The European Digital Agenda in 2023 | IIEA
The Institute of International & European Affairs
Hit enter to search or ESC to close

The European Digital Agenda in 2023

2023 represents a turning point in the European Union’s digital agenda. Many flagship pieces of European legislation such as the Digital Markets Act (DMA) and Digital Services Act (DSA) have now been finalised, and their provisions will now gradually begin to apply across all EU Member States on a phased basis. Other legislation such as the Artificial Intelligence (AI) Act, have gone through a significant portion of the legislative process but are likely to be subjected to significant amounts of further debate and amendment. Meanwhile, new initiatives have also emerged this year, such the Cyber Solidarity Act (CSA). This blog sets out some of the main developments so far in 2023 and the state of play of several EU policy proposals in the field of digital policy. To read previous IIEA’s European Digital Agenda blogs, see here for 2021 and here for 2022.


Digital Markets Act

The Digital Markets Act (DMA) is designed to promote competition in the digital economy, and to prevent what the European Commission terms “gatekeepers”, which have a central or dominant position in the digital economy, from misusing their position of dominance (this category is expected include companies such as Meta, Alphabet, Amazon and Microsoft).

The DMA entered into force in November 2022 and became applicable on 02 May 2023. The process of finalising the confirmed list of “gatekeepers” will be completed by 06 September 2023 and as of July 2023 seven companies have thus far reported themselves as meeting the thresholds to qualify as gatekeepers. Once the list of gatekeepers is finalised , the gatekeepers will have a further six months, until 6 March 2024, before they must comply with the obligations of the DMA.

Under the DMA some of the rules for gatekeeper companies will include:

  • Ensuring interoperability with the services of third parties in a variety of cases;
  • Providing tools for business customers to independently establish the efficacy of advertising on gatekeeper platforms;
  • Allowing business users to access any data that they generate on gatekeeper platforms;
  • Preventing gatekeepers from restricting their business customers’ ability  to offer their goods and services on competing platforms and on different terms;
  • Prohibiting ‘self-preferencing’ behaviours under which gatekeeper platforms are biased in favour of their own products or services and;
  • Prohibiting gatekeepers from restricting end users from un-installing apps that come pre-installed on devices.

The European Commission will be directly responsible for the enforcement of the DMA and will be able to impose fines of up to 10% of a company’s most recent annual turnover in the event of infringements.

Digital Services Act

The Digital Services Act (DSA) aims to make the online environment safer and more transparent. It primarily imposes obligations on online intermediary services and online platforms regarding how they must address illegal and harmful content. The DSA entered into force in November 2022. The European Commission designated nineteen companies as providers of ‘Very Large Online Platforms’ (VLOPs) or ‘Very Large Online Search Engines’ (VLOSEs) on 25 April 2023. It became necessary for these companies to comply with the DSA on  25 August 2023. For other intermediary services and smaller platforms, the DSA will apply from February 2024.

 Obligations imposed by the DSA include:  

  • Obligations regarding how illegal online content and illegal online sales can be reported by users;
  • Due diligence requirements for online platforms to take action to counter illegal content and illegal sales;
  • Clearer measures regarding how online content removal can be contested by users whose content has been removed;
  • Measures to promote greater transparency regarding how and why users are shown particular advertisements;
  • Regular risk assessment obligations for larger platforms regarding how they must address illegal and harmful content;
  • Greater autonomy for users to opt-out of being profiled by larger platforms for the purpose of being targeted with personalised content and;
  • A prohibition on the use of special categories of personal data deemed to be sensitive (such as regards ethnicity, race, religion or sexual orientation) for the purpose of targeted advertising. 

Directive on Security of Network and Information Systems II

 This new version of Directive expands the range of sectors that are deemed to be of critical importance for society, and which are therefore subjected to legal obligations regarding cybersecurity, including sectors such as telecommunications, pharmaceutical manufacturing, waste management, and data centre services. The new Directive strengthens the cybersecurity requirements for both large and medium sized businesses and for public bodies within these sectors. This includes the introduction of new requirements for companies to assess cybersecurity risks in supply chains.

The revised Directive for the Security of Network and Information Systems entered into force in January 2023 and will be transposed into the national legislation of all EU Member States, a process that must be completed by October 2024. This new Directive replaces the Directive for the Security of Network and Information Systems, which was introduced in 2016.

