Agenda);
• Working Party on Telecommunications and Information Society, Tuesday, 16 May (Agenda);
• Working Party on Competitiveness and Growth (Internal Market) (incl. SMEI), Wednesday, 17 May (Agenda);
• Horizontal Working Party on Cyber Issues, Tuesday, 17 May;
• COREPER I ( RED, GIA, CRA, eIDAS, Data Act), Wednesday, 17 May (Agenda);
• COREPER II, Monday, 15 to Wednesday, 17 May (Agenda);

Information about the weekly Commission meeting can be found on the website of the Commission in the preview (PDF) or (at short notice) in the current agenda. The non-legislative proposal on the metaverse has been postponed to 21 June.

The following topics are on the agenda for the coming week:

• Measures to reduce the release of microplastics in the environment (tbc)
• Customs reform
• A new agenda for Latin America and the Caribbean

The judicial calendar of the ECJ can be found here. The oral hearing in the La Quadrature du Net case on the question of identity data belonging to traffic or location data (C-470/21) is scheduled for Monday and Tuesday.

European Parliament Committees

CW 20 / Monday, 15 to Friday, 19 May: Green Week (no meetings);

LIBE Committee (Civil Liberties)

Current Meetings

• None

Further Meetings (Calendar)

• Monday, 22 May, 14.30-18.00 (Brussels)
• Tuesday, 23 May, 9.00-12.30 and 14.30-18.30 (Brussels)

JURI Committee (Legal Affairs)

Current Meetings

• None

Further Meetings (Calendar)

• Tuesday, 30 May (Brussels)

Dossiers Timetable (24 April 2023)

 

ITRE Committee (Industry)

Current Meetings

• None

Further Meetings (Calendar)

• Monday, 22 May, 15.00-18.30 (Brussels)
• Tuesday, 23 May, 9.00-12.30 and 14.30-18.30 (Brussels)

Dossiers Timetable (PDF) (11 May 2023)

 

IMCO Committee (Internal Market)

Current Meetings

• None

Further Meetings (Calendar)

• Monday, 22 May, 15.00-18.30 (Brussels)
• Tuesday, 23 May, 9.00-12.30 and 14.30-18.30 (Brussels)

Dossiers Timetable (April 2023)

 

CULT Committee (Culture)

Current Meetings

• None

Further Meetings (Calendar)

• Wednesday, 24 May, 9.00-12.30 and 14.30-18.30 (Brussels)
• Thursday, 25 May, 9.00-12.30 (Brussels)

 

PEGA Committee (Pegasus Committee of Inquiry)

Current Meetings

• None

Further Meetings

• Open

INGE2 Committee (Special Committee on Foreign Interference)

Current Meetings

• None

Further Meetings (Calendar)

• Thursday, 25 May 2023, 14.30-18.00 (Brussels)

Further Parliamentary Calendar Dates

• CW 21 / Monday, 22 to Thursday, 25 May: Political Group and Committee Meetings Week (Brussels);
• CW 22 / Tuesday, 30 May to Thursday, 1 June: Mini-Plenary Sessions Week (Brussels);
• CW 23 / Monday, 5 to Thursday, 8 June: Political Group and Committee Meetings Week (Brussels);