View from Brussels #251

Highlights from the Past Weeks

CW 17 / Monday, 24 to Thursday, 27 April: Committee Meeting Week (Brussels);

ARTIFICIAL INTELLIGENCE – PARLIAMENT FOUND COMPROMISE: The rapporteurs of the European Parliament reached a political agreement on the AI Act last week. (Compromise, consolidated version – PDF)

The official deadline for a final text had to be postponed repeatedly beforehand due to disagreement on how general AI and basic models should be regulated, which AI applications should be classified as prohibited or “risky”, and what sustainability rules should apply to energy-hungry AI.

The final agreement provides for the introduction of environmental standards for design, energy efficiency and logging of “baseline models” – powerful AI trained on very large datasets, such as OpenAI’s ChatGPT.

While the details of the text are still being worked out by MEPs’ technical advisors, Thursday’s meeting was the last round of political negotiations.

This seems to clear the way for the text to be adopted in committee on 11 May and in plenary in mid-June (see Euractiv).

DIGITAL SERVICES ACT I – COMMISSION NAMES 19 VLOP/VLOSE: The European Commission has named 19 online platforms and search engines that must comply with the Digital Services Act’s (DSA) stricter rules on risk management, transparency, content moderation and child protection.

The list of platforms consists of the Chinese company Alibaba AliExpress, the US platforms Amazon Store, Apple AppStore, Bing (Microsoft), Facebook (Meta), Google Play, Google Maps, Google Search, Google Shopping, Instagram (Meta), LinkedIn (Microsoft), Pinterest, Snapchat, TikTok, Twitter and YouTube (Google), the European companies Booking.com and Zalando, and the non-profit Wikimedia Foundation.

The designation process is based on the number of active users in the EU market, which the online platforms had to publish by 17 February. However, the Commission said it was still investigating four or five other platforms on which a final decision would be taken in the coming weeks (see Euractiv or COM press release).

DIGITAL SERVICES ACT II – COMMISSION CALL FOR EVIDENCE ON DELEGATED ACT: The Commission has published a Call for Evidence on the delegated act on access to platform data by vetted researchers under the Digital Services Act. The measures will set out the conditions under which such data sharing should take place and the purposes for which such data may be used. The deadline for feedback is 23 May.

DIGITAL MARKETS ACT – NOW APPLICABLE: The Digital Markets Act (DMA), in principle, has been applicable since 2 May. Exceptions are Article 3(6) and (7) and Articles 40, 46, 47, 48, 49 and 50, which apply from 1 November 2022, and Articles 42 and 43, which apply from 25 June 2023.

By 3 July, potential gatekeepers must report their core platform services. The Commission then has 45 days to draw up the list of “gatekeepers”.

Currently, according to information from the Commission, there are about 40 staff members available for the enforcement of the DMA on the part of the Competition Directorate, while DG Connect is working to get to this level.

The Commission’s next workshop on data regulation is scheduled for 5 May.

CSAM I – DRAFT REPORT PRESENTED TO LIBE COMMITTEE: Last week, J. Zarzalejos (EPP, ES) presented his draft report (PDF) on the Child Abuse Directive in the Civil Liberties Committee (LIBE).

In their reaction, MEPs from most political groups were positive about the draft report presented, although each of them raised specific points and issues and wanted to table amendments.

Social Democrats P. Tang and H. Fritzon, stressed the importance of “safety by design”, user reporting tools, secure encryption and the inclusion of the gender dimension.

Renew showed itself divided: The shadow rapporteurs H. Vautmans (NL) and A. Al-Sahlani (SE) criticised the lack of proposed solutions in the LIBE impact assessment (PDF) and see no obligation to spy in the proposed law.

1. Körner (Renew, DE) argued that overburdening law enforcement agencies through “over-reporting” is not the solution in the fight against CSAM. P. Breyer (Greens, DE) and C. Ernst (Left, DE) shared similar concerns and welcomed the encryption safeguards included in the draft report.

The deadline for amendments in LIBE was confirmed for 17 May.

