Tech Brief - Commission mulls cloud providers regulation, submarine cables high-risk vendors phase-out

“Even though cloud providers run large (backbone) electronic communications networks, these networks are exempted from parts of the electronic communications regulatory framework,” reads the Commission’s telecom draft white paper, to be published on 21 February.

Story of the week:

EU Commission mulls cloud providers regulation, update of fair share tax. According to a Commission draft document, the future of telecom is bound to a process of “softwarisation”, which is understood as the convergence of cloud infrastructures and telecommunication services. Consequently, the Commission considers that it “raises the question whether the players […] should not fall under equivalent rules applicable to all”.

The Commission also refers to the ‘fair share’ tax, while also referring to ecological concerns, suggesting to rethink the industry rules. The ‘fair share’ debate could resurface in the form of a green tax, that would make Big Tech accountable for driving increased traffic that leads people to buy new endpoints, responsible for the majority of digital carbon footprint. Read more.

Don’t miss:

Submarine cables: Commission suggests phase-out of high-risk vendors. The European Commission’s submarine cable recommendation, seen by Euractiv, suggests phasing out risky providers of telecom subsea cables using a “Cable Security Toolbox”, like the EU Toolbox on 5G cybersecurity. High-risk vendor Huawei could see its subsidiary HMN Tech equally restricted or banned from rolling out submarine cables.

Still, the Commission does not propose additional resources to help with the phasing out of high-risk vendors. Instead, it foresees extra investments in “Cable Projects of European Interest”. Read more.

Also this week:

Before we start: If you just can’t get enough tech analysis, tune in on our weekly podcast.

EP committees endorse AI Act. The AI Act was endorsed with an overwhelming majority by the European Parliament’s Committee on the Internal Market and Consumer Protection (IMCO) and the Committee on Civil Liberties, Justice and Home Affairs (LIBE) on Tuesday. The text will be tabled at the Parliament’s plenary on 10-11 April and will have to be adopted by Council before it becomes law.

Reflecting on the AI Act. On Thursday, an article was published on the website of Kai Zenner, head of office of MEP Axel Voss, shadow rapporteur for the AI Act. Zenner praised, among other things, the regulation’s future-proofness while criticising the negotiating process and writing that the AI Act is “conceptually not fit to regulate AI”.

French regulatory authority looks into AI sector. The Autorité de la Concurrence decided last week to take the initiative and look into competitive practices of digital organisations in the AI sector. It will look into the practices of cloud providers, taking into account that AI and cloud are neighbouring markets. It also aims to look into equity investments from Big Tech into AI startups. The Autorité therefore decided to open a public consultation, running until 22 March. The authority expects to provide its opinion in the coming months.

OpenAI launches AI creating video from text. World-famous ChatGPT parent company OpenAI introduced on Thursday night Sora, an AI tool that creates videos from text. Sora can generate short videos up to one minute. OpenAI is not the first company to offer this service, as Runway launched Gen-2 in June, while Meta is working on its own service Emu, and Google on Lumiere.

UK visit to EU. This week, Jonathan Camrose, UK minister for AI and intellectual property, was in Brussels to attend the EU’s informal Competitiveness Council on Thursday to discuss the European Framework for Research & Innovation. He was also to meet AI developers and endorse a Multilateral Dialogue on Principles and Values for International Cooperation in Research and Innovation, a commitment to open dialogue between European key partners and UK scientists about solving global challenges.

AI guide. A guide for professionals keen on exploring how assurance techniques can bolster the advancement of responsible AI was published on the British government’s website on Monday. The document, titled “Introduction to AI assurance”, introduces AI assurance concepts and terms and puts them into a wider AI governance landscape. It also puts the focus on the underlying concepts of AI assurance over technical detail.

Capgemini-MistralAI partnership. Last Thursday, Capgemini announced a new alliance partnership agreement with MistralAI, which will focus on more accessible, cost-effective, energy-efficient and versatile AI implementation, as well as on helping clients accelerate their use of generative AI via MistralAI’s foundation models. Capgemini also notes that MistralAI multilinguist models will be a critical criterion for international businesses.

