Tech Brief 450x300 bUaevA

Experts raise EU Cyber Resilience concerns, Media Freedom Act adopted despite criticism

​ ​ 

Welcome to Euractiv’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.

“EU cyber policymaking should be about reducing threat actors’ operational capabilities whilst increase EU citizen’s resilience to harm.”

– Stephane Duguin, CEO at CyberPeace Institute

Story of the week: Over 50 cybersecurity experts signed an open letter expressing concerns about the vulnerability disclosure requirements, part of the Cyber Resilience Act (CRA). On Monday, the open letter was sent to EU policymakers, including Thierry Breton, commissioner for Internal Market. The disclosure requirements, obliging organisations to inform government agencies about software vulnerabilities within 24 hours, would “undermine the security of digital products and the individuals who use them”, reads the letter. “Sadly, the current draft of the EU Cyber Resilience Act risks to do exactly the opposite. Stockpiling vulnerabilities and creating the dream resource for attackers is not a good way forward,” signatory Stephane Duguin, CEO at CyberPeace Institute, told Euractiv. Read more.

Don’t miss: On Tuesday, the European Parliament adopted its position on the European Media Freedom Act, which the European Commission proposed in September 2022, and is the first EU-level attempt to establish a binding common framework for media services. The Parliament approved the text it will use as its mandate for negotiations with the EU Council and Commission with a large majority – 448 in favour. However, advocacy groups have renewed criticisms of certain provisions they say are falling short in protection against spyware and disinformation. The first round of trilogues – inter-institutional negotiations between Parliament, Council, and Commission – will begin on 18 October to finalise the text by the end of the year. Read more.

Also this week:

EU impartiality on CSAM-file is questionable due to relations to child protection organisation
Polish disinformation campaign ahead of national general election
French policymakers want to go further in cloud regulation than EU
EU increases security risk assessment for semiconductors, AI, quantum- and biotechnologies
EU Parliament gears up its internal IT systems with biometric fingerprints for attendance
Digital shortcomings in Western Balkans in spotlight
European Court of Auditors criticises the Cyber Solidarity Act
The debate on ‘offline-illegality-should-be-online-illegality’ rule resurfaces
Google grants users more control over their data
Polish vote: Council of Europe is alarmed about electoral practices

Before we start: If you just can’t get enough tech analysis, tune in on our weekly podcast.

Today’s edition is powered by META

Rezzil was key to my training

Marcus Rashford trained in the metaverse while rehabilitating from a shoulder injury. While using a virtual reality training tool developed by Rezzil, Marcus could work on his mobility, speed, and muscle memory.

Find out more >>

Artificial Intelligence

Euractiv stops ChatGPT bot. Starting Wednesday, Euractiv joined other media across the EU and the US in disallowing OpenAI’s GPTBot to screen its website and use its content to generate ChatGPT answers.

AI Act trilogues. BSA The Software Alliance, an advocate for the global software industry before governments and in the international marketplace, published a position paper on Tuesday with recommendations on the AI Act trilogues negotiations. They want to adopt a technology-neutral and risk-based AI Act and balanced obligations for the AI value chain.

The Dutch want to supervise AI. The European Commission is supporting the Netherlands on its project to set up a national Artificial Intelligence supervision system – a task to be carried out in collaboration with UNESCO and focus on reviewing existing AI supervision systems and providing solutions and assistance.

Cautious or innovative? The challenge is that EU policymakers must balance the two properly. “There should not be paranoia in assessing the risks of AI,” the Commissioner for Values and Transparency, Vera Jourova, warned. On Tuesday, the third round of interinstitutional negotiations, known as trilogues, on the AI Act took place.

AI and job skills. Skills required for jobs might change by 2030 by at least 65% due to artificial intelligence, LinkedIn told Euractiv on Wednesday. The job site also anticipates that human resources professionals will lead the workforce change, as nine out of 10 HR workers already say their role has become more strategic. LinkedIn CEO Ryan Roslansky also announced new AI-powered tools across their recruiting and marketing products on Wednesday.

Super-computer: one billion billions (10^18) calculations per second. The European High-Performance Computing Joint Undertaking (EuroHPC JU) announced on Tuesday that it signed a contract to develop the EU super calculator JUPITER, financed by the EU up to half a billion euros. It should be used to simulate compute-intensive AI applications such as language model training, creating digital twins of the human brain or validating quantum computers.


France, the strict parent. A comprehensive bill aiming to secure and regulate the internet in France aims to strictly respect the new digital European regulations and, when it comes to cloud regulation, will go even further. The provisions come before the official approval of the EU-level legislation relating to the cloud market named the Data Act. The bill is set to be debated at a plenary session of the National Assembly on 3-4 October after it was presented by Digital Minister Jean-Noel Barrot on 10 May and passed the Senate on 27 June. Read more.

