In a nutshell: Polish presidency has assumed presidency of the Council of the EU and unveiled its 18-month programme together with Denmark and Cyprus. European Commission presented Competitiveness Compass and established Commissioner’s Project Groups. Council of the EU presented conclusions on strengthening the role of ENISA and on the white paper on Mastering Europe’s digital infrastructure needs. European Parliament announced a new European Democracy Shield special committee. Europol and Eurojust published a report on common challenges in cybercrime.
European Commission presented the Competitiveness Compass
On 29 January, the European Commission published a new strategy on improving European competitiveness titled “A Competitiveness Compass for the EU.” The strategy builds on some of the recommendations found in Mario Draghi’s Report (see our previous coverage here). The strategy aims to increase the competitiveness of EU economy because it is seen lacking in investment in innovation and productivity. The strategy suggests measures to deepen the EU single market, to stimulate investment, and to promote company law reforms among others. It is based on three pillars – closing the innovation gap; decarbonisation and competitiveness; and reducing external dependencies. The first pillar focuses on supporting start-ups and tech investments. The Commission will channel public and private investment to support innovation in technologies like AI, clean tech, energy storage, and strengthen Europe’s industrial capacity. Part of this pillar is the upcoming Digital Networks Act proposal [Q4 2025] which aims to improve market incentives to build the digital networks of the future, reduce burden and compliance costs and improve connectivity by creating an integrated single market for connectivity. The second pillar on decarbonisation aims to facilitate clean and affordable energy and promote clean tech and circular business models. The third pillar on reducing excessive dependencies and increasing security aims to diversify EU’s supply chains, and address the challenge posed by economic competition of third countries by, among other measures, introducing a European preference in public procurement for strategic sectors and technologies. This pillar also proposes increasing deeper coordination in financing, development and production of defence capabilities and infrastructure. Part of this pillar is also the upcoming proposal for Internal Security Strategy [Q1 2025] which will present a comprehensive EU response to face online and offline security threats. Finally, the strategy also proposes simplification and reducing administrative burden for companies. Each Commissioner should hold regular implementation dialogues with stakeholders to understand implementation issues, and “reality checks” held by the Commission together with stakeholders should feed into “stress testing” of EU regulation. Continued digitalisation shall complement the simplification, the Commission should publish a proposal for European business wallet [2025]. The upcoming revision of the Standardisation regulation [2026] should make standardisation faster and more accessible. The Commission wants to systematically engage in global standard setting processes to influence outcomes aligned with EU interests.
Polish Presidency of the Council of the EU unveiled its programme
On 1 January, Poland took over the rotating Presidency at the Council of the EU. Among the priorities for Presidency, which lasts for 6 months, is improving the defence and security of the EU, the resistance to foreign interference and disinformation, and improving the EU’s “ability to prevent and mitigate the effects of hostile actions in cyberspace”. The Presidency wants to develop a comprehensive and horizontal approach to cybersecurity, and update the EU’s Cyber Blueprint, a 2017 document outlining objectives and modes of cooperation between Member States and EU institutions during major cyber-attacks. Discussions should also include digital diplomacy, including “policies for the management of digital space (the Internet) […] including promotion of an open, free and secure Internet”. The Presidency is also open to discuss the new EU cybersecurity strategy, depending on whether there is a proposal from the European Commission. Finally, the Presidency will also work on the proposal for insolvency directive and on the non-contractual civil liability rules to artificial intelligence.
Upcoming Council of the EU Presidencies unveiled an 18-month programme
On 11 December, the Council of the EU presented a document outlining the 18-month programme of the Polish, Danish and Cypriot presidencies. The programme covers issues such as security and defence, coherent and influential EU foreign policy, green and digital transition and integrated approach to competitiveness among others. The trio wants to prevent and fight crime online and offline “using all relevant law enforcement and judicial cooperation tools.” It will also work on enhancing preparedness to cyber and hybrid attacks, and work on strengthening EU cyber resilience. It also plans to foster the development of digital technologies, promote data interoperability, encourage investment in digital infrastructure, promote EU digital rules and standards.
Council of the EU presented conclusions on white paper on Mastering Europe’s digital infrastructure needs
On 6 December 2024, the Council of the European Union published its opinion on the white paper titled “How to master Europe’s digital infrastructure needs?” (see our reporting on the white paper here). The white paper presented scenarios how to reach European Digital Decade targets through the development of digital network infrastructure. The Council conclusions acknowledge the need for investment to meet the Digital Decade Policy Programme 2030 targets. While the document does not rule out some level of telecom market consolidation, it underlines the importance of net neutrality and of functioning internet ecosystem and that “contractual freedom should be upheld as one of the primary principles, while keeping regulatory intervention at minimum level”. Furthermore, EU funding instruments should take into account the technological progress and the widespread use of AI applications. The conclusions also note the proper functioning of the Internet Protocol interconnection market in the EU and acknowledge the experience of national regulatory authorities in handling dispute resolution. Any potential measures on the functioning of this market should be in line with the open internet principles. Finally, post-quantum cryptography is deemed essential for maintaining encryption in the future.
