The View from Brussels #257

Highlights from the Past Week

CW 23 / Monday, 5 to Thursday, 8 June: Political Group and Committee Meetings Week (Brussels);

CSAM I – POLAND SEEKING MORE TARGETED SCANNING OF CHILD SEXUAL ABUSE MESSAGES: Poland wants the draft EU law to combat child sexual abuse material to narrow the scope of scanning messages to only people suspected of the crime and children upon approval of their parents.

“Violating end-to-end encryption, and generally monitoring everyone, everywhere, every time, anywhere is a total violation of people’s privacy”, said Paweł Lewandowski, undersecretary of state at the Chancellery of the Prime Minister.

Poland said EU governments need to continue to working on detection orders that can be applied to all communications, including end-to-end encrypted messages, “only as a measure of last resort, in specific cases and only by court decision”. (see Politico Pro, paywall)

In the latest compromise proposal of 8 June (PDF), Sweden clarifies that the regulation shall not weaken or circumvent end-to-end encryption. At the same time, it proposes to require detection of abuse of minors in audio messages, but excludes “real time” audio communications. The Presidency also revises the risk analysis obligation for online services: as soon as a simple risk is perceived, they must “take all reasonable measures to minimise that risk”. Stockholm also introduces proposed safety aspects services for minors. More broadly, the Presidency is rewriting the mechanism for cross-border removal orders. In certain cases, the authority of the third country can ask the authority of the country where the service is established to issue the order itself, “such as in case of a serious constitutional incompatibility”. The functioning of cross-border delisting orders is described in detail in a new article. This version is on the agenda of the working party on law enforcement agencies on Tuesday 13 June. (see Contexte, paywall, FR)

CSAM II – FIRST COMPROMISE AMENDMENTS IN THE PARLIAMENT: Last week, Rapporteur, J. Zarzalejos (EPP/ESP) circulated the first batch of compromise amendments concerning the scope of the regulation and the definitions (Art. 1 and 2 – PDF), as well as the risk analysis that intermediaries must carry out (Art. 3 – PDF).

In this first draft, which follows the amendments tabled in mid-May, the MEP includes the obligations on search engines and AI systems to delist or disable specific items of child sexual abuse, already introduced by the Council, as well as obligations on providers of online games. The rapporteur also sets principles that the regulation does not interfere with end-to-end encryption of data and does not introduce general monitoring of content. With regard to the risk analysis that intermediaries must carry out, he includes the design of recommender systems.

At their meeting on 7 June, the shadow rapporteurs reached an agreement to exclude audio communications from the scope of the regulation, while the Council is steering towards its inclusion. They also focus the regulation on online messengers and exclude telephone-based messengers. The debate on the level of risk that intermediaries must identify in their analysis remains open, from “arbitrary” in the compromise draft to “serious and systemic” as proposed by the S&D. (see Contexte, paywall, FR or Euractiv)

ARTIFICIAL INTELLIGENCE I – EPP DESTABILISES AGREEMENT: The agreement on the AI Act has fallen apart just a few days before the initiative goes to a plenary vote. At the end of April, the four main political parties had agreed not to table alternative amendments. There was a partial exception for the European People’s Party (EPP), which was granted some flexibility on the issue of remote biometric identification. However, the party is now accused of abusing this flexibility.

Renew, S&D and the Greens accordingly feel legitimised to vote for amendments that were tabled outside of the deal. In particular, this concerns amendments from the Left that would delete concessions made to the centre-right group – such as a full ban on biometric identification systems and the removal of the “extra layer” to classify high-risk AI models.

The ECR also tabled some amendments to water down the high-risk classification of social media’s recommender systems and the transparency requirement for copyrighted data used to train generative AI. By contrast, amendments included in the deal would enlarge the list of prohibited practices to also include behaviour monitoring in publicly accessible spaces, and the use of AI-powered tools to predict the behaviour of migrants or border crossings. (see Euractiv)

A total of 36 additional amendments were tabled before the plenary session. In addition, motions for a split vote can still be tabled until Monday. The provisional voting list can be found here (PDF).

In addition, the EPP shadow rapporteurs working on the AI Act have launched a public consultation on the regulation, coordinated by A. Voss’ office manager, Kai Zenner (see Twitter).

ARTIFICIAL INTELLIGENCE II – DATES FOR TRILOGUES ALREADY SET: Provided that the Parliament actually adopts its negotiating position, the official start of the trilogue talks between the three institutions is to take place immediately after the vote on Wednesday, 14 June.

