Bonjour ☕

And a happy 2025 ✨ I wish us all continued determination and curiosity as we navigate uncertainty (and La tech est politique will continue to try to bring clarity 😉).

This edition of La tech est politique explores the priorities of the Polish presidency of the EU and the hearings for the post of EDPS. I have broken down the Presidency's priorities to help you stay informed about the next six months and the handover to Denmark on 1 July. To keep things concise, I have set aside topics that are either indirectly related to digital issues (like foreign investments) or do not directly impact you (such as the CSAM regulation).

🔥 Given the Polish Presidency’s significance in digital policy, I am making this premium edition 💎 free so everyone can access it. Yet, supplementary resources remain exclusive to premium subscribers.

Reading time: 10 min (1,647 words)

Hot Potato, Beware: Poland at the Helm of European Digital Policy

On 1 January, Poland took over the EU Council Presidency with an ambitious digital agenda. This agenda will shape Europe's digital future, so let's unpack the stakes and challenges.

Why It Matters. This Presidency is a turning point for Europe's digital future, with several significant milestones on the horizon. Poland's strong support for unconditional aid to Ukraine and its national policy will likely influence sensitive EU dossiers. A key detail: Poland's president is from the opposition (not the governing coalition). His term, originally ending in May 2025, has been extended to August 2025 to avoid clashing with the EU Presidency responsibilities.

Background. As this author mentioned in December, security is the cornerstone of Poland's EU Presidency. This comes at a critical time for European digital policy, with many major legislations being implemented or revised and new initiatives in development.

What's on the Agenda. Now that the Presidency's programme is official, let's dive into its digital strategy. It focuses on four key themes: cybersecurity, AI and telecommunications, coherence and application of European legal obligations in the digital sphere, and digital diplomacy and disinformation.

1. Cybersecurity at the Forefront. Poland prioritises cybersecurity, citing estimates that it's "the most attacked European country" regarding cyber perils.

• The Cyber Blueprint 2.0 update. The Blueprint of 2017 is the European framework for major incident response and needs an overhaul. The Polish Presidency aims to finalise an updated version by June 2025, creating a unified model for responding to and reporting cyber incidents across the EU. Presumably, the model will concern the response to significant incidents and reporting of all cyber incidents.

• Two big pieces not to choke on are the implementation of NIS2, the Directive on the cybersecurity of critical infrastructures, and the entry into application of DORA for the financial sector. Regarding NIS2, the Directive has a critical April deadline for identifying subject organisations. Indeed, the 17 April deadline is fast approaching; this is the cutoff date for the constitution of lists of essential and important entities by each Member State, which must also communicate the number to the Commission. As for DORA, the regulation will apply... on 17 January. We can expect it to introduce new requirements for digital service providers, including cloud services.

2. AI and Telecommunications

• Aligning with the Commission's first 100 days commitments, the Polish Presidency will work on the AI factories. A discussion of its working document takes place as early as this week. The Presidency also wishes to develop dual-use AI systems (civil and military) and ensure the implementation of the AI Act and innovation investments in the field.

• The proposal for a regulation on telecommunications (the future Digital Networks Act) is also among the priorities. The Presidency plans to hold an initial orientation debate on this topic. (Note: This letter dated 4 November 2024 analysed the stakes of this future regulatory framework.) The timeline has also been revised: the initial declarations of the Polish Presidency suggested a regulation published "early 2025"; the 'reality check patrol' (that is, the Commission) called, and the proposal is now expected within the much more reasonable timeframe of end-2025.

3. Coherence and Application of EU Digital Laws

• Cybersecurity and health. Aligning with the Commission's first 100 days commitments, the Polish Presidency is taking a more holistic approach to tackling cybersecurity and the impact of digital on mental health, particularly for children and adolescents. On this latter point, the Presidency supports Commissioner Micallef, the Commission's youngest member and responsible for youth, in his agenda to mitigate the negative impact of social networks on young people's mental health.

• The Presidency will strive to reduce the administrative burden on businesses, particularly SMEs, especially about notification obligations. To this end, it promotes a single point of incident notification (including data breach notifications under the GDPR). Such a shift would involve creating an actual 'single window' (a major project in the works, which will not be finalised under the Polish Presidency).