AI and copyrights. French MP and president of the High Commission for Digital and Posts (CNSP) Mireille Clapot officially presented her report to the new secretary of state in charge of digital, Marina Ferrari, on Thursday. The report suggests, among other things, amending the EU’s copyright rules to cover generative AI. Euractiv has more about this report here.

Google opens AI hub in Paris. French Economy Minister Bruno Le Maire and secretary of state in charge Marina Ferrari took part in the ceremony of the Google hub dedicated to AI in Paris on Thursday. The hub will gather 300 researchers and engineers.

Don’t date AI. The Mozilla Foundation is urging people not to use romantic AI chatbots due to privacy concerns. They also emphasise that there is a lack of transparency about how data is being stored.

Annual report. On Wednesday, the Commission published its 2024 Annual Single Market and Competitiveness Report, emphasising the significance of the single market’s role in contributing substantially to the EU economy. Despite the ongoing challenge of high energy prices, the report highlights the significant progress made in recent years to modernise the EU energy policy toolkit and bolster clean technology manufacturing within the EU. The Commission also congratulates itself for modernising “the single market by organising its digital space”, quoting the Digital Markets Act, Digital Services Act, Data Governance Act, Data Act and AI Act.

Influencer screening. The European Commission announced on Wednesday that, together with 22 member states’ national protection authorities, Norway and Iceland conducted a sweep of social media posts by influencers. The results showed that 97% of influencers out of 567 posted commercial content, but only one in five consistently indicated that their content was advertising. The purpose of the screening was to assess influencers’ compliance with EU consumer law regarding the disclosure of advertising activities. The examination involved checking posts from 576 influencers across major social media platforms.

Digital Minister vows to defend tech company Atos. French Secretary of State Marina Ferrari vowed on Wednesday to use “all means available” to the state to make sure that strategic activities of Atos remain French, including defence operations and supercalculators. She notably said the government could use a mechanism to control foreign investments if necessary.

Delayed Cyber Resilience Act. Although the Cyber Resilience Act was adopted in a first-reading vote by the European Parliament’s Industry and Research committee on 23 January and is going through linguistic and legal revision, the Council of the EU decided to prioritise other files, until after the Parliament’s last plenary session. In practical terms, this means that, if everything goes well, the Cyber Resilience Act should be published in the Official Journal in September or October 2024.

Munich Security Report. G7 countries perceive cyber attacks as the second biggest risk to their security after extreme weather events, according to the Munich Security Report 2024, published on Monday, ahead of the annual Munich Security Conference. “Technology was once a driver of economic growth, but also of global networking. Today, it is a key arena for competition between systems,” Tobias Bunde, director of research and policy at the Munich Security Conference (MSC), told a press conference. Read more.

New insights on cyber activity around the Israel-Hamas war. Google released earlier this week a joint threat intelligence report, called ‘Tool of First Resort’, providing an analysis of the cyber activity seen around the Israel-Hamas war before and after the 7 October attack. Activities include hack-and-leak operations, information operations and phishing campaigns. “Since the October 7th attacks by Hamas and the subsequent military response by Israel, Iran has significantly ramped up its cyber operations against Israel as well as the US and its closest allies,” Anita Gohdes, Hertie School professor of international and cyber security, told Euractiv. Gohdes explained that Iran has actively engaged in information operations aimed at rallying support for Hamas, polarising Western public opinion, and undermining support for Israel. “These information operations are likely to reach audiences in the EU as well,“ Gohdes added.

Russian espionage group detected. Cisco Talos’ new research, published on Thursday, shows that a Russian espionage group was targeting Poland via a new backdoor already in December 2023. Based on the findings, the backdoor is described as a “last resort” mechanism, intended for activation after all other unauthorised access or backdoor methods have been thwarted or identified on the compromised systems.

Dating app data breaches. SecurityScorecard found, according to its post published on Tuesday, that 85% of the dating apps examined experienced a compromised entity within their third-party network. In comparison, 90% had “a breached entity in their fourth-party ecosystem”.