This will be followed by a first trilogue under the Spanish Presidency on 18 July and a second on 26 September. According to Commissioner T. Breton, the future Spanish Presidency “will try if possible to reach an agreement in October. And, in any case, hopefully before the end of the year”. (see Euractiv)

ARTIFICIAL INTELLIGENCE III – COMMISSION CALLS ON PLATFORMS TO IDENTIFY AI-GENERATED CONTENT: At the fifth meeting of signatories on the Code of Practice on Disinformation last week, Commissioner V. Jourová called on member platforms to “put in place technology to recognise such [AI-generated] content and clearly label this to users”. She also wants signatories that integrate chatbots (such as Bing and Google) to build in necessary safeguards in order to generate disinformation.

At the 5 June meeting, Jourová called for a working party on generative AI to be set up under this forum. The Commission hopes that these obligations will be implemented in the coming months and has high expectations for the next signatories’ report in July. This obligation within the Code of Practice will be superseded from 25 August under the DSA, by the obligation for very large platforms to address the risks they pose to society. (see Contexte, paywall, FR)

CYBERSECURITY – ENISA SEEKS RESEARCH NEEDS IN AI: The European Union Agency for Cybersecurity (ENISA) has released no less than four reports on research needs in the field of artificial intelligence for cybersecurity, security of AI, data protection requirements for AI in electricity grids and medical imaging diagnosis.

While AI can be very beneficial to the industries in which it is used, it can also have quite significant security and privacy implications, particularly in critical sectors such as the electricity grid and medical imaging diagnosis. ENISA outlines how cybersecurity and privacy threats can be exploited in any sector. (see ENISA press release; Politico Pro, paywall)

5G – EU COMMISSION SEES FAILURE IN TRANSPOSING TOOLBOX: The European Commission is finalising its timetable for the publication of its review report on the 5G Security Toolbox.

EU Internal Market Commissioner T. Breton said in a statement that: “Virtually all Member Sates had indeed transposed the principles of the 5G Security Toolbox into national law. But only a minority had actually applied these principles to high-risk vendors. This is a risk for the European Union’s collective security.”

He sees “an urgent need for action to avoid creating major vulnerabilities and dependencies that would be difficult to undo”.

Member Sates are critical of regulatory measures from Brussels. The issue is considered a core area of national security. (see Politico Pro, paywall or FT, paywall)

ILLEGAL ONLINE CONTENT – ATTORNEY GENERAL STRENGTHENS PRINCIPLE OF THE EUROPEAN COMMUNITY: ECJ Advocate General Szpunar has delivered his opinion on the Austrian Communications Platforms Act (KoPl-G) (C-376/22), which, similar to the German NetzDG or the French Avia Act, imposes strict requirements on online platforms to deal with illegal online content.

In his opinion, Szpunar concludes that legal measures of a general and abstract nature – such as the KoPl-G, which concerns a broadly described category of information society services – are incompatible with the country-of-origin principle enshrined in Article 3(1) of the E-Commerce Directive, and thus impermissibly restrict the freedom to provide information society services from other Member States.

In particular, the Advocate General also rejects the Austrian government’s argument that the KoPl-G falls within the exceptions of Article 3(4) of the E-Commerce Directive, as this provision only allows Member States to take specific measures against certain service providers who pose a serious and grave risk of harming one of the stated objectives. However, legislative measures of a general and abstract nature, even if they concern certain categories of services, do not fall under these exceptions, as this would be tantamount to a fragmentation of the Internal Market. (see ECJ press release – PDF)

EIDAS – AGREEMENT UNDER SWEDISH COUNCIL PRESIDENCY EVER MORE UNLIKELY: At the Telecommunications Council, the Swedish Presidency reiterated that it wants to advance discussions as far as possible on the regulation on an EU framework for digital identity. It plans further technical meetings in the coming weeks and a new trilogue on 28 June. According to several sources who have a familiarity with this topic, it is seen to be very unlikely that an agreement will be reached under the Swedish Presidency, as many issues are still open. (see Contexte, paywall, FR)

EMFA – COUNCIL AGREEMENT IN SIGHT: The EU Council of Ministers is set to reach its position on the European Media Freedom Act (EMFA). A compromise text was circulated on 7 June ahead of the Audiovisual Working Group meeting on 12 June, where a position is expected before COREPER on 21 June. Only moderate changes were made to the text, concerning national legislation, state advertising and the right to customisation. However, the text retains controversial aspects of earlier drafts that had led to disagreements between Member States, notably a national security exemption for source protection and the regulators’ independence. (see Euractiv)

In addition, platforms are now only to give the media a “reasonable” period of time to challenge the decision – after Stockholm had previously shown itself open to a specific timeframe for blocking notices. (see Politico Pro, paywall)

DSA – PUBLICATION OF DELEGATED COST REGULATION: Under the DSA; the Delegated Regulation – with the detailed methodologies and procedures regarding the supervisory fees charged by the Commission on providers of very large online platforms – was published in the official website of the EU last week.

