“The EU may, therefore, have an important role in providing targeted support to dual use, on the pathway from R&D to deployment, right through to market uptake or public procurement.”

-Draft White Paper on options for enhancing support for research and development involving technologies with dual-use potential

Story of the week: The European Commission will present three options for boosting R&D on dual-use technology, according to an early draft of a white paper seen by Euractiv. The intent is to break the silos between civilian research programmes like Horizon Europe and the military-focused European Defence Fund. The options entail increasing cross-fertilisation by maintaining the current legal setting unchanged, introducing the possibility for specific parts of the next Horizon Europe to work on defence-related matters, or creating a specific instrument for dual-use R&D. The white paper will be presented on 24 January as part of the Economic Security Package that will also include communication on economic security, a review of the Foreign Direct Investments Regulation, a white paper on export controls, a new initiative on outbound investments, and Council draft recommendations on research security. The juiciest part is set to be on export control, where the Commission is due to introduce cloud and Artificial Intelligence in the existing export controls regime, in what seems to be a reaction to the mapping of non-American cloud users that the US administration has kicked off following the Executive Order on AI. Euractiv understands that the Commission would not necessarily need to amend Annex I of the Export Control Regulation, as non-listed items could be subject to an authorisation regime at the national. In other words, the Commission could change the common assessment criteria, giving national authorities the power to decide whether cloud or AI technologies could be used for military purposes.

Don’t miss: France’s ‘influencer law’ is designed to target those from outside the European Union; therefore, aligning the law with EU rules will not be a problem, Stéphane Vojetta, the rapporteur of the law, told Euractiv. The European Commission sent a letter to the French government in August 2023, two months after its enactment, considering it contradicted some EU single market rules. “For now, the major issue stems from influencers who migrate to Dubai to evade taxes and, from there, engage in misleading, fraudulent, and illegal advertising concerning French and European laws,” Vojetta told Euractiv. As such, the French lawmaker believes adapting the new law to the Commission’s demand will be easy. Read more.

Also this week:

• Stakeholders do not see why they should sign the Commission’s cookie pledges.
• The EU might make a U-turn to include the private sector in the Council of Europe’s AI Convention.
• Gatekeepers’ rivals complain they are not being consulted on DMA compliance.
• The Belgian presidency shared (not so) new text on the Platform Workers Directive.
• The Council detailed in a series of case studies how EU countries implement the ePrivacy Derogation.

Before we start: If you just can’t get enough tech analysis, tune in on our weekly podcast.

Pledges without signatories? The EU Commission shared a revised version of the cookie pledges on Monday (15 January) with some aesthetic changes and included the EDPB’s opinion, giving the participants until 7 February to provide further comments. The private actors involved remain somewhat sceptical of the proposed principles, raising concerns around the fact all types of tracking are put in the same basket, even when they serve different purposes, the disintermediation risk for publishers in a scenario where user preferences are centralised at the web browser level and the limited involvement of advertisers in the discussion. Most importantly, stakeholders do not see any benefit in signing up, as pledges would not provide a presumption of compliance with existing rules like the GDPR, as is often the case with these voluntary initiatives. If possible, the new draft makes this even worse as the preamble states that “voluntary pledging to the below principles does not remove the need for a case-by-case assessment.”

EU’s U-turn on AI convention? Following the information note on the Council of Europe’s AI Convention negotiations, the EU might make a U-turn regarding keeping the private sector in the scope. In a Telecom Working Party meeting last Thursday, most member states stressed the need to reach a global agreement (i.e. including the United States). Hence, the Commission should not insist on including private companies. Such a limitation to the treaty’s scope would mean a significant setback for the Commission’s ambition to use the AI Convention to set the AI Act as the international benchmark. In addition, to align the treaty with EU regulations, the EU is pushing for the same national security and law enforcement exemptions. Limiting the first international treaty to public bodies, with the addition of these broad carveouts, would make it not worth the paper it is written on. The final decision is expected at the plenary meeting next week.

Dutch vision on gen AI. The Dutch government presented their vision on generative AI on Thursday, emphasising the urgency of acting while considering the technology’s opportunities and challenges. The vision also discusses millions of euros worth of investments by research institutions, private enterprises, and the government. The goal of the investments is to keep up with the developments in AI. “We are unwilling to leave the future socioeconomic security of the Netherlands exclusively in the hands of major tech companies,” said Minister for Digitalisation Alexandra van Huffelen.