More data control is granted to Google users. The German competition authority concluded its proceedings against Google’s data processing conditions on Thursday (5 October), with the US company agreeing to give users more control over their data. The Bundeskartellamt’s intention is also to limit Google’s market power, which is subject to the strict market competition regulations of the German Competition Act. Read more.

EU is asking around. According to a document seen by Bloomberg on Thursday, EU watchdogs are asking Adobe’s competitors whether the company’s proposed $20 billion buyout of Figma could overturn the interactive product design market’s fair competition.

Probe to come. Due to concerns about Amazon and Microsoft dominating the British cloud computing market, a competition probe can be expected. The UK’s media watchdog Ofcom said in April that it is difficult to switch providers because of the lack of competition.

Microsoft fights Google. While attending the Google antitrust trial, Microsoft Chief Executive Officer Satya Nadella said on Monday that Google may use a new generation of AI-powered tools in the future to extend its influence on the search market.


Cyber Solidarity Act minus solidarity. The European Court of Auditors (ECA) published its opinion on the regulation on Thursday. While the ECA welcomes the proposal’s objectives to strengthen the EU’s collective cyber resilience, “some risks need to be addressed, particularly regarding funding and implementation,” Hannu Takkula, ECA Member, told Euractiv. Read more.

The EU’s cyber month ft. France. The French is organising this year’s campaign “Le Cybermoi/s” to focus on cybersecurity issues. “In the face of cyber scams targeting our fellow citizens, businesses and local authorities, let’s adopt the right digital hygiene reflexes,” tweeted French Digital Minister Jean-Noel Barrot.

Under attack. The non-profit organisation European Telecommunications Standards Institute (ETSI), which specialised on technical standards such as 5G, was hacked. Cyber assailants stole the list of ETSI’s online members, according to SecurityWeek.

Microsoft reports about cyberattacks. Microsoft said cyberattacks affected 120 countries last year, “fueled by government-sponsored spying”. The blog post says that nearly half of these targeted NATO member states, and the motivation behind them was, in most cases, to gain access to information.

Cyber Cyclone. The European cyber crisis liaison organisation office (EU-CyCLONe) is preparing for a real-life test of a large-scale cyber crisis for two days: the Blue OLEx 2023. EU-CyCLONe is a cooperation network of national cybersecurity agencies, and the test aims to enable effective cooperation and information sharing cross-border.

German’s cyber-awareness stands out. A new study focusing on a country comparison of Germans, French, Americans, and New Zealanders published by Cybersafe finds that Germans, leading in the country comparison, find it easy to be secure online (54%). Most Germans (52%) do not assume their devices are automatically secure, demonstrating the highest level of awareness.

Rules for hackers. The International Committee of the Red Cross published rules of engagement for civilian hackers involved in conflicts, especially the Ukrainian war, warning those joining ‘patriotic cyber-gangs’. The rules include bans on a hospital attack, uncontrollably spreading hacking tools, and threats that engender terror among civilians.

Data & Privacy

Disputes resurface over ‘offline-illegality-should-be-online-illegality’ rule. ‘What is illegal offline should be illegal online’ has been the EU’s guiding concept in regulating the internet. Yet, politicians and experts continue to question whether ending online anonymity is the missing step towards reaching this ideal. “It is not possible to live in an [online] world where, because everyone feels anonymous, a sense of widespread impunity prevails”, wrote Paul Midy, the rapporteur for the bill who pushed for an end of anonymity. Read more.

Internal upgrade. The European Parliament is moving forward with plans to replace the system of manual signature by MEPs with a system of biometric fingerprints as proof of presence at parliamentary meetings, according to a Parliament document circulated on Monday and seen by Euractiv. Read more.

Grindr fined over GDPR infringement. The dating app Grindr was fined approximate EUR 5.8 million for breaching the EU’s General Data Protection Regulation (GDPR) by the Norwegian Data Protection Authority (Datatilsynet). Grindr shared user information such as GPS location, IP address, gender and age to third parties for marketing purposes. The Privacy Appeals Board upheld the decision.

Digital diplomacy

Western Balkans in the spotlight. As part of efforts to boost the digitalisation of the region, the Western Balkans Digital Summit took place for the sixth time to foster collaboration on digital transformation, innovation, and connectivity. “The aim is to exchange ideas and best practice experiences and to deepen cooperation between the participating countries,” Stefan Schnorr, Germany’s digital state secretary, told Euractiv. Read more.

Calls open. Those interested can now apply to the Commission’s Digital Europe Programme, which focuses on strengthening digital capacities and supporting data creation of data spaces. The calls are open to businesses, public administrations, and other entities from the member states, countries in the European Economic Area, or associated countries.

