πŸ‘“November 2024's European Digital Policy Roundup

Author

Rayna Stamboliyska
November 29, 2024 β€’ Temps de lecture : 8 minutes

Hi there β˜•

Welcome to your complimentary edition of La tech est politique, highlighting November 2024's notable developments in European tech policy.

We look more closely at:

  • the run-up to the new Commission;

  • personal data developments that matter for businesses;

  • the Cyber Resilience Act;

  • Apple and Google give some breathing space to others;

  • general purpose AI model and AI factories.

Reading time: 6 minutes (1,084 words)

Image by absurd.design

What Happened in November?

The new European Commission was formally confirmed this month. European regulators continue to refine their strategies toward tech giants while cybersecurity and artificial intelligence initiatives take shape.

A New Commission at Last

After weeks of responding to MEPs' written questions and nearly 80 cumulative hours of Parliamentary hearings, the College of Commissioners-designate was approved in plenary on 27 November. The new European Commission will officially take office on 1 December. You can revisit the tech priorities for the first 100 days.

πŸ’Ž La tech est politique tracked the Commissioners' commitments and attended the hearings. Premium subscribers thus receive actionable intelligence through the political process.

The final phase of this confirmation was marked by deep rifts between three of the most influential parliamentary groups. The confirmation vote reflected this discord: only 370 "in favour" (and 282 "against"), complete with divisions within certain parliamentary groups. This observation matters as it highlights weakened Parliamentary support for the new Commission. Such noteworthy volatility risks complicating future work between co-legislators.

Personal Data in the Spotlight: Developments that Matter

In response to European authorities' criticism, Meta is revamping its "pay or consent" model by introducing a third free option based on contextual advertising. The company is also slashing the price of its tracking-free subscription by 40 per cent.

The EDPB has published its assessment of the DPF, the Privacy Shield's successor. The DPF (Data Privacy Framework) governs personal data transfers between the EU and the US. This initial review proves positive, with European data protection authorities welcoming "significant improvements" whilst maintaining vigilance on certain aspects. The EDPB also backs the Commission's wish to conduct the next review of the DPF's effectiveness within a maximum of three years.

Liability (including legal liability) of Software Publishers and IoT Manufacturers Coming into Effect

The Cyber Resilience Act and the updated Product Liability Directive were published in the EU Official Journal on 20 November. They will come into effect on 10 December 2024.

πŸ’Ž La tech est politique monitors these two texts because they significantly impact publishers/manufacturers and customers.

The Cyber Resilience Act (CRA) aims to improve the cybersecurity of all connected products and services. The regulation introduces broad security requirements, from security-by-design to vulnerability reporting. The CRA will apply to all products with digital elements in the European single market. The CRA obligations will start to apply according to a gradual timeline: designation of notifying authorities by June 2026, vulnerability reporting from September 2026, and full implementation in December 2027.

The Product Liability Directive underwent a long-overdue modernisation to align it with the digital age and the circular economy. It will be easier for consumers to get compensation for damage caused by faulty products, including software, AI systems and refurbished products. The new rules lighten the burden of proof for victims in complex cases while maintaining a balance with the interests of businesses. The transposition period is 24 months ahead.

Competition Corner

November has been rich in competition-related developments. I have selected those concerning Apple and Google, among all developments.

Apple and the DMA. Apple has updated its Digital Markets Act (DMA) compliance report for iPadOS, incorporating previously announced reforms. The company has "entered into dialogue with the Commission" regarding alternative payment systems to the App Store, which is at the heart of a non-compliance investigation. Apple plans to allow App Store removal in a future update.

Meanwhile, the Commission has closed its antitrust investigation into Apple in the e-books and audio sector. Apple had been accused of penalising competing e-book app developers, particularly by preventing them from informing users about alternative ways to access their products. Apple had been fined €1.84 billion in March.

DuckDuckGo vs. Google. The privacy-focused search engine DuckDuckGo has filed a complaint against Google for DMA non-compliance, accusing the tech giant of making it overly complex to change the default browser and poorly sharing "rare" search data.

Double Push for European AI: Regulation and Infrastructure

The Code of Practice for General Purpose AI (GPAI) has been published. This initial draft proposes 22 measures to govern these technologies, with particular attention to systemic risks and a taxonomy of these risks aimed at identifying relevant models. The code is meant to help GPAI providers implement the AI Act. See the recap on priority areas and the constitution of the expert group drafting the code.

European AI industrial policy is taking shape. The Commission has received seven proposals from Member States, individually or in partnership. These countries have put themselves forward to host European "AI factories". These infrastructures aim to support artificial intelligence development within the Union. As mentioned in our October edition, these "AI factories" are among the priorities for the Commission's first 100 days.

πŸ’ŽUnlock Premium Insights: Stay Ahead in EU Tech Policy

Our premium πŸ’Ž subscribers have already gained exclusive access to:

  • An analysis of innovation funding strategies at the European level (including resources on how to benefit from them);

  • Breakdowns of how the upcoming telecoms reform and future consumer protection regulation will change the landscape;

  • A special report tracking and analysing Commissioners' digital commitments for 2024-2029;

  • A Resilience Brief featuring ten practical actions local authorities can implement today to protect themselves.

🎁 Limited Time Offer: 20% off Annual Subscription

Become Europe-proof now: secure your strategic advantage before 30 November: don't miss out on the insights shaping the future of tech in Europe! πŸ‘‡

As an entrepreneur, staying informed about the ever-changing regulatory landscape is crucial.

La tech est politique simplifies the complex European regulatory ecosystem and lets you focus on growing your business while we keep you informed.

πŸ‘‰ Free subscribers receive a concise monthly summary (like this one) and cannot access the premium πŸ’Ž resources (analyses, themed features, legislators' agenda, etc.).

πŸ™ Thank you for reading this edition of La tech est politique!

If you have any comments or questions about this edition, please feel free to get in touch.

🌞 If you enjoyed this edition, please share it with your colleagues. Let's help spread a solid understanding of Digital Europe and what it means for innovation.

See you in a month!

πŸ’Œ Questions, comments or secrets to share? Contact me: [email protected]