Meanwhile, in Davos. To maintain online integrity in an election-heavy year around the world, tech leaders gathered in Davos debated on Tuesday evening the recent rise of AI and its implications for misleading campaigns and deceptive content in the poll run-up. At the same time, Microsoft’s CEO, Satya Nadella, defended its partnership with OpenAI. “If we want competition in AI against players who are vertically integrated, I think partnership is one avenue of, in fact, having competition,” Satya Nadella told Bloomberg in an interview in Davos. Read more.

EU supercomputers. The European Commission and the European High-Performance Computing Joint Undertaking opened their access to EU supercomputers to speed up AI development, as well as to SMEs, as part of the EU AI Start-Up Initiative, it was announced on Tuesday.

OpenAI-Pentagon collab. OpenAI and the Pentagon are working together on several projects touching upon cybersecurity as well, which goes against the startup’s previous ban on providing AI to militaries.

IMF Staff Discussion Note. The International Monetary Fund published a Staff Discussion Note about generative AI on Sunday, mentioning, among other things, some consistent patterns in the topic, such as women and college-educated individuals being more exposed to AI but are also better equipped to reap its benefits.

LLM customisation. Standford University’s Human-Centered Artificial Intelligence pointed out, in a study dated January 2024, the safety risks coming from customising foundation models via fine-tuning. The document’s key takeaways include that large language model (LLM) developers increasingly allow users to customise the pertained models via fine-tuning and that even though mitigation strategies are also increasing, no current one can guarantee to prevent harmful model customisation.

GenAI consultation. The UK’s Information Commissioner’s Office published its consultation on Monday about how data protection law should apply to developing and using generative AI models. ICO pointed out that an appropriate legal basis for training these systems was among the questions that emerged via its engagement with innovators. The consultation is open until 1 March.

Commission to step into the vacuum. Amazon’s merger with iRobot, the company making smart vacuums, is expected to be blocked by the EU antitrust regulator due to harming the competition in the vacuum market, according to Bloomberg. However, the decision is not final yet, as formal approval is yet to come by February 14.

Intel set to win? Advocate General Laila Medina sided with Intel on Thursday in its ongoing legal fight with the EU about an antitrust fine of €1.06 billion, which was record-high when it was given. According to the court advisor, flipping the win in the lower court would not work as it did not indicate that Intel abused its dominance in the PC chips market.

Net neutrality and competition. During the plenary sessions on Tuesday, the competition policy reports were adopted, including the amendment, which adds that “attracting investment and securing telecom infrastructure and innovation” should be achieved without compromising net neutrality.

Music streaming resolution adopted. The European Parliament asked for rules concerning the music streaming sector, making sure it is fair and sustainable and promotes cultural diversity. MEPs want the imbalance in revenue allocation from the music-streaming market to be addressed in the adopted resolution due to the low compensation for artists.

Military cybersecurity. On Wednesday at the National Assembly, two French MPs presented their military cybersecurity recommendations to their colleagues, building on the French position on procurement, cloud, and resource sovereignty. Read more.

Brussels Summit. The Belgian presidency organised its Cybersecurity Summit on Thursday and Friday. While the Commission called for the swift implementation of NIS2, in informal talks, national officials and CSIRT experts complained about the implementation time and continuous piling up of new rules at the EU level, making clear a few countries will be late in the transposition. Moreover, IMEC presented data showing that while AI systems for intrusion detection have an almost perfect accuracy rate in the lab, in the real world the accuracy drops at 15%.

Bleu introduced. Capgemini and Orange announced their joint future “cloud de confiance” platform called Bleu on Monday. Bleu is currently engaging with selected French public and private organisations, preparing for the migration. The first services will go live at the end of 2024.

Bracing for the EDPS race. By November, the EU Council and Parliament will have to agree on the new European Data Protection Supervisor based on a shortlist provided by the Commission. The incumbent, Wojciech Wiewiórowski, is running again and is currently the strongest candidate, as he can count on a favourable change of government in Poland. The only other confirmed candidate is the Bulgarian Ventsislav Karadjov, who runs for every post at the EU level. Someone from CNIL is also said to join the race.