Artificial Intelligence (AI) Act

The EU Commission published its proposed regulation for Artificial Intelligence (the AI Act) on 21 April 2021. The proposed Act focuses on what the Commission categorises as “high-risk” AI, which includes AI applications that could pose significant risks to health, safety, or fundamental rights. For AI that is deemed to be high-risk, the regulation would impose obligations relating to:

  • The quality, representativeness, and suitability of datasets;
  • Record-keeping of an AI system’s functioning throughout its lifecycle;
  • The transparency and interpretability of how an AI system operates;
  • Human oversight of AI systems and;
  • The accuracy, robustness and security of AI systems.

Developers of high-risk AI must put in place quality management and risk assessment systems for the entire lifecycle of an AI application. “High-risk” AI applications must undergo a conformity assessment before being placed on the market and again each time the application is deemed to have been ‘substantially modified’. Furthermore, certain types of technologies will be highly restricted or prohibited – including the use of remote biometric identification by law enforcement or the use of social scoring technologies by public services. For AI that is considered to be ‘low-risk’, there will be few or no new regulations, although a voluntary code of standards will be established. The Council of the European Union adopted its position on the AI Act in December 2022 and on Wednesday, 14 June 2023 the European Parliament adopted its position on the Act. The proposed Act has now entered the trilogue stage of the legislative process involving negotiations between the Council and the Parliament.

 Digital Identity Proposal

The European Commission proposed a framework for a coordinated Digital Identity system in June 2021. This system would enable citizens to verify their identity electronically throughout Europe and it is intended to allow citizens to interact with public services across different EU Member States more easily. This Digital Identity framework would seek to allow such things as academic qualifications, bank details, and driving licenses to be recognised outside of the country of origin, which would simplify such things as renting or opening a bank account in another EU Member State. A provisional political agreement between the Council and the European Parliament on the new European digital identity framework was reached in June 2023.

Chips Act and Chips toolbox

In February 2022, the European Commission released a proposal for a Chips Act, and a recommendation for a Joint European Chips toolbox. Following significant disruption in the European economy due to a shortage of semiconductors during the COVID-19 pandemic (i.e. chips), these measures are designed to boost chip production in the EU and to safeguard the EU’s semiconductor supplies, given the importance of chips for diverse products ranging from mobile phones to cars to healthcare devices. These initiatives seek to harness funds from the EU, the Member States, third countries, and the private sector to support research, development, innovation, and production capacity. A coordination mechanism will also be established to monitor Europe’s strategic dependencies on semiconductors, to identify weaknesses in the supply chain, and to pre-empt potential shortages. A finalised version of the Chips Act was adopted on 25 July 2023.

Data Act and Data Governance Acts

The Data Act (DA) proposal was adopted by the EU on Tuesday, 25 July 2023.  The DA aims to promote data sharing by providing rights of access to co-generated data, and by providing measures designed to ensure interoperability and to enable ‘cloud switching’ between different cloud service providers. The DA also includes rules regarding contract terms on access to data, with a particular focus on protecting SMEs from unfair contract terms. The DA also seeks to ensure that public institutions have the power to request access to data that is considered essential to respond to public emergencies, such as terrorist attacks or natural disasters.

The DA was adopted following the adoption of the Data Governance Act (DGA) which entered into force on Friday, 23 June 2023 and will become applicable from September 2023. The DGA aims to promote data sharing by addressing legal concerns relating to data sharing and by providing strict rules to promote trust in “data intermediaries”, which are entities that facilitate the sharing of data.

EU-US Trade and Technology Council

The EU-US Trade and Technology Council is a body which aims to promote EU-US cooperation in the realm of trade and technology policy. The group focuses on ensuring EU-US cooperation to set technology standards and to promote cooperation in areas such as AI, semiconductor production, cybersecurity, and data governance. Having first met in September 2021, the Council is composed of ten thematic working groups which focus on topics including technology standards, secure supply chains, and climate and clean tech. The Council is co-chaired by the European Commission Executive Vice President Margrethe Vestager, European Commission Executive Vice President Valdis Dombrovskis, US Secretary of State Antony Blinken, US Secretary of Commerce Gina Raimondo and US Trade Representative Katherine Tai. The Council met for the fourth time in Lulea, Sweden in May, 2023.