Digital Services Act

Octagon clashes “inevitable” between Musk and EU Commissioners. According to Yoel Roth, Twitter’s former head of trust and security, Elon Musk’s X, will likely head for a collision course with the rules set under the EU’s Data Services Act (DSA). According to ElectronLibre, Roth considers a confrontation with the EU regulators “inevitable”. If the Commission finds legitimate reasons to sanction X, which Commissioners Breton and Jourova repeatedly voiced, the social media could face a 6% annual global turnover fine or exclusion from the EU Single Market in case of recidivism… and with EU elections looming, this could happen sooner than you would expect.


LTD market report. The Council of the European National Top-Level Domain Registries published a report last Friday about top-level domains (LTDs) and their global status and registration trends. The report shows a steady rise in domain growth and a slight rise in retail price.

Industrial strategy

Controlling critical technologies. The European Commission announced on Tuesday that it would start collective risk assessments together with member states on four technology areas: semiconductors, artificial intelligence, quantum technologies, and biotechnologies, which could lead to restrictive measures like export controls or development support for these technologies by spring 2024. According to the Commission, the technologies were selected due to their “transformative nature”, their risk of civil and military fusion, and their risk of being used in violation of human rights. Read more.

Law enforcement

NGOs, commissions, and money. A recent article by Balkan Insight revealed close links, including possible financial interests, between the European Commission and child protection organisations concerning a draft EU law to prevent online child sexual abuse material. The links prompted the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) to voice its concerns in an official letter to the Commission. The LIBE Committee will vote on the legislation on 26 October with detection orders, which would be issued to greenlight the detection of CSAM on platforms, still to be discussed. Read more.

The nightmare called ‘Polish elections’. The Council of Europe voiced concerns about the fairness of the Polish electoral process. A report by a delegation of EU Parliament members noted on 28 September a “heated and polarised campaign environment”. “Some politicians accuse each other of being foreign agents, either about Germany or Russia”, French MP Mireille Clapot told Euractiv. Read more.


Freedom of speech is not freedom of reach. Since the illegal content moderation regulation took effect in the EU, disinformation campaigns used in elections have been in the spotlight, especially in Poland, where concerns have been voiced about biased media coverage and the ruling party’s campaign methods. In a general election on 15 October, the ruling Law and Justice party faces strong opposition from pro-EU former prime minister and European Council president Donald Tusk and his Civic Platform party. Read more.


“Free and always will be” – or not? According to the Wall Street Journal, Meta is planning to charge $14 per month for European users if they want to get rid of personalised ads on Facebook or Instagram. The BBC reports that TikTok is testing out a monthly subscription as well, which would get rid of ads on the platform.

Fine, you can join us. A renewed invitation to TikTok, dated 5 October and seen by Euractiv, was sent to a joint cross-committee hearing. After the Irish Data Protection Commission found non-compliance with the EU’s General Data Protection rules, and for other reasons as well, the letter writes that they are convinced that “in-person participation would be the most beneficial way of engaging with the European Parliament’s Members”.


GIA adopted in Parliament. The European Parliament adopted its position on the Gigabit Infrastructure Act on Wednesday during a plenary session without any objections. “No extra fees for intra-EU calls, shorter timelines for granting permits & faster development of gigabit networks in remote areas”, posted rapporteur Alin Mituta on X. Next up are the trilogues with the European Parliament and the Council, once the Council agrees on its position.

Money matters. A letter published by the European Telecommunications Network Operators’ Association on Monday about a fair share regulation, signed by 20 telecom CEOs, including Deutsche Telekom and Telefonica, is calling on EU policymakers to enable SMEs to compete globally by compelling tech firms such as Netflix and Google to pay for network usage. “Future investments are under serious pressure, and regulatory action is needed to secure them”, the letter reads. In response, Daniel Friedlaender, Head of CCIA Europe, said that big telcos are “trying to fool Europe into providing them with extra cash” and “want to make European consumers pay a second time through network fees, coming on top of their subscription.”

Transatlantic ties

Open up. Ten digital industry organisations from eight Central Eastern European countries addressed an appeal on Thursday to the EU’s Presidency of the Council and other European leaders about strengthening the transatlantic cooperation in strategic areas. According to the statement, a market open to trade with, for example, the United States, Israel, and South Korea would result in more European investments, and so it would help local start-ups.

What else we’re reading this week:

Key Taiwan Tech Firms Helping Huawei With China Chip Plants (Bloomberg)

X has been losing daily active users since Musk takeover: CEO Linda Yaccarino (Mint)

Spotify boss urges UK to enact stricter regulation of tech gatekeepers (Financial Times)

[Edited by Alice Taylor]

Read more with EURACTIV



Leave a Reply

Your email address will not be published. Required fields are marked *