MPs go rogue on sensitive sovereign data on American clouds. Le Canard enchaîné revealed on Monday that EDF, the French state-owned electricity utility, decided to move its maintenance application and IT services to Amazon’s cloud (AWS). MPs Philippe Pradal (Horizons, Renew Europe) and Philippe Latombe (MoDem, Renew Europe) voiced concerns over French sovereign data being stored on US clouds. The news comes two weeks after the data regulatory authority (CNIL) authorised the Health Data Hub to use Microsoft’s cloud (Azure) for scientific research using deeplearning technologies. According to Latombe, these two decisions are a “real problem” which has to be tackled and will gather the support of all parties at the National Assembly. The right instrument to put in law that sovereign data should be stored on European clouds might be the umbrella digital law SREN, which will resume its legislative process on 11 March.

Momentum for putting security requirements in law. French centrist Senator Catherine Morin-Desailly sent a letter to the government on Friday last week regarding the Health Data Hub using a US cloud provider for health deep learning research purposes. She mentioned the umbrella digital law SREN as the right tool to strengthen cloud security storage of sovereign data and asked the government to launch an industrial policy “in support of French and European ecosystems”.

New GDPR measures. MEPs adopted a draft report on Thursday about the cross-border enforcement of the General Data Protection Regulation (GDPR), focusing on common rules for member states on how to treat complaints and introducing common deadlines, among other things.

New GDPR criticism. The Computer & Communications Industry Association (CCIA Europe) found the new draft report on GDPR problematic, as the LIBE Committee suggested “giving significantly more powers to complainants to intervene while limiting those of parties under investigation”, which, according to CCIA Europe, would make cross-border procedures adversarial.

Big Tech tax extension. Austria, Spain, France, Italy, the UK, and the US decided to extend the transitory agreement to tax Big Tech nationally. As the negotiations at the OECD level on a multilateral Big Tech tax are stuck, the said countries decided to extend their interim national taxes until 30 June 2024.

Digital ministry loses significance in France. As delegated minister for digital Jean-Noël Barrot became minister in charge of Europe, MP Marina Ferrari became secretary of state in charge of digital. In the French ministerial ranking, a secretary of state is less important than a delegated minister.

Complying with EU’s Digital Services Act. During the handover of the Digital Ministry between Barrot and Ferrari on Monday, Ferrari vowed to “strictly apply the DSA” and to fight for the “birth of a true EU digital sovereignty”. She will indeed have to make sure the influencer law and umbrella digital bill SREN comply with the DSA, as they both received reasoned opinions from the European Commission.

Russian-led disinformation campaign unveiled. On Monday, the French technical organisation in charge of monitoring and protection against foreign digital interferences (Viginum) uncovered a large Russian disinformation campaign called Portal Kombat. At least 193 sites have been referenced. The Portal Kombat’s objective was to present the Russian war of aggression in Ukraine as “the special military operation” and denigrate Ukraine and its leaders. The report is also available in English.

Four Apple and Microsoft services to be left out of DMA. After the Commission conducted a comprehensive evaluation, considering feedback from stakeholders, and following consultation with the Digital Markets Advisory Committee, it determined that Apple’s messaging service iMessage and Microsoft’s search engine Bing, its browser Edge, as well as its online advertising service Microsoft Advertising, do not meet the criteria to be classified as gatekeeper services. While the four services do not meet the necessary thresholds, the decision does not impact Apple and Microsoft’s designation as gatekeepers of their other core platform services. Read more.

A win for the Court. ByteDance, the owner of TikTok, was unsuccessful in its attempt to halt the EU’s General Court decision that mandates the platform to adhere to the Digital Markets Act, Bloomberg reported last Friday. The court asserted that ByteDance had not demonstrated the requisite urgency for a temporary injunction to avert substantial and irreversible harm.

DSA enforcement. The Digital Services Act (DSA) will enter into force on Saturday and will apply to all platforms operating in the EU. The DSA has already been applied to designated platforms with more than 45 million monthly users. However, besides other concerns, several member states did not appoint their national digital services coordinator, which is needed for the regulation to be fully enforced.

Online Hate: DSA part of the solution. Earlier this week, several German NGOs and civil society centres, including Das NETTZ and HateAid, published a study analysing the experience with online hate among German internet users. According to the study, almost one in two people (49%) have been insulted online. Due to the increase in hate speech, political opinions are less frequently shared online, jeopardising diversity of opinion and threatening democracy. ”With the Digital Services Act, however, we are already creating a uniform European basis that contains clear rules, for example on checking and deleting posts, which will impose obligations on more platforms,” Germany’s Family Minister Lisa Paus told a press conference on Tuesday.