The Budget Committee will vote on its opinion on 8 June.

CSAM II – DISCUSSION OF AMENDMENTS IN THE IMCO COMMITTEE: The Internal Market Committee (IMCO) held a discussion on the more than 500 amendments to the opinion of A. Agius Saliba (S&D; MT) on the Child Abuse Regulation. Saliba clarified that many of the amendments go beyond the remit of the IMCO and, therefore, could not be part of the compromise. It must be ensured that end-to-end encryption (E2EE) and the ban on general surveillance are respected. In addition, a distinction must be made between number-based and number-independent interpersonal communication services. Allowing age verification would not be supported without strict safeguards and impact assessment.

1. Walsmann (EPP, DE) states that maintaining voluntary recognition and keeping new content in the scope are priorities for the EPP. C. Rinzema (Renew, NL) expressed that there was a lot of misinformation on monitoring obligations in the proposal. The proposal follows a risk-based approach, which by definition is not general surveillance and does not mean the end of E2EE. (Video, 15h19)

CYBERSECURITY I – PARLIAMENT DISCUSSES CRA DRAFT REPORT: Last week, the Industry Lead Committee (ITRE) discussed the draft report (PDF) by N. Danti (Renew, IT) and the Internal Market Committee (IMCO) discussed the draft opinion by M. Løkkegaard (Renew, DK) on the Cyber Resilience Act (CRA).

Danti himself still sees four points for improvement: The extension of the scope to all products with digital elements; more clarity on open source products; an extension of the five-year plan; and guarantees of legal certainty for the contracting parties and additional support for businesses through longer transition periods. The deadline for amendments is 27 April. (Video, 10h35)

Løkkegaard informed that his amendments aimed at (i) ensuring more efficient communication with competent authorities, (ii) strengthening the obligations and powers of competent authorities with regard to complaints, inspections and joint activities, and (iii) improving cybersecurity requirements for components integrated into end products with digital elements by defining more precisely the obligations of all economic operators. IMCO MPs have until 26 April to submit amendments to the draft opinion (video: 10h23).

CYBERSECURITY II – PRESIDENCY PRESENTS NEW CRA COMPROMISE PROPOSAL: The Swedish Presidency presented a first complete proposal (PDF) for the Cyber Resilience Act (CRA) in the relevant working group.

The concept of critical product was deleted, the criteria for classification in class I and class II were reduced from three to two, several categories were deleted and some for consumer products were added. A unique product identifier for security updates and the possibility to delete all data when disposing of a device have been added to the list of essential requirements. The Commission’s discretion in the standardisation process has been curtailed in view of the increasingly frequent delays (see Euractiv).

PRIVACY – ROUND TABLE TO COOKIES: Last week, the first stakeholder roundtable on the Directorate-General for Justice’s Cookie Pledge initiative took place. Several stakeholders expressed doubts about the Commission’s initiative to deviate from the established data protection doctrine. There was a danger that the position of the big technology companies would be strengthened by a centralised browser setting. Cookies are not only important for advertising, but also for audience measurement.

The Commission has published a discussion paper as a basis for the discussions. It says that many people are tired of having to deal with cookie banners all the time. The result is that users simply give up expressing their privacy preferences. In any case, third-party cookies are on the brink of extinction because more and more browsers are blocking them. New tracking technologies such as pixels or ID tracking are available as a replacement.

ONLINE POLITICAL ADVERTISING – COUNCIL WITH RESERVATIONS ABOUT PARLIAMENT: The rapporteur in the European Parliament, S. Gozi (Renew, FR), reported in the meeting of the Internal Market Committee (IMCO) on the second trilogue on the regulation on political advertising (video). There, he defended cross-border political advertising campaigns that Facebook had prevented in the previous European elections. He also introduced the Parliament’s proposed ban on actors based outside the EU from funding political advertising. With regard to these two ideas, the Council had addressed the legal risks with regard to the Services Directive and the rules of the World Trade Organisation (WTO). Gozi hopes to find a solution on a technical level. Regarding the establishment of a register for online political advertising, the Commission and the Council expressed concerns about the costs and administrative burden for companies.

