In a nutshell: The European Commission publish an International Digital Strategy, a non-paper on WSIS+20 review process, and opened a call for evidence Consumer Agenda 2025-2030 and European Business Wallet. The European Parliament adopted a report on European tech sovereignty, and published its findings and recommendations on the European Democracy Shield. The Council of the EU published it’s latest version of the insolvency proposal. Polish Presidency at the Council of the EU published conclusions on strengthening EU democratic resilience. ENISA published a handbook for cyber stress tests.
European Commission published an International Digital Strategy
On 5 June, the European Commission published an International Digital Strategy. The strategy intends to boost the EU’s tech competitiveness through economic and business cooperation, promote a high level of security for the EU and its partners, and to shape global digital governance and standards within a network of partners. The priority areas of cooperation with the partner countries include support for secure and trusted digital infrastructure, which includes Internet infrastructure; cooperation on emerging technologies like AI or 5G/6G; cooperation on countering of the Foreign Information Manipulation and Interference (FIMI), including by focus on attribution of FIMI. The cooperation also includes digital identities and digital public infrastructure, where the EU wants to make use of its experience in developing open-source digital identity wallets. The EU would therefore like to support the development of digital identity solutions based on the EU Digital Identity Wallet specifications, to support the digital transformation of public administrations and businesses of partner countries. The document also proposes the establishment of “EU Tech Business Offers”, public-private partnerships on deployment of digital public infrastructure, AI, etc. balancing the interest of partner countries and of the EU. Finally, the documents suggests that the EU should also focus on advancing its goals in the setting of global digital governance. The Commission intends to be actively involved in the GDC implementation work, as well as in standardisation. It should implement a multi-stakeholder strategy for the comprehensive deployment of internet standards across the EU internet infrastructure. The EU should also support an “international extension and broadening of the Open Internet Stack, referring to the foundational structure of protocols that enable communication and information sharing on the internet, to address the needs of partner countries”. The document further supports the multi-stakeholder model of internet governance in the WSIS+20 review process.
European Parliament adopted a report on European tech sovereignty
On 3 June, the European Parliament committee on Industry, Research and Energy (ITRE) adopted a non-legislative own-initiative report on European technological sovereignty and digital infrastructure (you may find our previous coverage here and here). The original report filed by the rapporteur Sarah Knafo (Europe of Sovereign Nations Group) was completely redrafted by the European People’s Party, Socialists & Democrats, Renew and Green/EFA groups. The adopted report therefore contains virtually no resemblance to the original draft. The report highlights several key issues on which the European Commissions should focus more. Among the topics are digital infrastructure, connectivity and spectrum, cloud, high-performance computing and standardisation. The report notes the increasing concentration of power in non-European companies which constrains Europe’s ability to innovate and maintain control over its digital economy. The report calls on the European Commission to analyse and establish a comprehensive list of critical dependencies in digital infrastructure and technologies, including “a comprehensive assessment of the composition of the digital infrastructure in order to adequately analyse the state of play, assess risks and coordinate action”. It also underlines the importance of impact assessments which should accompany all new digital policies. In terms of digital public infrastructure, the report notes that it should be built on common and open standards, and support interoperability. Furthermore, digital public infrastructure and technological sovereignty overall should be promoted by investment from the upcoming Multiannual Financial Framework and by public procurement, which should support the deployment and scaling of open and interoperable digital solutions. Critical digital infrastructure, including but not limited to terrestrial and undersea cables, cellular network towers and cloud servers containing sensitive information, should have enhanced security and resilience. This enhanced security also includes that these critical digital infrastructures would fall under European jurisdiction. The report also calls on the European Commission to, in the context of the Cybersecurity Act review, focus on the interplay between sovereignty and security, and to enhance the protection of strategic and critical infrastructure. Finally, the report notes that the European Commission should increase its engagement within the existing global standardisation organisations. The next step is a vote in the European Parliament plenary session scheduled for 7 July.
Data protection
Council of the EU published its latest version of the insolvency proposal
On 21 May, the Council of the European Union published its latest draft version of the insolvency directive. The insolvency proposal intends to establish a more uniform insolvency framework across EU Member States to ensure legal clarity and better protection for business, creditors and other stakeholder in cross-border insolvency proceedings. The latest Council presidency draft amends the article 27 and recital 28 on the assignment or termination of executory contracts. The amendments still maintains that the assignment shall not require the consent of debtor’s counterparty, but it adds that Member States may provide that the consent is required depending on the “type of contract, the quality of the parties, or the interest of the business.” No agreement was reached on the provisions concerning the rules on winding-up procedures and electronic auction systems for the sale of the assets of the debtor, which may include existing domain contracts. The Council of the EU is meeting on 12 June to finalise the negotiations with the ambition to find the (partial) general approach.
Cybersecurity
European Parliament’s Committee on the EUDS published its findings and recommendations
On 29 April, the European Parliament’s Special Committee on the European Democracy Shield published a document outlining the findings and recommendations of this Special Committee. The Committee’s task is to react to malicious interference in democratic process in the European Union and assess relevant existing and planned legislation and policies to detect gaps that could be exploited (see our previous coverage here). This working document intends to map the policy areas where action should be taken. In relation to cybersecurity, the document notes that the proposal for European Democracy Shield should take the protection of critical infrastructure and entities into account. EU’s dependence on foreign actors and foreign-made technologies in critical infrastructures and supply chains is another issue of concern. The document also notes that the low level of NIS2 Directive transposition remains an issue. In relation to foreign information manipulations and interference (FIMI) the document suggests creating a new independent structure at EU level dedicated to combatting FIMI.
