Tech Brief: AI Act delayed, digital diplomacy ambitions
“‘Artificial Intelligence system’ (AI system) means an engineered or machine-based system that can, for a given set of objectives, generate output such as content, predictions, recommendations, or decisions influencing real or virtual environments. AI systems are designed to operate with varying levels of autonomy.”
Story of the week: MEPs involved in the AI Act met on Wednesday in what the co-rapporteurs hoped would be an opportunity to close several important aspects of the regulation. The agenda was incredibly ambitious, with an AI definition aligned with the US NIST, a ban on exporting AI systems based on prohibited practices, biometric categorisation and facial-scrapping databases. However, none of the agenda’s points was agreed upon during the meeting, with several lawmakers asking for further discussions about the text. The NIST definition seems compatible with the EPP’s transatlantic approach, although more progressive MEPs consider it too narrow, and the related recitals drew some significant criticism. The high-risk categorisation was under attack from all sides, with some groups questioning the logic of the proposed text. The issue of prohibiting emotion recognition was also raised, but the EPP is still pushing to have it as a high-risk application. The next technical meeting is scheduled for 27 February, meaning the co-rapporteurs will have to come up with a new timeline.
Don’t miss: The discussion around a proposal to establish an office of the UN’s International Telecommunication Union in Brussels, which accelerated following EURACTIV’s reporting, prompted a broader debate about the need to better integrate digital policy in the EU’s external action. While the idea of a new ITU office no longer seems on the table, member states are working on a non-paper to ask the Commission to take the initiative to set up a coordination mechanism. However, the EU Council’s own internal structure does not help, with digital files scattered around different Working Parties. Talks of establishing a Digital Council have been long in the making, but there is still no clear majority to take that direction. Read more.
- The German Federal Constitutional Court ruled AI-powered predictive policing tools unconstitutional.
- The European Commission is bringing six member states to court for failing to transpose the EU’s copyright rules.
- The Swedish presidency proposed significantly reshaping the critical product categories under the Cyber Resilience Act.
- EURACTIV obtained a draft general approach to the short-term rental regulation that the Competitiveness Council is due to adopt on 2 March.
- The EU launched the European Tech Champions Initiative to maintain the European ownership of successful scale-ups.
- The Commission sought to clarify the digital aspects of the Product Liability Directive.
Before we start: If you just can’t get enough of tech analysis, tune in to our weekly podcast.
The Digital Services Act – what next?
The coming weeks will be fundamental for the DSA to take shape, as the European Commission is working on secondary legislation to define critical provisions of the regulation, and large online platforms are taking their first steps toward compliance. EURACTIV …
Unconstitutional predictive policing. The German Federal Constitutional Court has declared police use of predictive software provided by controversial US-backed firm Palantir in Hesse and Hamburg unconstitutional as it violates the right to informational self-determination. Law enforcement is one of the most controversial application areas in the AI Act’s discussions. Read more.
A suffocating hug? The European Consumer Organisation and the Transatlantic Consumer Dialogue have voiced their concern over the TTC’s EU-US joint roadmap on AI, in whose drafting they were involved, and called on policymakers to ensure it does not interfere with the AI regulation. At an event on Thursday, the Commission’s AI Director Lucilla Sioli tried to reassure everyone that both jurisdictions will retain full autonomy in regulating the technology. The roadmap aims to reach a shared understanding of critical concepts such as ‘risk’ and ‘harm’.
Who supervises the supervisor? The AI Act places great stock in human oversight to safeguard against algorithmic error and bias. Still, there are complex reasons that make people’s overseeing AI-driven decisions far from infallible, a researcher argued this week.
Risky lawmakers. Five MEPs have been profiled as being ‘at medium risk’ of criminal behaviour using Fair Trials’ criminal prediction tool, which ‘determines’ people’s propensity to commit criminal acts using criteria and information actively deployed by EU law enforcement.
AI for green. SMEs will be central to ensuring the success of the twin green and digital transitions by integrating AI solutions, for instance, with the development of a digital twin of the EU’s energy grid. Read more.
AI in education. The German Bundestag’s Committee for Education, Research and Technology Assessment has commissioned a study on ChatGPT’s impact on education and research to explore technological development trends, potential applications and the impacts of the technology. This week, the European University Association (EUA) published its position, stating that any attempt to ban AI tools in learning and teaching would be futile. Therefore, the higher education sector must adapt to ensure its use is effective and appropriate.
New deep fake frontiers. VALL-E, a new AI programme by Microsoft, can recreate voices based on just a three-second sample clip and produce a much more natural-sounding voice than previous models. Cybersecurity experts are warning, however, that this poses significant risks to security and could also be used to spread misinformation.
New deadline. The EU competition authority will decide by 7 June whether to allow Broadcom’s proposed $61 billion purchase of cloud computing firm VMware. The investigation was put on hold last month to await information from the two companies. The acquisition is also under scrutiny in the UK.