The next trilogue is scheduled for 5 May. An agreement is to be reached by June (see Contexte, Paywall, FR).

DATA ACT – COMPLETION IN JUNE STILL REALISTIC: Last week, rapporteur P. del Castillo (EPP, ES) briefed her colleagues from the Industry Committee (ITRE) on the results of the first round of inter-institutional negotiations on the Data Act. As the negotiations are still at an early stage, the rapporteur informed that the trilogue consisted only of a brief discussion of the most important issues for each co-legislator. No further details were given. Finally, MEP del Castillo confirmed negotiation dates of 23 May and 27 June and the aim to conclude the negotiations under the current Swedish Presidency.

In the linked Internal Market Committee, A. Bielan (ECR, PO) that the focus of the last session was on switching and interoperability between cloud services (see Euractiv).

EIDAS – NO PROGRESS IN TRILOGUE NEGOTIATIONS: The Swedish Presidency had promised that they would finalise eIDAS by June. While the technical meetings are progressing rapidly, the Swedes have not yet sent the attachés of the other Member States any information on the state of affairs with eIDAS.

The second trilogue, which was planned for 27 April, had to be cancelled. The Spanish Minister for Digital Transformation, N. Calviño, has already stated that she hopes to be able to conclude the dossier under the Spanish Presidency.

A spokesperson for the Swedish Presidency, meanwhile, said that Sweden’s aim was to get as far as possible in the negotiations. Meanwhile, on the agenda for the Telecommunications Working Group, eIDAS is found under the heading “Other” (see Politico Pro, Paywall).

DATA PROTECTION – ECJ ATTORNEY GENERAL AFFIRMS GDPR DAMAGES: The Bulgarian case of the hacking attack on the National Agency for Revenue (NAP) became a matter for the ECJ. The referring Bulgarian court of appeal wanted to know from the ECJ which security obligations the authority should have complied with – and whether the liability for damages can even be triggered at all in the case of attacks by third parties.

Advocate General Pitruzella argues in his opinion (FR) that the controller must prove that it has taken appropriate measures to protect the data, for example through appropriate certifications. The obligation to demonstrate that the measures were suitable, sufficient and state-of-the-art lies with the data processor. However, according to the Advocate General, the emotional damage suffered by those affected must also be real in order to trigger liability for damages. (C-340/21)

SUSTAINABILITY – INDUSTRY COMMITTEE CONFIRMS AGREEMENT ON EED: Last week, the Industry Committee (ITRE) confirmed the trilogue agreement on the Energy Efficiency Directive (EED) with a clear majority (48/8/6).

The vote in plenary is expected to take place in the coming weeks.

COPYRIGHT – PARLIAMENTARIANS DEMAND SHORTER REVIEW PERIOD FOR LIVE ONLINE PIRACY RECOMMENDATION: In their letter of 28 April (PDF), twenty MEPs call on the Commission to revise its draft recommendation against piracy of live online events. MEPs, including S. Verheyen (EPP, DE), G. Didier (EPP, FR), J. Zarzalejos (EPP, ES) and I. García del Blanco (S&D, ES), demand that the review of the implementation of the recommendation comes within one year and not within three years as planned by the Commission. This is in line with the demand of the audiovisual industry, which has already expressed its dissatisfaction, and should open the door for legislation (see Contexte, paywall, FR).

VIRTUAL WORLDS – CITIZEN PANEL PROPOSES 23 RECOMMENDATIONS: From 21 to 23 April, the Commission hosted the third and final meeting of the Citizens’ Panel, consisting of 150 Europeans whose proposals will feed into the Commission’s non-legislative initiative “on virtual worlds and the future of the Internet”, initially expected for the end of May but recently postponed to 21 June.

The recommendations are built around eight values and principles: “Freedom of choice, sustainability, people-centred, health, education, safety and security, transparency, and inclusion”. In addition to the Citizens’ Panel, the Commission has launched a Call for Evidence, which will run until 3 May, to allow citizens and stakeholders to provide their thoughts on the issue (see Contexte, paywall, FR).