GDPR enforcement. Justice Commissioner Didier Reynders told POLITICO on Wednesday that central European-level enforcement of the EU’s General Data Protection Regulation (GDPR), similar to the Digital Services Act and the Digital Markets Act, might be expected.

Eleven countries are still fit to handle EU personal data. The Commission decided on Monday to renew the adequation decisions of 11 countries before the GDPR, considering they continue to benefit from adequate data protection safeguards. Therefore, EU personal data can be sent to these countries “without additional requirements, ” supporting personal data commercial agreements between the block and these countries. Andorra, Argentina, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay are on the list. Canada’s allowance only concerns commercial operators.

€10 million in cookies. French watchdog CNIL made public on Thursday that it issued a €10 million fine at the end of December against Yahoo for violations of the ePrivacy Directive. When using Yahoo!, 20 advertising cookies would still gather data even though a user would not consent. Moreover, when a user withdrew consent from cookie data gathering on Yahoo! Mail, the company used phrases to refrain from users’ choices.

DPO report. On Wednesday, the European Data Protection Board published its report on the Designation and Position of Data Protection Officers (DPOs). The survey’s results emphasise “the need to strengthen the role and recognition of DPOs – and the need to continue promoting the importance of the DPO’s role”.

TTC summit scheduled. The next EU-US Trade and Technology Summit has been confirmed on 30 January. It will not be a full ministerial, in the sense that there will not be a joint statement at the end since the idea is to progress on what has been previously announced to prepare the groundwork for the last summit in April. Progress is expected in the AI roadmap, standard-setting on quantum computing, digital ID and 3D printing, information-sharing on semiconductor subsidies, a common research agenda on 6G, and data access for researchers.

Germany and Japan in digital dialogue. On Tuesday, Germany’s digital minister, Volker Wissing, met with his Japanese counterpart, Taro Kono, for a bilateral exchange. Topics of discussion included an adequate regulatory framework for AI and the metaverse, ensuring free data flows by reducing bureaucracy, and the upcoming G7 summit scheduled for the end of April.

Big tech rivals not satisfied. With 50 days to the compliance of the Digital Markets Act’s deadline of 6 March, several rival companies are ringing the alarm bells concerning the gatekeepers’ ‘lack of effective engagement’, asking them to initiate a constructive dialogue with business users and consumer organisations. Read more.

Keeping it linked – or not. Google will now offer European users the choice of whether they want to keep Google services linked, including Search, YouTube, Ad services, Google Play, Chrome, Google Shopping, and Google Maps”. The user choices will take effect on 7 March.

DMA implementation report. The Centre on Regulation in Europe (CERRE) shared a publication on Wednesday about the substantive and procedural principles of implementing the DMA.

Rushing into X? According to an EU official, the Commission’s probe against X was rushed under political pressure from Thierry Breton, who wanted to show his muscles ahead of the European elections. Important parts of the DSA are still to be fully defined, and a hasty start risks putting the EU executive in the position of building a weak case, especially since it will have to prove in court breaches such as inadequate content moderation or risk mitigation measures, for which there is still no case law.

Preparing for elections. The members of the EU Code of Practice on Disinformation are setting up a sort of rapid response mechanism that should provide a structure for information sharing about their risk mitigation measures throughout the electoral process. However, very large online platforms are somewhat limited in what they can share because any piece of information could be used against them to prove non-compliance with the DSA. Another perverse effect of the DSA is that, since the Commission can now request internal documents, tech companies are interested in not launching internal investigations – at least not until the compliance team asks for it. Meanwhile, the Code’s practitioners have set up a subgroup on generative AI that has quickly become the largest one, where stakeholders share the risks of these systems and their potential, for instance, in flagging suspicious content to fact-checkers.

Recruiting at full speed. The Commission has opened 40 job opportunities in the DSA team. Four profiles are required: legal officer, data scientist or technology specialist, policy specialist, and operations specialist.

I need more information. On Thursday, the Commission sent out requests for information to 17 of the 22 systemic platforms under the DSA. They are now expected to provide information on the measures taken to comply with the DSA by 9 February 2024.

Czechs not ready. Less than a month before the deadline to set up a Digital Services Coordinator, the Czech Telecommunications Office still needs staff and the necessary legislation to ensure it fulfils its tasks. Although the department is supposed to have 18 staff to deal with this agenda, the CTU says it only has four. Read more.

