News

In a nutshell: Negotiations on the DSA and NIS 2 reached a new milestone as the Council of the EU adopted its General Approach on both legislative initiatives. ENISA published its NIS Investments Report for 2021, highlighting the costs incurred by operators of essential services to comply with the NIS Directive. Europol published its Internet Organised Crime Threat Assessment for 2021. The Slovenian Presidency issued a Progress Report on the EUID proposal. The EDPB published its guidelines on international data transfers and raised concerns regarding the Digital Services Package currently under negotiation in the EU. The Advocate-General of the Court of Justice of the European Union issued an opinion in a case on state-enabled data retention in the electronic communications sector. Home Affairs Ministers released a Joint Statement during a Ministerial conference on the prevention and investigation of child sexual abuse.

In a nutshell: the European Commission published its Work Programme for 2022. Discussions continued within the co-legislators to reach a position on the DSA and a consensus on e-Evidence. October, as the official “European Cybersecurity month”, lived up to its status with many updates on cybersecurity. LIBE adopted its opinion on NIS 2 and its report on CER, while ITRE adopted its position on NIS 2. Member State leaders adopted their conclusions following the European Council meeting, highlighting cybersecurity as one of the key priorities for the EU. The European Data Protection Board adopted its Guidelines on restrictions of data subject rights under Article 23 of the GDPR. The Slovenian Presidency emphasised the fight against child sexual abuse as one of its key priorities.

In a nutshell: Ursula von der Leyen delivered her speech on the State of the Union. Denmark and Germany’s ministers called for stricter rules in the Digital Services Act (DSA), while EEA EFTA states called for more balance with freedom of expression. JURI and ITRE adopted their opinions on the DSA. The Slovenian Presidency circulated its proposal for a compromise text on the DSA. Potential areas for consensus were debated in trilogues regarding the e-Evidence proposal. The Netherlands released a non-paper on the Data Act ahead of the EU proposal expected in December.

In a nutshell: Slovenia took over the Presidency of the Council of the EU. The European Parliament adopted a temporary ePrivacy derogation to detect and remove child abuse. The NIS2 and CER Directives, as well as the DSA Regulation proposals advanced through the European Parliamentary discussions. The Council of the EU published its conclusions on intellectual property policy. The European Data Protection Board adopted guidelines on the concepts of controller and processor. ENISA published a report stating that supply chain cyberattacks are expected to quadruple in 2021.

In a nutshell: The European Parliament is steadily advancing on developing its positions on the proposals for the Digital Services Act, the NIS 2 Directive, the CER Directive, and has adopted a resolution on the challenges of sports events organisers. The Portuguese presidency in the Council of the EU published a progress report on the Digital Services Act. ENISA published its first EU cybersecurity certification scheme. The Cybercrime Convention Committee within the Council of Europe approved the draft of the 2nd Additional Protocol to the Budapest Convention concerning access to electronic evidence. The European Data Protection Board expressed concerns over the alignment of the draft text of the 2nd Additional Protocol to the Budapest Convention with the EU data protection framework.

In a nutshell: The European Commission unveiled its proposal on the Artificial Intelligence Act and the EU Strategy to tackle organised crime until 2025. ENISA published research directions for the EU digital strategic autonomy. The Council of Europe published a new draft text of the 2nd Additional Protocol to the Budapest Convention. The negotiators in the European Parliament and the Council of the EU reached a provisional agreement on temporary rules to detect and remove child abuse material. The European Parliament adopted TERREG.

In a nutshell: The European Commission unveiled its Digital Targets for 2030. Four EU countries called for European digital sovereignty in a letter to the European Commission. The European Data Protection Supervisor issued an opinion on the Europol Regulation proposal and the NIS 2 Directive proposal. The European Court of Justice delivered a judgment about the admissibility of evidence in cases of access to electronic communications traffic and location data. The Council of the EU adopted conclusions on the EU cybersecurity strategy. The European Parliament adopted its resolution on the implementation of the GDPR. EUIPO published a discussion paper on challenges and good practices to prevent the misuse of domain names for IP infringements.

In a nutshell: Portugal is holding the presidency in the Council of the EU until the end of June 2021. Trilogue negotiations on the e-Evidence legislative package have started. The European Data Protection Board adopted the statement on the second additional protocol to the Budapest convention, outlining the problems with its domain name registration provisions. The Council of the EU adopted its position on ePrivacy. The Dutch government set out its position on the proposal of the EU Digital Services Act. The EU intends to criminalise hate speech and hate crime.

In a nutshell: The end of 2020 was full of policy and legislative proposals to fill the EU bubble’s agenda in 2021. The European Parliament’s LIBE committee approved its position on the e-Evidence package. The European Commission published the following legislative proposals, that are relevant for internet infrastructure actors: Europol’s revised mandate to increase its cooperation with private parties; the proposal for the Digital Services Act; the proposal for the NIS 2 Directive; and the proposal for a directive on the resilience of critical entities. In the coming months, the Commission is planning to come up with legislation on tackling the issue of child sexual abuse online and on digital identity.