• The Polish Presidency will also have to oversee and support the end of the GDPR reform process. The latter has been ongoing for months and should conclude in the first half 2025.

• The evaluation of the Cybersecurity Act paving the way for its possible overhaul. The Polish Presidency plans to finalise an evaluation report of the Cybersecurity Act (CyberAct for short), a 2019 regulation granting its mandate to ENISA, including the elaboration of EU cyber certification schemes. This report is set to pave the way for a CyberAct reform. The report covers a global evaluation of the regulation and ENISA's actions and follows a tortuous path: started in 2023, its adoption is expected in the second quarter of 2025.

4. Digital Diplomacy and Disinformation. Outside of space law and the FIDA framework, the initiatives are not legislative.

• The Presidency will work to strengthen the EU's role in external relations on the digital front. The discussions will cover, among other things, Internet management policies, including virtual worlds, and the promotion of an open, free, and secure Internet.

• The Polish Presidency considers disinformation a serious threat to democracy, stability, and the security of the EU. Thus, the fight against disinformation is a priority within and outside the Union. In this context, the Presidency will strengthen coordination in the fight against disinformation and information manipulation, including supporting the democratic resilience of candidate countries for EU accession against foreign interference.

• Space law and the FIDA framework. As this author narrated in the edition of 9 December 2024, two extra topics feature among the priorities of the Polish Presidency: the first EU rulebook on space and transparency of financial data (FIDA framework).

What Now? The coming months will be decisive, with key developments including:

• The cybersecurity action plan for health is to be announced on 15 January. This is not a regulatory announcement; instead, the expectation is to see the arrival of a dedicated funding mechanism (more or less aligned with NIS2 compliance).

• The April deadline for NIS2 implementation, with many Member States lagging.

• Initial discussions on European space law and the future of telecommunications.

• The evaluation report on the Cybersecurity Act.

On the Horizon: Who will be the next European Data Protection Supervisor?

The next European Data Protection Supervisor (EDPS) selection process is in its final stages, with four candidates being interviewed this week. This role ensures that EU institutions respect citizens’ privacy when processing personal data.

Why It Matters. The EDPS plays a crucial role in upholding data protection standards within EU institutions. One might smile at the recent embarrassment of the Commission, which the CJEU reprimanded for disrespecting the GDPR; the Commission is to pay damages to the German citizen having initiated the procedure.

The candidates. Among the four candidates in the running is the current Supervisor, Wojciech Wiewiórowski, seeking re-election. He is joined by:

• François Pellegrini, former member and vice-president of the French Data Protection Authority (CNIL);

• Bruno Gencarelli, an expert in data transfer issues and advisor to the former EU Justice Commissioner, Didier Reynders; and

• Anna Pouliou, head of CERN's Data Protection Commission and a lecturer in AI law at Maastricht University. She has emphasised her desire to bring a business perspective and her expertise in AI to this role while simplifying EU regulations.

The selection process. The Permanent Representatives of the Member States (Coreper 2) will interview the candidates on 15 January 2025, followed by an audition by the European Parliament's LIBE Committee the next day. The Council and the Parliament then proceed to a secret vote to establish a preference order among the candidates, followed by informal negotiations to reach a final decision.

What Counts is What Gets Counted

↓

Travel is Life

The Viennese have a unique relationship with death. They have developed the tradition of the 'beautiful corpse' (schöne Leich), characterised by lavish funerals and opulent graves. This tradition dates back to the time of Empress Maria Theresa. In addition to the grandeur, the Viennese approach death with a certain lightness; they sing about it and joke about it, treating it as something ordinary.

The Central Cemetery perfectly illustrates this unique relationship, having just celebrated its 150th anniversary on All Saints Day 2024. Spanning 240 hectares and home to 330,000 graves, it also houses a funeral museum that showcases Viennese mourning rituals. Notably, it features a renowned pastry café, the Kurkonditorei Oberlaa, underscoring this distinctive interplay between life and death. This relationship is so deeply ingrained in Viennese cultural identity that the city has become a popular destination for 'dark tourism'.