In a nutshell: The EU and the US began formal negotiations on an EU-US agreement on e-evidence. The European Parliament's Committee on Civil Liberties, Justice and Home Affairs voted for starting negotiations with the EU Council on the proposal for a Regulation on the prevention of terrorist content online. The new Executive Director of ENISA spoke about the future course of the EU cybersecurity agency, while Security Commissioner Julian King outlined plans for the future EU (cyber)security policy during the hearings with the European Parliament. President-elect of the European Commission Ursula von der Leyen presented her team in the European Commission that starts its work on 1 November.
EU-US negotiations to facilitate access to electronic evidence are launched
On 25 September the EU and the US began formal negotiations on an EU-US agreement to facilitate access to electronic evidence in criminal investigations. EU and US negotiators agreed to regular negotiating rounds with a view to concluding an agreement "as quickly as possible". Progress will be reviewed at the next EU-US Justice and Home Affairs Ministerial in December. In her official statement, European Commissioner for Justice, Consumers and Gender Equality, Věra Jourová said: “I welcome the start of formal negotiations. Criminals use fast, modern technologies to organise their crimes and cover up their evidence. We need to work together with our American partners to speed up the access of our law enforcement authorities to this evidence. This will strengthen our security, while protecting the data privacy and procedural safeguards of our citizens. The launch of negotiations marks an important step towards achieving this.”
LIBE approves trilogues for the proposal on prevention of dissemination of terrorist content online
On 24 September the European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE) voted to start negotiations with the EU Council on the proposal for a Regulation on the prevention of terrorist content online (TERREG). The mandate to start trilogue negotiations still needs to be approved by the European Parliament's plenary in October. The Parliament's position on the file was approved back in April. It explicitly excludes services other than at the application layer, cloud service providers and electronic communications services from the scope of the Regulation that obliges hosting service providers to remove terrorist content in the originally-proposed 1-hour deadline. According to the European Commission's Proposal, and reiterated in the Parliament's Report, hosting service providers shall treat referrals made by Europol, alerting them of information that may be considered terrorist content, as a matter of priority and provide swift feedback on action taken. However, the ultimate decision on whether something is against their terms of service remains with the hosting provider in the case of such alerts made by Europol. The European Parliament's position supports the originally proposed one-hour deadline for executing removal orders by competent authorities. In addition it targets only those hosting service providers that make the stored content available to the public. The negotiators from the Parliament's side are Javier Zarzalejos (EPP, Spain), Marina Kaljurand (S&D, Estonia), Maite Pagazaurtundúa (Renew Europe, Spain), Cornelia Ernst (GUE, Germany), Patrick Breyer (Greens, Germany) led by Patryk Jaki (ECR, Poland).
European Commission gives a tentative timeline for the new Digital Services Act
As reflected in the political guidelines issued by the President-elect of the European Commission, the EU is preparing for an upcoming reform that will specifically "upgrade our liability and safety rules for digital platforms, services and products, and complete our Digital Single Market'' – the so-called Digital Services Act. According to the European Commission's officials the tentative deadline for the upcoming reform currently looks as follows: impact assessment to be issued at the beginning of 2020; clarity on the regulatory options by mid 2020; proposal for the new legislation by the end of 2020 or beginning of 2021.
European Parliament addressed the new Executive Director of ENISA
On 2 September, the newly (re)elected MEPs in the European Parliament's Industry, Research and Energy Committee (ITRE) addressed the new Executive Director of the EU cybersecurity agency ENISA - Juhan Lepassaar - on his plans for the future of ENISA and the course of cybersecurity policy in the EU. During the hearing in ITRE, Lepassaar emphasised the need for a "global standard for trust", as cybersecurity is not merely a technical challenge but increasingly a political and societal one. Lepassaar expressed the need for Europe to be the leading force behind the global standard on cybersecurity, similarly to GDPR being the global standard for privacy. When it comes to network information security, according to Lepassaar, ENISA should contribute to common understanding on how to "best implement the NIS Directive" amongst the Member States. ENISA should contribute to this goal by issuing guidelines and analysing "best practices". Cybersecurity certification schemes that are to be developed under the EU Cybersecurity Act should be targeted at enhancing trust and be built on existing expertise and knowledge across the EU. Lepassaar stressed the need to "proactively seek the buy-in from EU stakeholders" (and especially the experts from the Stakeholder Cybersecurity Certification Group that is to be formed under the EU Cybersecurity Act). In addition, according to Lepassaar, ENISA should be able to draw expertise from the technical field and feed that into the political dialogue in order to reflect that expertise in the policymaking. Last but not least, ENISA "needs to build bridges with [the] private sector" and stay independent from the European Commission.