During the negotiations on the DSA, the Commission anticipated being able to operate with 20 to 30 million Euro per year. Among other services, these fees are to finance the European Centre for Algorithmic Transparency, which hires the Commission’s technical experts.

To date, each of the 19 VLOPS – i.e. very large online platforms – will have to pay an amount of up to 0.05% of their global turnover. The Delegated Regulation will enter into force on 29 June.

DMA – COMMISSION LAUNCHES CONSULTATION ON COMPLIANCE REPORT: Last week, the Commission launched a consultation on the draft template for the compliance report that designated gatekeepers will have to submit annually under the Digital Markets Act (DMA). These gatekeepers will have to gather all the information needed to assess the effectiveness of compliance with the new regulation.

The EU Executive will appoint the gatekeepers by 6 September and they will be required to submit annual reports on their progress in complying with the regulation. Stakeholders have until 5 July to provide feedback to the Commission.

DATA PROTECTION – HARMONISED RULES FOR EU DATA PROTECTION AUTHORITIES: The European Data Protection Board (EDPB) has set guidelines (PDF) to harmonise data protection fines across the EU. For breaches of the General Data Protection Regulation (GDPR), supervisory authorities are allowed to issue fines of up to €20 million or, for companies, up to 4 per cent of their annual global turnover.

The guidelines now specifically regulate how fines are to be assessed within this margin. For this purpose, a five-step methodology is planned, taking into account the number of instances of sanctionable conduct, possibly resulting in multiple infringements, plus the turnover of the companies concerned. “Historically, we now have for the first time a standardisation of the practice of fining data protection authorities in different Member States,” says Ulrich Kelber, Federal Commissioner for Data Protection and Freedom of Information (BfDI). “The guidelines are thus the logical next step in European integration and can also serve as a model and orientation for the enforcement of other EU laws in the future.” (see EDPB press release)

Relevant Publications, including from the EP Think Tank:

• Monthly Highlight June 2023 (At a Glance)
• Parliament’s negotiating position on the artificial intelligence act (At a Glance)
• Cross-border access to electronic evidence (At a Glance)
• Investigation of the use of Pegasus and equivalent surveillance spyware (At a Glance)
• High common level of cybersecurity at the institutions, bodies, offices and agencies of the Union (Briefing)

A Selection of the EU Commission’s Consultations

• Survey on sustainability indicators for telecommunication networks –

Consultation until 16 June 2023

• Extension of the date of applicability of the RED delegated act on cybersecurity, privacy and protection from fraud – Feedback on the delegated regulation: 24 May to 21 June 2023
• Cyber Solidarity Act – Feedback on the regulation: 20 April 2023 to 20 July 2023 (extended)
• Net Zero Industry Act – Feedback on the regulation: 20 March to 27 June 2023
• European Critical Raw Materials Act – Feedback on the regulation: 20 March 2023 to 30 June 2023

Outlook for the Current Week

You can find a list of the upcoming dates of the European Parliament here, as well as an overview of the agenda for the coming plenary session week. The meeting calendar for 2023 is available here (PDF).

On Monday evening, the discussion on the E-Evidence Regulation and the Annual Report on Competition Policy will take place. The vote will be held on the following day. The discussion on the AI Act is scheduled for Tuesday, followed by the vote on Wednesday evening.

An overview of the most important dates of the Council week can be found here and the meeting calendar can be accessed here.
The official calendar as well as the programme of the Swedish Presidency can be found on the associated website.

Included among the Council dates are:

Summits and Ministerial Meetings:

• Informal Meeting of Agriculture and Fisheries Ministers, Sunday, 11 to Tuesday, 13 June – Programme;
• Employment, Social Policy, Health and Consumer Affairs Council, Monday, 12 and Tuesday, 13 June – Agenda, Background Brief;
• Economic and Financial Affairs Council (incl. VAT in Digital Age), Friday, 16 June – Agenda, A Items;

Preparatory Bodies:

• Audiovisual and Media Working Party (incl. EMFA), Monday, 12 June (Agenda);
• Law Enforcement Working Party (Police) (incl. CSAM), Tuesday, 13 June (Agenda);
• Working Party on Telecommunications and Information Society (incl. EU-US TTC, Data Act), Tuesday, 13 June (Agenda), Thursday, 15 and Friday, 16 June (Agenda);
• Working Party on Intellectual Property (Copyright) ( Piracy on Live Events), Friday, 16 June (Agenda);
• Working Party on Competitiveness and Growth (Internal Market) ( DSA; EU-US TTC), Friday, 16 June (Agenda);
• Horizontal Working Party on Cyber Issues, Friday, 16 June;
• COREPER I ( RED), Wednesday, 14 and Friday, 16 June (Agenda);
• COREPER II, Wednesday, 14 June (Agenda);

Information about the weekly Commission meeting can be found on the website of the Commission in the preview (PDF) or (at short notice) in the current agenda. The non-legislative proposal on the metaverse has been postponed to 11 July. Meanwhile, the directive on tackling child abuse, the draft of which had been scheduled for 6 September, has now once again been removed from the preview.