See you in court. The Commission has referred 11 cases to the EU’s Court of Justice concerning failures by six member states when it comes to the transposition of copyright rules into national law. Thirteen states were issued with reasoned opinions last May over their delay in transposing the 2019 Copyright Directive and another directive covering online transmissions of TV and radio broadcasts. Bulgaria, Denmark, Finland, Latvia, Poland, and Portugal have all been referred to the court for their continued failures across both regulations. Read more.
Speaking of Poland. Members of Poland’s creative and audio-visual sectors are calling for a law to ensure fair remuneration for filmmakers where their work is used online and a level playing field regarding negotiations with platforms. In an open letter, artists and creators argue that this is a right guaranteed to them under the EU’s Copyright Directive but allege that provisions in a draft law which would have enforced these protections were deleted following the visit of a top Netflix executive to Poland in December.
Critical categories. The critical and highly critical product categories were subject to heavy change under the latest Cyber Resilience Act compromise circulated by the Swedish EU Council presidency. The text adds significant granularity to class I and class II, dividing them into two and three subgroups, respectively, based on criteria that would also restrict the Commission’s discretion in amending the annexe. The ‘highly critical’ category was better defined in relation to NIS2, and the possibility of requiring cybersecurity certification was introduced. The product categories in the two classes were also revised, with 11 moved to the higher class and six downgraded. Consumer products like smart locks and alarm systems were included. Read more.
Sweden under attack. SVT, Sweden’s public broadcaster, was hit by a series of cyberattacks on Tuesday in the wake of similar assaults on universities, hospitals, regional administration offices, and other media companies the previous week. The attack was not entirely unexpected, having been signalled by the hacker group ‘Anonymous Sudan’. Read more.
Data & Privacy
MEPs against Privacy Shield 2.0. The Parliament’s civil liberties committee called on the Commission not to adopt a data adequacy decision with the US which would allow for the transfer of EU citizens’ data, and to continue negotiations with Washington to create a mechanism for ensuring equivalence and comparable safeguards. The non-binding resolution argues that the new EU-US Data Privacy Framework “fails to create actual equivalence in the level of protection.”
Not on my watch. Italy’s data protection regulator has banned Replika – a firm which produced a generative AI “virtual companion” chatbot that users reported having become so explicit and persistent as to border on sexual harassment – from collecting data over what the watchdog said were breaches of the GDPR. Read more.
Mozilla’s report. New research by Mozilla looks at different regulatory approaches to data management in the US, Germany, India, and Kenya across various sectors, such as reproductive health, transport, electricity supply and COVID-19 contact tracing. The German report focuses on the EU’s upcoming Data Governance Act and how it can be leveraged for public interest purposes.
Android’s Privacy Sandbox. Google launched this week the first Android Privacy Sandbox beta, initially available to a select number of devices worldwide, with plans to then expand as time goes on. The beta is part of the Android Privacy Sandbox announced last year.
More court cases. Four EU countries have been referred to the European Court of Justice (CJEU) by the Commission for failing to transpose the Open Data Directive. Belgium, Bulgaria, Latvia, and the Netherlands have yet to inform the EU executive of the Directive’s transposition, the deadline for which was July 2021.
Consultation closing. The Commission’s consultation on the digital suitability of the EU’s consumer protection law is set to close next week, concluding a fitness check on whether the existing framework is adequate for protecting consumers in the digital environment.
Digital Services Act
In or out? Today is the long-awaited deadline for online platforms to determine whether they qualify as very large online platforms under the DSA. Those that have so far passed 45 million are Facebook, Google Search, Maps, Play and Shopping, Instagram, TikTok, Twitter, and YouTube. Among those below the threshold are eBay, GoFundMe, Microsoft’s App Store, Spotify and SkySkanner.
STR’s general approach. EU ministers have reached a common position for new rules on short-term rental platforms only a few months after its presentation. The draft general approach, obtained by EURACTIV, is due for COREPER’s endorsement today and focuses on the procedural aspects, ex-post checks, type of data, and powers of the competent authorities. The ministerial approval is planned for the Compet Council on 2 March. Read more.
Tell us where you stand. Stockholm is returning to the basics of the Platform Workers’ Directive after the Czech presidency fell short of securing a majority within the Council in December. The Swedish presidency requested the peers of the Social Questions Working Party for feedback on critical aspects of the proposal, notably the triggering and applicability of the legal presumption of employment. Read more.
European Tech Champions fund. The EIB and five European countries launched a programme to boost equity investments and prevent Europe’s most promising high-tech companies from being bought out by foreign investors at a late stage of development. The European Tech Champions Initiative (ECTI) is a ‘fund of funds’ with an initial budget of €3.75 billion and might be expanded to private investors after a three-year trial. The EIF will manage the fund, and the financing comes with some strings attached that might discourage venture capital investors from requesting it. Still, the first projects to receive the money are expected in the coming days. Read more.
