Tech Brief: AI Act committee vote set, Germany’s sense for data retention

The Tech Brief is EURACTIV's weekly tech newsletter.

Welcome to EURACTIV’s Tech Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here

 

“It’s a delicate balance.”

-A European Parliament official

Story of the week: The European Parliament’s IMCO and LIBE committee have agreed on the date to vote on the AI Act report: 26 April. At a shadow meeting on Wednesday, several of the batches on requirements for high-risk systems, obligations for high-risk providers, conformity assessment and general provisions were mostly closed. On Thursday, prohibited practices, penalties, stand-alone articles, and final provisions were on the agenda. The right to an explanation was moved into an obligation for deployers to inform individuals that they have this right. Some of the most delicate open questions concern a push from the centre-right to tailor further the requirements for General Purpose AI and a push from the centre-left to get a stricter categorisation of high-risk systems. Progressive MEPs also ask to include emotion recognition in the list of prohibited practices as part of the political agreement. Next week is green week, meaning that meetings will not be possible. There will be a final rush to prepare for the committee vote in the ensuing two weeks. As the overall compromise takes shape, the looming question is the plenary vote, where alternative amendments might disrupt the ‘delicate balance’. And to what extent the co-rapporteurs will be able to control their own political groups is likely to be the decisive factor.

Don’t miss: Germany’s Federal Constitutional Court ruled that the national law on data retention is incompatible with EU law, confirming the EU Court of Justice’s ruling from last year. The law in question had provided for storing call data, text messages and IP addresses, including location information, and has been a hot topic in Germany, where the discussion does not seem to be over yet. Read more.

Also this week

  • Europol warned about potential criminal uses of ChatGPT and similar models.
  • The Bundeskartellamt initiated the process of putting Microsoft under its special competition regime.
  • A Commission’s website still has many malicious links three weeks after the problem was reported.
  • Political trilogues on the Data Act, Chips Act and Political Ads regulation took place.
  • The Commission is set to propose a new competence centre on Standard Essential Patents.
  • The EU Council’s legal service endorsed the legal basis of the Media Freedom Act.
  • MEPs called for the Commission to change its approach to standardisation.

Before we start: If you just can’t get enough tech analysis, tune in on our weekly podcast.

Gigabit recommendation – what impact on the telecom sector?

The European Commission has recently proposed a Gigabit recommendation as part of a broader Connectivity Package. We discuss the potential impact of the recommendation on the European telecom market with Kamila Kloc, Acting Director for Connectivity at the European Commission, …

Artificial Intelligence

If AI goes rogue. Europol has issued a warning in a report this week about large language models such as ChatGPT and their potential use in various cybercrimes, including online fraud and malware. As these AI systems are highly complex, malicious actors find ever more complex workarounds to circumvent their safeguards and even more worryingly, ChatGPT’s upgrade GPT-4 was found prone to cause even more advanced harmful responses. Read more.

Let’s take a break. Elon Musk and hundreds of other industry practitioners have signed an open letter calling on all AI developers to take a break for at least six months from releasing AI systems more powerful than GPT-4, citing societal risks. The Future of Life institute pushes the argument a futurist collective Musk has financed with millions of dollars. Musk was an early investor in OpenAI, but according to media reports, he cut his involvement following a failed attempt to take over the company in 2018. Many see the suggestion to pull the brakes resulting from Musk’s frustration from not having a ChatGPT-style model.

Speaking of risks. ChatGPT was briefly taken offline this week due to what its developer, OpenAI, said was a bug in an open-source library allowing users to see titles from other active users’ chat history and, in some cases, the first message of newly-created conversations. The bug was patched, and service was restored. However, in a technical explanation published after the fix, OpenAI revealed that the same issue may have made some payment-related information visible to ChatGPT Plus subscribers.

But it gets worse. In Belgium, a man took his own life following weeks of conversation with a chatbot named Eliza. According to Belgian media, the man had turned to technology to escape mounting concerns about climate change but committed suicide after six weeks of distressing messages. “Without Eliza, he would still be here,” his wife told La Libre.

AI standards. The AI Act will be highly dependent on technical standards regarding compliance. Still, standardisation bodies lack the expertise and legitimacy needed to make divisions on interpreting topics such as human rights law, according to a new paper by the Ada Lovelace Institute.

Competition

Microsoft joins the club. Germany’s competition authority, the Bundeskartellamt, has taken the first step to designate Microsoft as a company of paramount significance across several markets. If confirmed, Microsoft would be placed under the special abuse control regime already in place for other tech giants such as Meta, Google and Amazon. The inquiry has partly been triggered by Microsoft’s recent focus on AI, notably with its $10 billion investment in OpenAI. Read more.