NET NEUTRALITY – COMMISSION PUBLISHES IMPLEMENTATION REPORT: The Commission has today published its second report (after 2019) on the implementation of the Open Internet Access Regulation, which ensures that all users can access online content and
services without discrimination, preference, restriction or interference by ISPs.

The findings of the report confirm that the Regulation continues to ensure the necessary balance between protecting end-users’ rights and promoting a competitive environment in the EU’s digital single market (see press release COM.)

INFRASTRUCTURE LEVY – COMPETITION REPORT IN THE ECONOMIC AFFAIRS COMMITTEE: The 2022 Competitiveness Report was adopted by the Parliament’s Economic Affairs Committee (ECON) last week. The vote in plenary is scheduled for May or June.

The report also calls on the Commission to create a policy framework in which big data producers make a “fair contribution to the adequate financing of the telecommunications network”. The wording was pushed by MEP S. Yon-Courtin (see Euractiv).

GERMANY – COURT CONFIRMS BAN ON PORNOGRAPHIC INTERNET OFFERS: The Administrative Court of Düsseldorf has confirmed its emergency decision from November 2021, according to which the Media Authority of North Rhine-Westphalia was allowed to ban the distribution of pornographic websites in Germany, even if the offerings are operated from Cyprus (see press release VG Düsseldorf, DE).

According to the press release, the court had come to the conclusion in its ruling that the providers could not invoke the country of origin principle. Instead, the strict German law on the protection of minors in the media is applied because children and young people are threatened with serious and grave dangers through free access to pornographic websites. A change in the legal situation that had occurred in the meantime could not change the result, the court continued, since the decisive factor was the legal situation that had applied at the time the decision was issued.

USA – CSAM LAW COULD WEAKEN ENCRYPTION: After Europe, there is also a proposal in the United States to curb child abuse content on the Internet with the “Stop CSAM Act“.

The bill focuses on “interactive computing services”, which according to the Electronic Frontier Foundation (EFF) broadly includes private messaging and email apps, social media platforms, cloud storage providers and many other online service providers. It is planned that it will become a criminal offence if providers “knowingly host or store” child sexual abuse content (CSAM) or “knowingly promote or facilitate” the sexual exploitation of children, including the creation of CSAM, on their platforms. (see netzpolitik.org, DE).

Relevant publications, including from the EP Think Tank:

• Proposal for a regulation laying down rules to prevent and combat child sexual abuse (study) – Ex-ante impact assessment for the LIBE Committee

Selected consultations of the EU Commission

• Delegated Regulation on data access provided for in the Digital Services Act – Call for Evidence: 25 March to 23 May 2023
• Cyber Solidarity Act – feedback on the act: 20 April 2023 until 27 June 2023 (extended)
• Radio equipment -change to the technical specifications for wired charging – Feedback on the delegated regulation: 12 April to 10 May 2023
• Virtual worlds (metaverses) – a vision for openness, safety and respect – Call for Evidence: 5 April to 3 May 2023
• Net Zero Industry Act – feedback on the regulation: 20 March to 27 June 2023 (extended)
• European Critical Raw Materials Act – Feedback on the regulation: 20 March 2023 to 27 June 2023 (extended)
• High-speed broadband services in the EU – Review of the rules – Feedback on the regulation: 27 February – 16 May 2023
• The future of the electronic communications sector and its infrastructure – Consultation: 23 February – 19 May 2023
• New product priorities in Ecodesign for Sustainable Products – Call for Evidence: 31 January to 12 May 2023

Outlook for the Current Week

You can find a list of the upcoming dates of the European Parliament here. The meeting calendar for 2023 is available here (PDF).

You can find an overview of the most important dates of the week of the Council here or the meeting calendar here.
The official calendar as well as the programme of the Swedish Presidency can be found on the corresponding website.

