Mapping the European Union’s Digital Agenda for 2022 | IIEA
The Institute of International & European Affairs
Hit enter to search or ESC to close

Mapping the European Union’s Digital Agenda for 2022

The European Digital Agenda for 2022

After two years of landmark digital policy proposals by the European Commission, 2022 will be a crucial year for the EU’s digital policy agenda. Finalised agreements are expected on important aspects of the Commission’s digital policy agenda, including the Digital Markets Act (DMA), Digital Services Act (DSA) and the Data Governance Acts (DGA). New proposals for 2022 are also expected which will include a Data Act (DA) proposal and a new Cyber Resilience Act (CRA). This blog sets out some of the main digital policy developments that can be expected in 2022 and reflects on the implications that they may have for Ireland. The digital policies being developed at the European level will be of particular significance for Ireland, given the vital role played by the digital and ICT sectors in Ireland’s economy and society.

Digital Markets Act

The Digital Markets Act (DMA) is designed to better regulate the very large online platforms that the European Commission deems to be systemically important and which it dubs “gatekeepers”, such as the likes of Amazon, Apple, Facebook and Google. This Act contains a variety of measures designed to promote competition and to prevent very large technology companies from dominating the market.

Under the DMA, some of the provisions and proposed rules for these gatekeepers aim to:

  • Ensure certain levels of interoperability with the services of third parties;
  • Provide tools to allow businesses that advertise on their platforms to independently assess the value and impact of advertising;
  • Allow business users to access any data that they generate on gatekeeper platforms;
  • Allow business users to offer their goods and services on competing platforms and to negotiate different terms, including as regards pricing.

Under the DMA, gatekeepers will be prohibited from providing preferential treatment for their own products over those of competitors and from preventing users from un-installing pre-installed apps if they wish to do so.

The DMA is currently going through trilogue negotiations between the European Commission, Parliament and Council. Points of disagreement include the exact allocation of responsibilities between the Commission and the Member States when it comes to enforcement of the Act, the scope of the interoperability requirements in the DMA, and the exact methodology by which gatekeepers are identified. Lawmakers in Brussels are hoping that agreement on the DMA will be reached by late March or April.

Digital Services Act

The Digital Services Act (DSA) aims to make the online environment safer and more transparent. Proposed obligations affecting online platforms and online intermediary services include the introduction of:

  • Clearer measures regarding how illegal online content and illegal online sales can be reported by users;
  • Due diligence obligations for online platforms to take action to counter illegal content and illegal sales;
  • Clearer measures on how online content removal can be contested by users whose content has been removed;
  • Measures to promote greater transparency regarding how and why users are shown particular advertisements;
  • Regular risk assessments for larger platforms;
  • Greater autonomy for users to opt-out of being profiled for the promulgation of targeted, personalised content.

The DSA is currently going through trilogue negotiations between the European Commission, Parliament and Council and agreement might be reached as early as June 2022.  Debate continues regarding the precise allocation of enforcement responsibilities between the EU and the Member States, on the scope of measures relating to targeted advertising, and on the degree to which the DSA should also apply to content that is harmful but legal.
 

Directive on Security of Network and Information Systems II

The European Commission introduced a proposal for a revised directive on the Security of Network and Information Systems (NIS 2) in December 2020. The proposal expands the range of sectors that are deemed to be of critical importance for society under the initial iteration of the directive through the addition of sectors such as telecommunications, pharmaceutical manufacturing, waste management, and data centre services, and by strengthening the cybersecurity requirements for both large and medium sized businesses within these sectors as well as in relevant public bodies. This includes the introduction of new requirements for companies to assess cybersecurity risks in supply chains. The European Parliament adopted a common position on the NIS 2 in October 2021 and the Council adopted a position in December 2021. The proposal is now going through trilogue negotiations.  
 

Artificial Intelligence Act

The EU Commission released its long-awaited  proposal for a draft regulation to harmonise rules on Artificial Intelligence on 21 April 2021.

For AI that is considered to be “low-risk”, there will be few or no new regulations, although a voluntary code of standards will be established, and compliant AI systems will be recognised via a certification scheme. The definition of “high-risk” AI is based on AI applications that may pose a significant risk to health, safety or fundamental rights. For “high-risk” AI, the proposal includes obligations relating to:

  • The quality, representativeness and suitability of datasets;
  • Record keeping of the AI system’s functioning throughout its lifecycle;
  • Transparency and interpretability regarding how an AI system operates;
  • Human oversight of AI systems;
  • The accuracy, robustness and security of AI systems.