Hyperscalers’ spat. Microsoft is set to close a deal with French OVHcloud, Italian Aruba SpA and Danish Cloud Community that filed an antitrust complaint against the high cost and difficulty faced by users seeking to change from its cloud computing services. Google has accused Microsoft of engaging in anti-competitive cloud computing practices and said the company’s deals with smaller vendors would benefit them alone rather than solve broader market issues.

Abuse of dominance review. The Commission has launched a call for evidence on updating 2008 rules around abuse of dominance, following years of confusion and court cases related to their application. The new Guidelines will seek to clarify existing provisions on the subject, withdrawing an existing guidance document and replacing it with new guidelines on exclusionary abuse.

EU-US competition dialogue. EU competition chief Margrethe Vestager headed to Washington DC this week for meetings with top US officials, including at the EU-US Joint Technology Competition Policy Dialogue.

Photomath acquisition cleared. Confirming earlier reports, the Commission has unconditionally approved Google’s acquisition of the online study app Photomath, concluding it poses no EU competition concerns.

Cybersecurity

Fishy links. Malicious links on the Commission website are still accessible more than three weeks after security firm Nord Security first reported them. The Commission says it is in the process of removing the links placed on the European School Education Platform site by cybercriminals and linking to OnlyFans premium accounts, Cash App money generators and PlayStation Network gift cards, amongst others. Read more.

Cyber threats foresight. The European Union Agency for Cybersecurity, ENISA, published its March 2023 report, identifying ten cybersecurity threats for 2030 and five threat identification scenarios. The threat of supply chain-compromising software dependencies was ranked as the greatest threat, while the threat of abuse of AI was the lowest.

Data & Privacy

Data Act trilogues start. The first ‘hand-shaking’ trilogue on the Data Act took place on Wednesday. Today, the first technical meeting is set to decide the work plan, divide the text, and clean the ‘green’ lines. According to an initial agenda seen by EURACTIV, nine other technical meetings are planned until the next trilogue on 23 May, and six more until the third (and possibly last) political meeting on 28 June. When COREPER adopted the Council’s position last Friday, the discussion underlined that some differences remain on trade secrets and B2G obligations, signalling the Swedish presidency might have little room for manoeuvre on these points.

Meta’s ad business in Europe. Meta is reportedly planning to overhaul its ad practices amid a tightening regulatory landscape in the EU. In response to the EU’s proposed political ads regulation, the company is allegedly considering banning political advertising on its platforms in Europe overall while also being set to introduce changes to its data processing consent policies in response to a decision from the Irish data protection authority earlier this year that found its legal basis to be in breach of EU law. Read more.

Competitive portability. A small Italian start-up has won an antitrust battle against Google in Italy, which might provide an important precedent for the application of the data portability provision of the GDPR.

Digital Services Act

EP working group. The IMCO committee met this week to hear feedback from MEP Christel Schaldemost on the DSA implementation working group’s activities. The group, whose first meeting was held last week, is still awaiting the Commission’s designation of VLOPs. The DSA rapporteur stressed the positive dialogue between platforms and the EU executive. The next meeting of the group is due in July or September.

Disinformation

PMs vs disinfo. Big tech companies must tackle disinformation more effectively, the Prime Ministers of Czechia, Slovakia, Poland, Ukraine, Moldova, Estonia, Latvia and Lithuania said. They warned of the actions of hostile foreign powers online and used major platforms to sow discord and spread propaganda, calling on CEOs to increase their cooperation with governments, civil society and media outlets to address the issue. Read more.

Industrial strategy

Chips Act second trilogue. The second trilogue on the Chips Act lasted the full day on Thursday. The major hurdle, as expected, is the budget, where the Parliament wants to maintain at least the same money put forth by the Commission without withdrawing them from existing programmes. Discussions stalled as the presidency seemed clueless about where they would be taking the money, and MEPs are now waiting on a creative solution. On Intellectual Property safeguards, the Parliament accepted the Commission’s text with some improvements. Still, the Council wants to remove the principle that IP should be protected from third countries when receiving European state aid. On the first-of-a-kind definition, lawmakers obtained to include the reference to equipment, whilst the one on design is still in doubt. Giving up on separating this concept from that of the Integrated Production Facility and Open EU Foundry might be a concession to the Council to obtain an increased budget. On international cooperation, MEPs want the Commission to only collaborate with countries that can be trusted, but the EU opposes such a prescriptive text. Regarding critical sectors, the Parliament obtained to put the list as an annexe. The Council is pushing to include sub-sectors to avoid the automotive industry being covered, another potential bargaining chip for the budget. Pillar III is virtually closed thanks to advanced work at the technical level, with the compromise adopting most of the Parliament’s key ideas.

Patent competence centre. The Commission is set to create a new unit within the EU’s Intellectual Property Office to focus on standard essential patents (SEPs), according to a draft version of an upcoming regulation, seen this week by EURACTIV. The new competence centre would oversee greater transparency in SEP licensing and registration and introduce FRAND rules on dispute resolution processes to curtail litigation on licensing fees for essential tech patents. Read more.