Council appointments include:

Summits and Ministerial Meetings:

• Informal Ministerial Meeting on Employment and Social Affairs, Wednesday, 3 and Thursday, 4 May – Programme;
• Informal Meeting of Health Ministers, Thursday, 4 and Friday, 5 March – Programme;
• Foreign Affairs (Development) Council, Thursday, 4 May – Agenda, A items;

Preparatory Bodies:

• Working Party on Telecommunications and Information Society (including GIA), Tuesday, 2 May (Agenda);
• Working Party on Cooperation in Criminal Matters (COPEN), Tuesday, 2 May (Agenda);
• Working Party on Competitiveness and Growth (Industry) (incl. the Chips Act), Wednesday, 3 May (Agenda) and Thursday, 4 May (Agenda);
• Horizontal Working Party on Enhancing Resilience and Countering Hybrid Threats, Tuesday, 2 May and Thursday, 4 May;
• Working Party on Competitiveness and Growth (Single Market) (including SMEI), Friday, 5 May (Agenda);
• Working Party on Consumer Protection and Information, Friday, 5 May;
• Horizontal Working Party on Cyber Issues, Wednesday, 3 May and Friday, 5 May;
• Coreper I (incl. EMFA), Wednesday, 3 May (Agenda) and Friday, 5 May;
• Coreper II, Wednesday, 3 May (Agenda);

Information about the weekly Commission meeting can be found on the website of the Commission in the preview (PDF) or (at short notice) in the current agenda. The non-legislative proposal on the metaverse was postponed to 21 June.
The following topics are on the agenda for this week:

• Recommendation on piracy of live content (Leak – PDF)
• Act in support of ammunition production
• Setting a sanctions framework targeting corruption
• Update of the anti-corruption legislative framework

The judicial calendar of the ECJ can be found here. On Thursday, the decision is due in the proceedings of the Austrian data protection authority against Österreichische Post AG, which once again deals with the right to information under the GDPR (C-487/21).

European Parliament Committees

CW 18 / Tuesday, 2 to Thursday, 4 May: Political Group and Committee Meeting Week (Brussels);

LIBE Committee (Civil Liberties)

Current Meetings

• none

Further Meetings (calendar)

• Monday, 22 May, 14.30-18.00 (Brussels)
• Tuesday, 23 May, 9.00-12.30 and 14.30-18.30 (Brussels)

JURI Committee (Legal)

Current Meetings

• none

Further Meetings (calendar)

• Tuesday, 30 May (Brussels)

Dossiers Timetable (24 April 2023)

ITRE Committee (Industry)

Current Meetings

• none

Further Meetings (calendar)

• Monday, 22 March, 15.00-18.30 (Brussels)
• Tuesday, 23 May, 9.00-12.30 and 14.30-18.30 (Brussels)

Dossiers Timetable (25 April 2023)

IMCO Committee (Single Market)

Current Meetings

• none

Further Meetings (calendar)

• Monday, 22 May, 15.00-18.30 (Brussels)
• Tuesday, 23 May, 9.00-12.30 and 14.30-18.30 (Brussels)

Dossiers Timetable (March 2023)

CULT Committee (Culture)

Current Meetings

• none

Further Meetings (calendar)

• Wednesday, 24 May, 9.00-12.30 and 14.30-18.30 (Brussels)
• Thursday, 25 May, 9.00-12.30 (Brussels)

PEGA Committee (Pegasus Investigation Committee)

Current Meetings

• none

Further Meetings

• Monday, 8 May, 19.00-21.00 (Strasbourg)

ING2 Committee (Special Committee on Foreign Interference)

Current Meetings

• Thursday, 4 May, 9.00-11.00 (Brussels)

Extract from the provisional agenda

The current agenda does not contain any topics directly relevant to the Internet industry.

Further Meetings (calendar)

• open

Further Parliamentary Calendar Dates

• CW 19 / Monday, 8 to Thursday, 11 May: Plenary Session Week (Strasbourg);
• CW 20 / Monday, 15 to Friday, 19 May: Green Week (not in session);
• CW 21 / Monday, 22 to Thursday, 25 May: Political Group and Committee Meeting Week (Brussels);

 

The current agenda does not contain any topics directly relevant to the Internet industry.