ENISA published a Handbook for cyber stress tests
On 15 May, the EU agency for cybersecurity ENISA published a Handbook for cyber stress testing. The Handbook should complement the EU’s legislative efforts in strengthening the resilience of critical infrastructure. It should guide national or sectorial authorities with the stress testing of the cybersecurity and resilience of entities in critical sectors, typically operators of critical infrastructure and providers of critical services. The Handbook lists relevant EU policies, among them NIS2, Directive on the resilience of critical entities (CER) and Digital Operational Resilience Act (DORA). Cyber stress test is defined as a “targeted assessment of the resilience of individual entities and their ability to withstand and recover from significant cybersecurity incidents, ensuring the provision of critical services, in different risk scenarios”. The assessment is targeted, focusing on specific risk scenarios and threats, allowing for a subsequent follow up by national authorities on the identified gaps. Cyber stress tests can also be a part of the national authorities supervision toolkit, to start a dialogue about specific threats or risk scenarios. The handbook notes that stress tests are well suited for the supervision of complex interconnected systems, they help to assess systemic risks and can help to build up resilience. They could also become a new lightweight and targeted mechanisms for assessing critical sector’s resilience which can help understand the cybersecurity gaps.
Disinformation
Polish presidency published conclusions on strengthening EU democratic resilience
On 27 May, the Polish presidency of the Council of the EU published conclusions on strengthening EU democratic resilience. Polish presidency proposed these conclusions as a response to the challenges to EU democracies in relation to safeguarding electoral processes from foreign interference, protecting free, open and informed democratic debate and protecting fundamental rights. The conclusions stress the importance of fundamental rights and rule of law in building democratic resilience. The conclusions note that foreign information manipulation and interference campaigns (FIMI), including disinformation, have become a “threat to democracy” and to the rule of law, particularly in the context of social media. A key approach to countering FIMI campaigns is an integrated and multi-stakeholder approach, which should promote transparency and foster digital, cyber, information and media literacy, as part of civic education. The presidency invites the European Commission to reflect these issues in the upcoming European Democracy Shield proposal (see our previous coverage here and CENTR comment here).
Internet Governance
European Commission published a non-paper on WSIS+20 review process
On 16 May, the delegation of the European Union to the United Nations (UN) in New York submitted a non-paper to the President of the UN General Assembly on the WSIS+20 Review process. In order to ensure an inclusive and structured multi-stakeholder consultation process within the WSIS+20 Review, the document proposes to establish a WSIS+20 Multi-stakeholder Sounding Board. The Board would be established within the mandate of the WSIS+20 Review Modalities Resolution (see here) with the aim to enhance transparency, inclusivity, and legitimacy by continuously gathering views and expertise from a wide multi-stakeholder community and by supporting negotiators in their deliberations. The Sounding Board should include volunteers from the ranks of members of the Internet Governance Forum (IGF) Multi-stakeholder Advisory Group and of the IGF Leadership Panel, with the intent to improve its legitimacy and diverse composition. The Sounding Board should have three main functions, namely to offer guidance and assist the co-facilitators with coordinating inputs from the stakeholders; to draft inputs also by consolidate stakeholder input into concise recommendations for Member States; and to advise the co-facilitators and UN Member States and act as an intermediary between non-stake Stakeholders and Member States negotiators. The Sounding Board should operate in line with the NETmundial+10 multi-stakeholder guidelines. The non-paper proposes for the co-facilitators to present the Sounding Board and indicative timeline during the IGF in Norway. The Sounding Board should be convened as early as possible and conclude its work at the UN General Assembly WSIS+20 High-Level Meeting in December.
Consumer protection
European Commission opened a call for evidence on Consumer Agenda 2025-2030
On 19 May, the European Commission opened a public consultation on the Consumer Agenda 2025-2030 and action plan on consumers in the Single Market. The initiative follows the preceding Consumer Agenda for years 2020-2025. The new Consumer Agenda 2025-2030 and action plan are one of the key tasks given to the Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection Michael McGrath. It should simplify administrative burden on companies while maintaining current levels of consumer protection. The Agenda will complement other initiatives in the consumer area, in particular the planned Digital Fairness Act which should tackle manipulative and unethical commercial practices in the digital space, reduce legal uncertainty for business, avoid regulatory fragmentation and facilitate enforcement. It will announce a range of initiatives and actions to be taken until 2030. The action plan should include measures on protecting consumers from unfair discrimination, maintaining benefits while crossing borders and improving protection when buying goods or services. The public consultation and call for evidence are open for feedback until 11 August.
eID
European Commission opened a call for evidence on the European Business Wallet
On 15 May, the European Commission opened a call for evidence on the European Business Wallet. The proposal comes as one of the initiatives outlined in the Competitiveness Compass and is a part of the Commission Work Programme for 2025 (see our previous coverage here). The European Business Wallet should build on the EUID Regulation and expand the European Digital Identity Framework to include economic operators and public administrations. The initiative should ensure interoperability and seamless communication with the EU Digital Identity Wallet. The initiative aims to address problem drivers such as fragmentation of national portals, inefficient administrative processes and complicated compliance obligations by providing a single, secure, interoperable, universally accepted cloud-based identity solution. Businesses should be able to identify and authenticate themselves, share credentials such as business licenses, permits, environmental certificates or VAT registration, and receive official notifications across the EU using a harmonised and legally recognised identity infrastructure. The Wallet should also enable secure storage, sharing and transmission of data and essential documents, facilitating B2B and B2G interactions, and provide an integrated platform for managing regulatory requirements related to the provision of information to public administrations. On top of the call for evidence, which will close on 12 June, the European Commission plans to consult relevant stakeholders through interviews, expert group meetings and technical workshops taking place from March to September 2025. The planned publication of the regulation is in Q4 2025.