Security Commissioner Julian King outlined plans for future EU (cyber)security policy
On 12 September, Security Commissioner Julian King updated MEPs in LIBE on the on-going initiatives to address the security of 5G networks and to secure democratic elections. According to Commissioner King, the security of critical infrastructure (when we speak of 5G) is of paramount importance to ensure protection for EU citizens. When it comes to security policies across Member States, both the understanding of the common risks, as well as the ways to mitigate those weaknesses need to be addressed collectively across the EU. The European Commission has just received the final risk assessments within the critical infrastructure for 5G networks across Member States and will commence its work on common strategies on how to mitigate these risks, that is due by the end of 2019. The European Commission promised to report on what they learned from the Member States and their risk assessments in October. On disinformation, an evaluation regarding the potential regulatory response to tackling disinformation and election interference is also due at the beginning of 2020. Commissioner King stressed multiple times during the meeting with LIBE that "more is needed to be done" at platform level to address the disinformation amplified by "fake and bot-accounts". The European Commission is preparing a communication on disinformation and election interference to be published at the beginning of 2020. A regulatory response to ensure more transparency on platforms is not excluded. Commissioner King also briefly mentioned the upcoming Digital Services Act, simply stating that the planned legislation is an "important effort to secure a safe, secure and democratic future for our citizens".
New European Commission
President-elect of the European Commission Ursula von der Leyen presents her team
On 10 September, the President-elect Ursula von der Leyen presented her team and the new structure of the next European Commission. The new Commission will have eight Vice-Presidents. The Vice-Presidents are responsible for the top priorities in the Political Guidelines. They will steer the work on top-priority overarching issues, such as the "European Green Deal", a "Europe fit for the digital age", an "economy that works for people", "protecting our European way of life", a "stronger Europe in the world" and a "new push for European democracy". Three Executive Vice-Presidents are envisaged to have a double function. They will be both Vice-President responsible for one of three core topics of the President-elect's agenda and Commissioners. As part of their dual role, they will also manage a policy area and have a Directorate-General (DG) under their authority for this part of their job.
For digital files, the following Commissioner-designates are relevant:
- Executive Vice-President Margrethe Vestager (Denmark) will coordinate the whole agenda on a Europe fit for the digital age and be the Commissioner for Competition. According to the mission letter issued by the President-elect to Commissioner-designate Vestager, her task will be to "ensure that Europe fully grasps the potential of the digital age and strengthens its industry and innovation capacity." Vestager will be in charge of delivering the ambitious plan of coming forward with the "European approach on artificial intelligence" in the first 100 days of the mandate of the new Commission. She is also the one who will "coordinate the work on upgrading our liability and safety rules for digital platforms, services and products as part of a new Digital Services Act."
- Commissioner-designate for Internal Market Sylvie Goulard (France) is expected to "contribute to the work on enhancing Europe’s technological sovereignty". According to the mission letter, this means "investing in the next frontier of technologies, such as blockchain, high-performance computing, algorithms, and data-sharing and data-usage tools. It also means jointly defining standards for 5G networks and new-generation technologies. Closely working with the Executive Vice-President Vestager, Goulard is expected to "lead the work on a coordinated European approach on artificial intelligence and on the new Digital Services Act". Additionally, Goulard is asked "to focus on building a real single market for cybersecurity, notably looking at certification, implementing rules on security of network and information systems, rapid emergency response strategies". Another area of competence for the Internal Market Commissioner-designate is "to take a close look at our intellectual property regime to ensure that it is coherent, is fit for the digital age and supports our competitiveness". To add to her already quite multifaceted portfolio, Goulard is expected to "lead the Commission’s reflections on issues such as Europe’s technological sovereignty in key value chains, including in the defence and space sectors, common standards and future trends". The DGs under Goulard's control will be a new Directorate-General for Defence Industry and Space, as well as the Directorate-General for Communications Networks, Content and Technology and the Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs.
- Commissioner-designate for Justice Didier Reynders (Belgium) is expected to "lead the work on consumer protection, notably for cross-border and online transactions." In addition, EU 'Justice' policy should focus on "a cross-cutting contribution to the fight against terrorism and extremism, as well as to all aspects of the Security Union", according to the mission letter. In this context, Commissioner-designate Reynders "should focus on enhancing judicial cooperation and improving information exchange". Additionally, Reynders is expected to "ensure the full implementation and enforcement of the General Data Protection Regulation and promote the European approach as a global model." Having an ambitious approach towards AI (and the 100-day deadline) will be even more challenging as Reynders will also be responsible for contributing to the "legislation on a coordinated approach on the human and ethical implications of artificial intelligence, ensuring that fundamental rights are fully protected in the digital age." This effectively means that three Commissioners will focus on AI-related issues within their missions.
- Vice-President-designate for Protecting our European Way of Life, Margaritis Schinas (Greece), is given the mission to coordinate the Commission’s work in the area of Security Union and ensure the coherence of all security-related policies. According to the mission letter, Schinas is also tasked to "enhance the EU’s ability to prevent, detect and respond to hybrid threats" in the area of cybersecurity. In his written answers ahead of the hearing before the European Parliament, Schinas highlights the focus on implementing existing security-related legislation that in his view "will already help improve cross-border cooperation". However, Schinas calls out the need to do "more to help modernise the tools at the disposal of law enforcement and adapt them to the new security environment of the digital age", including cyber-enabled crime.
The Commissioner-designates need to be voted in by the European Parliament before formally being appointed for their positions on 1 November. Before the respective vote in the Parliament, MEPs meet each Commissioner-designate in a series of public hearings. An infographic describing the process can be found here.