Cybersecurity
Council of the EU presented conclusions to strengthen ENISA
On 6 December 2024, the Council of the European Union published a statement calling for the strengthening of the ENISA in relation to the evaluation of the Cyber Security Act. The Council conclusions highlight the complexity of global cyberspace, the sophistication of cyberattacks and the geopolitical tensions. The conclusions invite the Commission to examine and strengthen ENISA’s role in supporting operational cooperation at the EU level and among Member States, by increasing ENISA’s resources. The conclusions also note the important role of ENISA in the NIS Cooperation Group, and in the development of European cybersecurity certification schemes for ICT products, services and processes. The Council urges the Commission to find ways to have a leaner, risk-based, more transparent and faster approach to the development of EU cybersecurity certification schemes. The conclusions underline the importance of deepening civil-military cooperation in the field of cyber within the EU, but also in EU’s cooperation with NATO. ENISA should also engage more with the European External Action Service and the Commission on supporting the implementation of the EU Policy on Cyber Defence.
Europol and Eurojust report on common challenges in cybercrime
On 31 January, Europol and Eurojust published a 2024 review of common challenges in cybercrime. The report identifies challenges in combating cybercrime from both law enforcement and judicial perspectives. One of the challenges is the volume of data that the investigators need to examine. Further challenge is the loss of data, especially after the invalidation of the Data Retention Directive by the Court of Justice of the European Union, left “the legal landscape on data retention for law enforcement purposes in disarray across Europe”. Furthermore, the report explicitly mentions the redaction of WHOIS as a reaction to GDPR that makes it difficult to access registrant data. Initiatives such as DAP.LIVE system developed by DNS Research Federation and INTERPOL’s pilot test model providing automated access to non-public domain registration data gathered from other sources than ICANN, are mentioned as partially supplementing the open WHOIS, however with limited information and court admissibility. The report adds that the Domain Name System “has been abused by criminals to carry out illegal activities. DNS records can be manipulated to redirect users to domains containing malware or phishing websites. […] The information available in DNS lookups has become gradually less comprehensive.” The report welcomes the amendment of ICANN’s Registrar Accreditation Agreement to strengthen abuse mitigation obligations that should oblige registrars to act on a complaint instead of just confirming its reception. One of the “open issues” mentioned is the “[p]ermanent access for law enforcement agencies to non-public WHOIS information that is both swift and efficient”. Access to data presents another challenge, namely the use of encrypted services by cybercriminals. Law enforcement encounter difficulties intercepting DNS requests, mainly when DNS over HTTPS is used by the user. Finally, the report also discusses the legislative responses developed by the EU to address some of the difficulties the law enforcement agencies are facing, such as e-Evidence package, Digital Services Act or Second Additional Protocol to the Budapest Convention on Cybercrime.
European Commission established Commissioner Project Groups
On 7 January, the European Commission established 14 Project Groups across the portfolios of individual Commissioners. The Project Groups were established by the decision of the President of the European Commission von der Leyen and shall “ensure timely preparation and provide political steer for the development of the initiatives and implementation of priorities.” Each of the Project Groups is chaired by one Commissioner with other Commissioners as members. The Project Groups should also each have a secretariat and shall be established for an initial period of one year. Some of the established Project Groups include a Project Group on European Internal Security, and a Project Group on Democracy, which should support the drafting of the European Internal Security Strategy and European Democracy Shield respectively.
European Parliament announced a new European Democracy Shield special committee
On 23 January, the European Parliament plenary adopted a proposal to establish a new special committee on the European Democracy Shield. The aim of the new special committee is to react to malicious interference in democratic process in the European Union. As such, the committee shall assess relevant existing and planned legislation and policies to detect gaps that could be exploited. This includes examining opportunities of cooperation among EU agencies and national authorities in the area of justice and home affairs, impact of interference on critical infrastructure and strategic sectors, hybrid threats and cyberattacks. The special committee should develop suggestions and proposals on how to remedy these gaps, in cooperation with standing committees of the European Parliament; and assess the activities of the Commission and the European External Action Service regarding the “fight against foreign information manipulation and interference and hybrid threats and attacks.” The special committee shall follow up, where relevant, the Special Committee for foreign interference in all democratic processes in the EU, including disinformation (INGE). This European Democracy Shield special committee has a term of 12 months.