Developers of high-risk AI must put in place quality management and risk assessment systems for the entire lifecycle of an AI application. “High-risk” AI applications must undergo a conformity assessment before being placed on the market and again each time the application is deemed to have been “substantially modified.” Furthermore, certain types of technologies will be restricted or prohibited – including  the use of remote biometric identification  by legal enforcement and social scoring technologies. The AI Act proposal is still being separately debated in the European Council and European Parliament and has not yet entered trilogue negotiations. A final agreement on the AI Act is not expected before 2023. In particular, there is likely to be ongoing discussions regarding the scope of what constitutes “high-risk AI”, the use of remote biometric identification technologies, and the role of human oversight.
 

 Digital Identity Proposal

The European Commission proposed a framework for a coordinated Digital Identity system in June 2021. This system would enable citizens to verify their identity electronically and is intended to allow citizens to interact with public services across different EU Member States more easily. This Digital Identity would be designed to allow such things as academic qualifications, bank details, and driving licenses to be verified, and to simplify processes such as renting or opening a bank account in another EU Member State. Progress on the proposal has stalled however, with 14 EU Member States raising concerns about how the proposed system would ensure interoperability. There are also concerns that the proposed framework could already be at least partly obsolete by the time of its introduction.
 

Chips Act and Chips toolbox

In February 2022, the European Commission released a proposal for a Chips Act, and a recommendation for a Joint European Chips toolbox. Following major disruption in the European economy due to a shortage of semiconductors (i.e. chips), these measures are designed to boost chip production in the EU and safeguard the EU’s semiconductor supplies. This is important as chips are essential for the production of diverse categories of products, ranging from mobile phones to cars and healthcare devices. These initiatives seek to harness funds from the EU, the Member States, third countries, and the private sector to support research, development, innovation and production capacity. A coordination mechanism will also be established to monitor Europe’s strategic dependencies on semiconductors, to identify weaknesses in the supply chain, and to pre-empt possible shortages.  
 

Data Act and Data Governance Acts

The Data Act (DA) proposal was presented on the 23 February 2022. The DA aims to promote data sharing by providing rights of access to co-generated data, and by providing measures designed to ensure interoperability and to enable ‘cloud switching’ between different cloud service providers. The DA proposal will also include rules regarding contract terms on access to data, with a particular focus on protecting SMEs from unfair contract terms. The DA proposal also seeks to ensure that public institutions have the power to request access to data that is considered essential to respond to public emergencies, such as terrorist attacks or natural disasters. The DA proposal followed the proposal for a Data Governance Act (DGA) which was presented by the Commission in November 2020. The DGA aims to promote data sharing by addressing legal concerns relating to data sharing and by providing strict rules to promote trust in “data intermediaries” which enable data sharing to take place. A provisional agreement between the European Council, Commission and Parliament was reached in December 2021 and finalised approval of the DGA is expected by the end of March 2022.
 

EU-US Trade and Technology Council

The EU-US Trade and Technology Council first met in September 2021. It aims to promote EU-US cooperation in the realm of trade and technology policy. In particular, the Council is focused on joint EU-US cooperation to set technology standards and to promote cooperation in areas such as AI, semiconductor production, cybersecurity, and data governance. It is composed of ten working groups with each focused on a particular topic, such as technology standards, secure supply chains and climate and clean tech. The Council is co-chaired by the European Commission Executive Vice President Margrethe Vestager, European Commission Executive Vice President Valdis Dombrovskis, US Secretary of State Antony Blinken, US Secretary of Commerce Gina Raimondo and US Trade Representative Katherine Tai.  The Council is expected to meet again on 15 May 2022 in France.   
 

Transatlantic Data Flow agreement

A proposal for a new transatlantic data flow agreement is also expected to be proposed by the Commission in 2022, to replace the Privacy Shield agreement that was invalidated by the Court of Justice of the European Union in 2020. This agreement was intended to ensure that the transfer of personal data of European citizens to the US is always done in a manner that is compliant with EU data protection law. The invalidation of the Privacy Shield agreement caused disruptive uncertainty for many businesses operating in Europe. A proposal to replace the Privacy Shield framework might coincide with the next meeting of the aforementioned EU-US Trade and Technology Council. While the US is impatient to achieve an agreement, EU officials are wary of agreeing to anything that could be invalidated (for a third time) by European Courts.  
 