Quantum roadmap. Quantum Flagship revealed its new roadmap, urging an end to dependency on foreign nations for the development of vital components and hardware, and striving to establish Europe as the global pioneer in quantum technology, shaping it into the world’s first ‘Quantum Valley’.

Right to repair news. According to a LinkedIn post by David Baervoets, attaché to the Permanent Representation of Belgium to the EU, after “11 inter-institutional meetings, four working group meetings and three COREPER discussions during the Belgian Presidency”, the final compromise text of the Right to Repair Directive has been approved by Coreper on Thursday.

Interim CSAM regulation extended. On Thursday, another trilogue meeting followed the one held on Monday about the interim regulation aiming to detect and remove online child sexual abuse material (CSAM). After no agreement was reached on Monday, MEPs agreed with the Belgian Presidency on Thursday about extending the temporary regulation until 3 April 2026. Meanwhile, the European Court of Human Rights banned the weakening of end-to-end encryption on Wednesday, which some believe might influence the future of the permanent regulation.

Tougher stance on media pluralism. The association Reporters Without Borders sent a referral to the French supreme court for administrative justice (Conseil d’Etat) over concerns about uneven political discourse on the French TV channel CNews. CNews has been accused by Reporters Without Borders of failure to meet its legal obligations of honesty, independence, and pluralism of information. CNews is part of Vincent Bolloré’s group of media, criticised for pursuing a far-right agenda. Until now, the audiovisual regulatory authority Arcom was checking on independent coverage of news through the broadcasting time of political figures. The Conseil d’Etat ruled on Tuesday that the Arcom “must take into account the diversity of currents of thought and opinions represented by all participants in the programs broadcasted”. Consequently, it gave Arcom six months to deliver a new ruling on the formal notice incurred against CNews by Reporters Without Borders.

TikTok and EU elections. TikTok announced on Thursday it is preparing for the EU elections by launching “local language Election Centre in-app for each of the 27 individual EU member states”. The platform will work together with fact-checking organisations, and require creators to label AI-generated content. On Thursday, TikTok also launched a new interactive microsite, including SMEs’ stories about leveraging TikTok’s economic success, from across 19 member states. In January, Snapchat also published a blog post about planning for the EU elections.

Biden joins TikTok. With the November US elections approaching, President Joe Biden joined TikTok last Sunday, via an account run by Team Biden-Harris, even though, since last year, federal employees and state employees in several US states have been prohibited from using the app on government devices. This follows the news of the European Parliament confirming to Euractiv last week that it will use TikTok in the upcoming election campaign although EU institutions had banned it from corporate devices last year due to cybersecurity concerns.

Noyb’s complaint against Meta ‘pay or okay’ gains momentum. On Friday, Noyb sent a letter to the European Data Protection Board (EDPB), together with 28 signatories from NGOs, about Meta’s ‘pay or okay’ system, due to the EDBP’s upcoming opinion on the matter, following the request of national data protection authorities. Noyb is encouraging the EDPB to make a decision that is in line with the Fundamental Right to Data Protection and protects free consent.

Analysis of EU broadband law final compromise. EU telecom associations have criticised the course pursued by negotiators on the Gigabit Infrastructure Act, saying the text will allow the speeding up of telecom infrastructure roll-out but will have a minimal impact due to shrinking returns on investments. A Euractiv analysis with telecom experts, read more.

EU broadband law gets first green light. Coreper green lighted the Gigabit Infrastructure Act on Friday, by a unanimous vote. Parliament’s ITRE committee is expected to vote on the compromise text on 22 February.

OVHcloud and Liberty Global join ETNO. On Wednesday, the EU telecom association ETNO announced that Liberty Global, owner of Virgin Media in the UK and Ireland, VodafoneZiggo in the Netherlands, Telenet in Belgium, and UPC in Slovakia, had joined ETNO as a full member. OVHcloud, the largest French cloud provider, became an observer member of the association.

Alina Clasen contributed to the reporting.
[Edited by Zoran Radosavljevic]

Thanks for reading. Be sure to spread the word and come and say hello on X.