EU-US Data Transfers Framework

On 10 July 2023 the European Commission adopted an adequacy decision for the EU-US Data Privacy Framework, in which the Commission deems the Framework to provide adequate protection to allow for the free flow of personal data from the EU to the US. This follows years of legal uncertainly after the Court of Justice of the European Union twice ruled that general personal data transfers from the EU to the US were not compliant with EU Data Protection law due to US mass surveillance. The new EU-US Data Transfer Framework is based on new developments in US policy, including President Joe Biden’s “Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities” which was signed in October 2022 and sought to improve protections for privacy. It is nonetheless likely that the new Data Privacy Framework will also be subjected to a legal challenge.

Cyber Resilience Act

The Commission proposed a Cyber Resilience Act (CRA) in September 2022. This Act will aim to establish minimum mandatory cybersecurity requirements for products or applications with digital aspects, including both hardware and software, and including products such as phones, computers, toys or household appliances. The Council and the European Parliament’s Industry, Research and Energy (ITRE) Committee each adopted their respective positions on the Act on Wednesday, 19 July 2023. The trilogue negotiations between the Council and the European Parliament on the Act are expected to begin in September 2023

Cyber Solidarity Act

On the 18 April 2023 the European Commission proposed a Cyber Solidarity Act which seeks to strengthen capacities within EU Member States to prepare for, detect, and respond to cybersecurity incidents. Amongst the proposed measures in the Act is the creation of a “European Cybersecurity Shield” consisting of a network of “Security Operations Centres” across the EU. The Act also proposes the creation of a Cyber Emergency Mechanism, which, amongst other things, will help to facilitate mutual assistance between Member States in the event of a cyberattack.

Digital Skills Initiatives

As part of the EU’s Digital Compass targets and the EU’s Digital Education Action plan, the EU aims to promote digital skills in the hope of ensuring that, by 2030, at least 80% of the EU population will have basic digital skills and that there will be over 20 million ICT specialists within the bloc.

In 2023, the European Commission launched the Year of Skills programme which brought together many initiatives to promote upskilling in Europe, with a particular focus on digital skills. On 18 April 2023 the European Commission adopted a proposal for a “Council Recommendation on the key enabling factors for successful digital education and training” and a proposal for a “Council Recommendation on improving the provision of digital skills in education and training.” These proposals aim to promote digital skills and access to digital education. On the same day the European Commission also presented its Communication on a Cybersecurity Skills Academy which is a European policy initiative aimed at bringing together existing initiatives on cybersecurity skills to improve their overall coordination across the bloc.

European Media Freedom Act

The European Commission published its proposal for a European Media Freedom Act (EMFA) in September 2022. The Act addresses many subjects relating to media freedom, as well as some of the implications of digitalisation for the media, including rules about the moderation of media content by online platforms. The Council of the EU adopted its common position on the EMFA on 21 June 2023 and the Council will begin trilogue negotiations with the European Parliament once the Parliament has adopted its position on the EMFA.

Initiative on the Right to Repair

The European Commission published a proposal for a Directive on common rules promoting the repair of goods in March 2023. The initiative is part of the Commission’s efforts to promote the circular economy as part of the European Green Deal. Electronic products are one of the categories focused upon in this initiative, which aims to promote the right to repair for consumers. This follows the introduction of the EU’s Common Charger Directive which was adopted in 2022 to ensure that a wide variety of electronic devices are able to use the same charger.  

European Strategy on Web 4.0 and Virtual Worlds

On 11 July 2023 the European Commission released its strategy on Web 4.0 and virtual worlds which is designed to prepare European businesses, public services, infrastructures, and citizens for immersive technologies including Augmented Reality (AR), Virtual Reality (MR) and Metaverse technologies. The initiative also seeks to ensure that European values and principles will apply in these new technological domains.

Conclusion

As of mid-2023 the European Commission has made significant progress on its digital policy agenda and is on track to be in position to have its key proposed pieces of legislation passed before the Commission’s term in office expires in 2024. Across a wide variety of topics, whether relating to digital economy competition, the moderation of online content or the regulation of AI, the EU is now recognised as a global front-runner in setting legislative norms and shaping policy. How these policies actually manifest in the European digital economy and whether these policies will achieve the goals envisaged by policy-makers is something that remains to be seen. While President Ursula von der Leyen’s Commission is largely on track to achieve the digital policy framework for Europe it has aspired to create, the actual success of this emerging policy framework in establishing a Europe fit for the Digital Age will now become the subject of future debate and analysis. This will be of particular importance to Ireland as it takes on the responsibility of chairing the D9+ group in the first half of 2024, an informal group of digitally advanced EU Member States that seek to cooperate in shaping EU digital policy. Ireland may thus have an opportunity to position itself at the heart of these debates in the year ahead.