Regulation on the Dissemination of Terrorist Content Online

A proposal on preventing the dissemination of terrorist content online was approved by the EU institutions in June 2021 and will now come into force in June 2022. This new law will include requirements for online hosting service providers to establish policies to prevent the dissemination of terrorist content and to conduct annual transparency reports on actions they have taken to remove such content from their platforms. It will also oblige online platforms to remove terrorist content within one hour of receiving a removal order from the national competent authority in any Member State. This has provoked concern from rights groups who fear that automated content moderation tools could lead to the widespread removal of legitimate content.
 

Cyber Resilience Act

The Commission is expected to propose a Cyber Resilience Act (CRA) in Q3 2022. This Act will aim to establish minimum cybersecurity standards for the increasingly diverse range of  devices that are becoming connected to the internet as part of the Internet of Things (IoT).
 

Digital Skills Initiatives

As part of the EU’s Digital Compass targets and the EU’s Digital Education Action plan, the EU aims to promote digital skills in the hope of ensuring that, by 2030, at least 80% of the EU population will have basic digital skills and that there will be over 20 million ICT specialists within the bloc. A Recommendation on improving the provision of digital skills in education and training and a Recommendation on the enabling factors for digital education are both expected in Q3 2022.

 

European Media Freedom Act

A Commission proposal for a European Media Freedom Act is expected in Q3 2022. While the proposal will address the subject of media freedom in general, it is also expected to address the ongoing threats posed to traditional forms of media outlets by the processes of digitalisation.
 

Initiative on the Right to Repair

It is expected that the European Commission will bring forward a legislative proposal on the right to repair in Q3 2022. The initiative is part of the Commission’s efforts to promote the circular economy under the European Green Deal. Electronic products are likely to be one of the categories that this initiative focuses on to address concerns regarding planned obsolescence and product deterioration.

 

A Joint Cyber Unit

The establishment of a Joint Cyber Unit for the EU began in 2021 as part of the EU’s Cybersecurity strategy. The purpose of the Joint Cyber Unit will be to increase cybersecurity cooperation between EU Member States, as well as between the Member States and the EU Agencies and Institutions. It is envisaged that this Joint Cyber Unit will be operational before the end of December 2022, with the establishment of EU Rapid Reaction Teams which can assist EU Member States in the event of any cybersecurity crisis.

 

An initiative to extend the list of ‘EU crimes' to include hate speech and hate crime

The European Commission proposed an initiative on “extending the list of EU crimes to hate speech and hate crime” in December 2021. While the initiative is not solely digital, the portions of the initiative that covers hate speech primarily focus on online content. The initiative must be approved by the European Council and Parliament before the Commission can develop a proposal for a directive on establishing “minimum rules on the definitions and sanctions of hate speech and hate crime to be adopted by the European Parliament and the Council.” There is not currently an expected time frame for this proposal to emerge.

 

Conclusion

The EU’s digital agenda for 2022 covers a diverse array of subjects, ranging from competition in digital markets to measures relating to cybersecurity. A key challenge here for both Ireland and Europe relates to the need to strike a balance between facilitating digital innovation while protecting European values and citizen’s rights.

The policies emerging from Europe’s digital agenda for 2022 may also have important consequences for Europe’s place in the world and its international partnerships. Some European policy proposals, such as the Digital Markets Act (DMA), may have major consequences for foreign multinational giants. The proposed EU Chips Act and Data Act (DA) may significantly affect how Europe interacts with its international partners. For Ireland, the international implications of the EU’s digital agenda will be critical given that two of Ireland’s largest trading partners – the US and UK – are not EU Member States and that many of Ireland’s largest ICT investors originate from outside the EU.

Furthermore, Ireland’s experience of cyberattacks on the national healthcare system in May 2021 has demonstrated the relevance of cybersecurity for Irish society and has only heightened the need for joined-up thinking in the EU when it comes to this crucial area of public policy. Given all the above, it is clear that Europe’s digital agenda will be of great significance for the future of Ireland’s economy and society. To promote Irish interests and values, it is vital that Ireland should play an active role in influencing Europe’s digital agenda throughout 2022