Chips Act’s trilogue. The first political trilogue on the Chips Act is scheduled on 28 February. The file is a political priority for the Swedish presidency, but the first meeting is usually just a chance to present one’s own position. The technical work is kicking off today.
Follow the money. French companies received the most funding under the European Innovation Council Accelerator, Horizon Europe’s €7 billion start-up funding programme. The country has received close to €448 million in funding over the past two years, followed in the rankings by Germany at €317 million and the Netherlands with €267 million. At the other end of the spectrum, Croatia received just €1.2 million and Slovakia €1.9 million.
KPIs input. The Commission has launched a call for feedback on a draft implementation act covering key performance indicators for measuring progress on the Digital Decade 2030 policy programme, spanning data collection on areas from skills and 5G connectivity to AI use and semiconductor activity. The window for contributions is open until 13 March.
Blockchain sandbox. The Commission has launched a regulatory sandbox for innovative use cases involving blockchain solutions. The initiative will run from 2023 to 2026 and will be funded by the digital Europe Programme to support 20 projects annually.
EMFA competencies. The EU Parliament’s culture (CULT) committee has won a competency fight to lead the European Media Freedom Act. LIBE and IMCO will be associated committees with shared competencies on the entire proposal.
French Netflix debacle. France Télévisions, M6, and TF1 announced the dissolution of the jointly-run streaming platform SALTO this week. The decision to shut down SALTO, which was launched in late 2020 and offers a wide range of French programmes, came as a result of several factors, including a lack of subscribers, the refusal of some internet service providers to host the platform, and coordination difficulties between the three operators.
The truth hurts. Russian journalist Maria Ponomarenko has been sentenced to six years in a penal colony after she accused the Russian air force of bombing a theatre turned civilian shelter in Mariupol, Ukraine, last April, in an attack which killed at least 300 people. Read more.
PLD clarifications. The Commission has circulated a non-paper amongst EU governments to clarify the digital aspects of the new Product Liability Directive. Dated 8 February and obtained by EURACTIV, the text notably seeks to clarify whether software would be included in the definition of ‘product’, the responsibility of the manufacturers and the notion of related services. Read more.
Disputes settled. On Thursday, the European Parliament’s Conference of Presidents confirmed the Conference of Committee Chairs’ proposals for distributing competencies on the Product Liability Directive and AI Liability Directive without discussion. The PLD will be a joint IMCO-JURI lead. As previously reported, the AILD will be spearheaded by JURI, with some shared competencies with IMCO and LIBE.
HLF update. The second meeting of the SHERPA sub-group of the Commission’s High-Level Forum on European Standardisation was held on Thursday as a follow-up on the priorities identified in the first meeting in January and in preparation for the Forum’s recommendation to the 2024 Annual Union Work Programme on standardisation. The sub-group is now working to define the Forum’s 2023 work plan. Meanwhile, the applications for participating in the HLF have been opened again, as the Commission wants more Clean Tech companies to join.
Standardisation strategy AMs. MEPs in IMCO tabled 156 amendments to the own-initiative report ‘A standardisation strategy for the Single Market’. Although the report is non-binding, there is a great deal of attention from the side of the industry as it might influence a new legislative proposal that might still come during this mandate, though this remains unclear since the Commission is currently evaluating the standardisation regulation.
The date game. Many people are still wondering when the senders-pay consultation is due to open. After repeated delays, the most mentioned date is now 23 February. But after so many delays and mixed signals, these speculations only further prove the messiness of the process.
Consolidation test case. Orange has presented a new strategic plan that aims for sustainable growth in Europe, Africa, and the Middle East while also focusing on accelerating cybersecurity solutions. However, Orange wishes to consolidate in the EU market, and its €19 billion bid to merge its Spanish operations with MásMóvil will provide a crucial testbed of whether the European Commission will let the telcos merge. The deadline for the preliminary phase was set for 20 March.
DG COMP’s clearance. The Commission has unconditionally approved the creation of a joint venture by Deutsche Telekom, Orange, Telefónica, and Vodafone, set to launch a digital platform to “support the digital marketing and advertising activities of brands and publishers” across five European countries.
Roaming in Ukraine. The Commission has adopted a proposal to incorporate roaming into the EU-Ukraine Association Agreement, meaning that, once in effect, visitors from one will not be required to pay additional fees for using their phones in the other. This move marks the first extension of EU internal market treatment to Ukraine.
What else we’re reading this week:
Don’t let tech companies call the shots in war (The Times)
ASML Says Ex-Employee in China Misappropriated Chip Data (Bloomberg)
Leaked memo: Meta executive warns employees they’re still “at the whim of Apple” (Vox)