It’s all about money. The Commission’s 2023-24 Work Programme for the Digital Europe funding programme has been published, featuring projects on high-performance computing, AI, data and digital skills. Cybersecurity received its own dedicated work programme alongside the main text, with a notable €35 million set for developing a Cybersecurity Emergency Mechanism, the legal framework for which – the Cyber Solidarity Act – will be presented next month. Read more.

Deep Tech pledgers. The European Institute of Innovation and Technology (EIT) introduced the first pledgers of their Deep Tech Initiative during an online event on Tuesday, which emphasised the need for more skills and knowledge in Europe and more opportunities for talented people in the tech industry.

Reconstruction platform. Germany’s Ministry for Economic Cooperation and Development has launched a new digital platform designed to become a space for networking, dialogue and information gathering regarding the country’s commitment to reconstruction in Ukraine. Read more.

New quantum centre. IBM and the Basque Foundation for Science announced the launch of the IBM-Euskadi Quantum Computational Center to advance quantum research and build a quantum workforce.

Law enforcement

Out of scope. The EU Council is looking to exclude number-based communications services from the scope of the proposal on Child Sexual Abuse Material (CSAM), adopting the request from telecom operators. Clarifications were introduced into the text in areas such as delisting, blocking and removal orders, with some amendments on information exchange and the timeline. Read more.

EU-US anti-encryption venture. The EU and US will seek to gain public support for measures that would grant law enforcement agencies greater access to encrypted communications, Politico reports. At a recent meeting in Stockholm, officials reportedly agreed to double down on attracting public backing for initiatives allowing these bodies to access secured personal communications controversially.

Law Enforcement Expert Group. Data retention and encryption have been cited as the most pressing issues for law enforcement, with European governments considering establishing an expert group to discuss these topics further. Read more. 

CSAM dangers. New research by a Finnish organisation has looked into the behaviours of people who seek out and view child sexual abuse material (CSAM), finding that nearly half sought contact with a child after viewing it, and 70% were minors the first time they came across it. Read more.

Media

Legal basis confirmed. The Council’s legal service has upheld the basis of the European Media Freedom Act, presenting its opinion this week that a regulation is the correct legal instrument for the initiative to use. The influential legal opinion is a blow to efforts from some, including Germany and the Parliament rapporteur Sabine Verheyen, to split parts of the regulation into a directive, a move critics say would weaken the project overall. Read more.

Not over yet. However, Verheyen told Contexte this week that, despite the lack of political support and the Council’s legal opinion, splitting the media law into a directive might come back later. She also stressed that she wants the platforms to notify the media before content removal, giving the outlets 48 hours to respond.

Platforms

No progress in sight. The second trilogue on political advertising was held this week, though the meeting was cut short to only one hour and a half. On the agenda were provisions covering third-country sponsors, non-discrimination and the creation of a European ad repository. Still, the discussion stopped short of any substantive negotiation on these topics.

Metaverse report. The lead of IMCO’s own-initiative report on the metaverse has been assigned to the European People’s Party, with Andreas Schwab set to take the lead. The opinion of the JURI committee was attributed to Axel Voss, who might, however, also work on a separate own-initiative report on the topic.

Google’s ad transparency. Google is launching a new Ads Transparency Centre with a searchable repository of global ads. The announcement came alongside the publication of the company’s annual Ad Safety report.

Standardisation

Change of approach called. This week, MEPs from the Parliament’s internal market (IMCO) committee adopted a non-binding resolution requesting that the Commission urgently reconsider its approach to standardisation, which has been restructured following the James Elliott ruling in 2016. The report pushes the industry’s argument that standardisation requests should not be overly descriptive and that standards should not be equated to law but also calls for beefing up participation by setting up participation schemes at the national level for SMEs and civil society organisations like consumer groups. Although not binding, the report might influence the Commission’s ongoing evaluation of the Standardisation Regulation. Read more.

Telecom

Huawei’s special watch. The Belgian intelligence service is investigating Chinese tech company Huawei over espionage concerns related to its EU lobbying arm, Politico reported. The inquiry, which has taken the form of interviews with company employees over recent months, comes amid broader ongoing scrutiny of potential influence exercised by China via private actors.

Transatlantic ties

Summit for Democracy. US President Joe Biden called for unity against Russia and China and an alliance against surveillance technology at the Summit for Democracy this week. The US announced almost $700 billion in funding for various programmes to strengthen democracy, including via the advancement of independent media. The US is also set to launch a joint effort to counter the misuse and proliferation of spyware. Read more.

 

What else we’re reading this week:

China’s YMTC set for chip comeback despite US export controls (FT)

Tick TikTok Goes Globalization (Project Syndicate)

Julia Tar contributed to the reporting.

[Edited by Alice Taylor]

Read more with Euractiv

Subscribe to our newsletters

Subscribe