The following topics are on the agenda for the coming week:

• Council Recommendation on developing social economy framework conditions
• Regulation on environmental, social and governance rating
• Communication on a sustainable finance framework
• Recommendation on transition finance

The judicial calendar of the ECJ can be found here.

European Parliament Committees

CW 24 / Monday, 12 to Thursday, 15 June: Plenary Sessions Week (Strasbourg);

LIBE Committee (Civil Liberties)

Current Meetings

• Monday, 12 June, 19.00-21.00 (Strasbourg)

Excerpt from the Draft Agenda

The current agenda does not contain any topics of direct relevance to the Internet industry.

Further Meetings (Calendar)

• Wednesday, 28 June 2023, 9.00-12.30 and 14.30-18.00 (Brussels)
• Thursday, 29 June 2023, 9.00-12.30 (Brussels)

JURI Committee (Legal Affairs)

Current Meetings

• None

Further Meetings (Calendar)

• Monday, 26 and Tuesday, 27 June (Brussels)

Dossiers Timetable (15 May 2023)

ITRE Committee (Industry)

Current Meetings

• Monday, 12 June, 19.00-21.00 (Strasbourg)

Excerpt from the Draft Agenda

…

*** Electronic vote ***

***  Votes at approximately 19.00 in physical presence only ***

5. Establishing a Single Market emergency instrument and repealing Council Regulation No (EC) 2679/98

ITRE/9/10846

***I 2022/0278(COD) COM(2022)0459 – C9-0315/2022

 

Rapporteur for the opinion:
	Eva Maydell (PPE)		PA – PE745.415v02-00 AM – PE746.899v01-00
Responsible:
	IMCO*	Andreas Schwab (PPE)	PR – PE742.468v01-00 AM – PE742.649v01-00 AM – PE746.643v01-00

• Adoption of draft opinion
• Deadline for tabling amendments: 26 April 2023, 12.00

*** End of electronic vote ***

7. Establishing a framework of measures for strengthening Europe’s net-zero technology products manufacturing ecosystem (Net Zero Industry Act)

ITRE/9/11576

***I 2023/0081(COD) COM(2023)0161 – C9-0062/2023

 

Rapporteur:
	Christian Ehler (PPE)		PR – PE749.154v01-00
Responsible:
	ITRE
Opinions:
	INTA	Inma Rodríguez-Piñero (S&D)	PA – PE748.987v01-00
	BUDG	Decision: no opinion
	ECON	Luděk Niedermayer (PPE)
	EMPL	Marie-Pierre Vedrenne (Renew)	PA – PE749.069v01-00
	ENVI	Tiemo Wölken (S&D)
	IMCO	Tom Vandenkendelaere (PPE)	AM – PE749.270v01-00
	TRAN	Anna Deparnay-Grunenberg (Verts/ALE)
	REGI	Niklas Nienaß (Verts/ALE)

• Consideration of draft report
• Deadline for tabling amendments: 19 June 2023, 17.00

…

Further Meetings (Calendar)

• Wednesday, 28 June, 9.00-12.30 and 14.30-18.30 (Brussels)
• Thursday, 29 June, 9.00-12.30 (Brussels)

Dossiers Timetable (PDF) (8 June 2023)

IMCO Committee (Internal Market)

Current Meetings

• None

Further Meetings (Calendar)

• Wednesday, 28 June, 9.00-12.30 and 14.30-18.30 (Brussels)
• Thursday, 29 June, 9.00-12.30 (Brussels)

Dossiers Timetable (May 2023)

CULT Committee (Culture)

Current Meetings

• None

Further Meetings (Calendar)

• Wednesday, 28 June, 9.00-12.30 and 14.30-18.30 (Brussels)
• Thursday, 29 June, 9.00-12.30 (Brussels)

INGE2 Committee (Special Committee on Foreign Interference)

Current Meetings

• None

Further Meetings (Calendar)

• Thursday, 6 July, 9.00-12.30 (Brussels)

Further Parliamentary Calendar Dates

• CW 25 / Monday, 5 to Thursday, 8 June: Mini-Plenary Sessions Week (Brussels);
• CW 26 / Monday, 26 to Thursday, 29 June: Committee Meetings Week (Brussels);
• CW 27 / Monday, 3 to Thursday, 6 July: Political Group and Committee Meetings Week (Brussels);