The EU’s ambitious digital policies face a moment of truth in 2022. “Digital is the make or break issue,” the European Commission President Ursula von der Leyen said in her 2021 State of the Union speech. The continent’s digital agenda is packed:
Landmark platform regulation is approaching the finishing line. The European data strategy is taking its first steps. Intense policy discussions are occurring about an Artificial Intelligence rulebook. Brand new rules will be unveiled for the gig economy, along with initiatives on cybersecurity and semiconductor.
Here is what you need to know to make sense of all the noise.
In December 2020, the Commission presented the Digital Markets Act (DMA) and Digital Services Act (DSA), sister proposals to regulate digital platforms. Few expected that the European Parliament and Council would approve such complex legislation in just one year.
Yet the finish line is near.
EU governments adopted both files in November. Lawmakers finalized their position on the DMA in December, and the DSA is expected to follow in January. France will negotiate the files during its six-month EU Council presidency and wants to reach an agreement before its presidential elections in April.
For French President Emmanuel Macron, success in shepherding two key EU tech laws would be a strong campaign weapon. This leaves only two months to reach an agreement. If one had to place a bet, a deal on the DMA looks more likely to be finished, because the regulation targets a small number of Big Tech giants. The DSA is broad legislation that impacts almost all Internet platforms. It could end up on the desk of the Czech EU Presidency that starts in June.
Data Governance, Data Sharing, Data Protection
The recently adopted Data Governance Act is due to enter into force at the start of the year and will have to live up to its ambition to establish a ‘Schengen of data’. The rules aim to provide favorable conditions for businesses to share their data with data marketplaces, but the scheme’s success will depend on the industry uptake.
The Data Governance Act was only the first legislative milestone of the European Data Strategy. The second and more delicate step will be the Data Act. Its adoption was delayed to February 23 after failing an internal European Commission review. The data law will touch upon sensitive issues such as data-sharing obligations, data monetization, and data access for public bodies.
Discussions around GDPR, the EU’s privacy law, might heat up. Pressure is on the Irish data protection authority to take decisive action on Big Tech. The European Data Protection Supervisor is organizing a conference in June to reassess the state of GDPR enforcement.
Negotiations on a new Privacy Shield with the United States are bogged down: the two sides must find a legal expedient that can withstand European judicial review.
Since the European Commission presented the draft Artificial Intelligence Act last April, legislative progress has been sluggish.
The AI file is technical. Policymakers have had a hard time understanding the implications of the legal provisions. It intersects with various other EU laws, from data protection to product safety via law enforcement.
The Slovenian presidency provided only a limited rewrite of the proposal. While regulating AI may seem sexy, Paris is primarily looking for quick wins, and this regulation is unlikely to provide one.
On December 9, the European Commission presented a long-awaited draft directive to regulate the gig economy. If adopted, online platforms would become employers for as many as 4.1 million drivers and delivery workers.
The proposal would introduce harmonized rules to what has been a Wild West of conflicting judicial decisions across Europe. Parliament looks ready to offer strong support. MEPs adopted a similar resolution in September. Key EU countries also support. Belgium, Spain, Portugal, Germany, and Italy signed an open letter of support.
Recent disruptions in major infrastructures on the EU’s Eastern border have made cybersecurity a top concern. The Network and Information Security Directive, NIS2, is being negotiated. It aims to update and strengthen the original NIS director which establishes minimum cybersecurity requirements for businesses and organizations.
A new Cyber Resilience Act is expected by the third quarter of 2022. It will establish minimum cybersecurity standards for connected devices.
While European policymakers agree more cybersecurity is a priority, national governments fear an erosion of their powers of national security — making it difficult to achieve agreement on tough rules.
The global chip shortage has put semiconductors at the center of the European Commission’s drive toward strategic autonomy. These small but essential components for electronic devices provide perhaps the ultimate example of the risk related to external dependencies. A European Chips Act is planned to be proposed during the second quarter of 2022. It is expected to focus on capacity building, research, and international partnerships.
Luca Bertuzzi edits Euractiv’s Media and Digital Section.
This article was originally published by EURACTIV. EURACTIV is an independent pan-European media network specialized in EU affairs including government, business, and civil society.