Back at work. After a failed attempt at getting the platform work directive over the line, the file is back on the negotiations table. The Belgium presidency circulated a new text, almost identical to the provisional agreement found in interinstitutional negotiations – ‘trilogues’ – back in mid-December, bar tweaks to the wording of the legal presumption of employment’s criteria. At a Working Party meeting on Tuesday, national delegates noted “significant changes” to the employment status chapter, through “the legal presumption remains the main point of contention”. The Belgian presidency will share a new text ahead of an ambassadors’ meeting on 24 January.

Atos continues top reorganisation. Atos publicised on Monday that it would not meet its Q2 2023 cash flow targets and proceeded to various changes in the top managing team. Paul Saleh, current CFO, became CEO, while a new CFO and several new directors were appointed. Saleh’s main task will be to refinance Atos’s financial debts, also through the sale of its Tech Foundation line of operations to Czech-owned EP Equity Investment (EPEI), for which the Commission gave a green light last month.

Commission priorities. On Tuesday, the EU’s top digital policy bureaucrat, Roberto Viola, presented the Commission’s priority for the next six months, focusing on finalising the AI Act and concluding the interinstitutional agreement on the Gigabit Infrastructure Act. The Commission intends to issue an innovation package by the end of January. It will issue a white paper on policy options for future telecom legislation by the end of February. Viola said the EU should make rapid progress in innovation if it is not to lose its lead and pushed countries to maintain a single market approach.

EPP manifesto. A draft electoral manifesto of the European People’s Party (EPP), dated 12 January and seen by Euractiv, suggests cutting down on “EU bureaucracy” in crucial policy areas such as tech, stating “we want to enable, develop, and utilise AI, not contain it or hinder it”. The document also talks about protecting offline and online citizens, storing IP addresses for all the most severe criminal offences, and making cyberbullying a criminal offence. The party thinks a European cyber brigade with clear external and internal security responsibilities is needed.

CSAM case studies. An internal Council document, seen by Euractiv, illustrated how EU countries are implementing the temporary regulation aiming to prevent online child sexual abuse material, detailing how the bill is already being used to catch suspected content. Read more.

Interim regulation update. According to a draft report about the interim regulation of the CSAM draft law by the EU Parliament’s Committee on Civil Liberties, dated Wednesday and seen by Euractiv, the interim regulation’s timeline could change again and expire on 3 May 2025, anticipating it from the original 3 August 2026. Based on the amendments, number-independent interpersonal communications service providers will have to publish and submit reports to the competent supervisory authority of the Commission.

EMFA COREPER adoption. EU ambassadors adopted the European Media Freedom Act with the sole opposition of Hungary. France and Italy made declarations concerning national security and criminal investigations. The Commission issued a written declaration to clarify that media law does not aim to harmonise key concepts of criminal procedure or define competent national authorities.

Macron’s screen time crusade. During a Tuesday press conference at the Élysée Palace, French President Emmanuel Macron proposed new rules for decreasing youth screen time to prevent spreading conspiracy theories online. The French President announced that the government will decide on potential “prohibitions” and “restrictions” for underage people based on a commission of experts’ report that will be delivered in March. Read more.

Virtual worlds vote. During Wednesday’s plenary session, MEPs voted on the virtual worlds report of the Legal Affairs Committee, addressing its legal and policy implications, with the final version being adopted in a single vote. MEPs want the EU to lead in shaping virtual worlds while respecting EU values and applying existing laws.

DNA as per Chips Act. On Monday, Internal Market Commissioner Breton explained during a tour in Paris that the upcoming Digital Networks Act will follow the same structure as the Chips Act. “Examine how [the Chips Act] is structured, and I believe we can redeploy it exactly as it is,” Breton explained. He continued explaining that telecom deregulation or fair share debates are in the past, while Europe should set a vision for the future.

• Quantum Computers Could Transform Financial Markets, Says BOE (Bloomberg)
• Google DeepMind’s new AI system can solve complex geometry problems (MIT Technology Review)
• Spotify attacks Apple’s ‘outrageous’ 27% commission (BBC)

Alina Clasen and Théophane Hartmann contributed to the reporting.
[Edited by Alice Taylor]

Thanks for reading. Be sure to spread the word and come and say hello on X.