News

In a nutshell: The European Commission opened a public consultation on the cross-border enforcement of consumer protection law and issued proposals to reform the EU framework on geographical indications. The European Court of Auditors published the conclusions of its report on intellectual property rights in the EU. The CJEU reaffirmed the prohibition of the general and indiscriminate retention of electronic communications data and held that online content-sharing service providers’ obligation to monitor content under the Copyright Directive is compatible with freedom of expression. The European Parliament and the Council of the EU reached a political agreement on the DSA. The European Parliament adopted the Data Governance Act in plenary, and JURI issued its Draft Opinion on the proposal for an EUID. ENISA issued its report on Coordinated vulnerability disclosure policies in the EU. The EU, the US and other international partners issued a Declaration for the Future of the Internet.

In a nutshell: March was a particularly busy month in the cybersecurity sphere. The European Commission issued a call for evidence for an impact assessment on the upcoming Cyber Resilience Act and released a proposal for a Regulation laying down measures for a high common level of cybersecurity at the EU institutions, bodies, offices and agencies. In parallel, the NIS Cooperation Group issued its Technical Guidelines on Security Measures for Top-Level Domain Name registries, ENISA published a report on Security and Privacy for public DNS resolvers, and EU Ministers called for a strengthening of the EU's telecommunications and cybersecurity resilience. New documents were released regarding the trilogue negotiations on e-Evidence and the EUID proposal, and a political agreement between co-legislators was found on the Digital Markets Act. The European Commission and the United States agreed on a new Trans-Atlantic Data Privacy framework. Europol and the EUIPO issued a joint Intellectual Property Threat Assessment.

In a nutshell: The European Commission kickstarted the year with a set of publications of relevance for ccTLDs, such as the DNS Abuse Study and the Communication on an EU Strategy on Standardisation. The Commission also released proposals for a European Declaration on Digital Rights and a Data Act. Regarding intellectual property, the Commission issued a call for evidence on the upcoming EU Toolbox against Counterfeiting, whilst the European Parliament published a Study on the Cross Border Enforcement of Intellectual Property Rights in the EU. Co-legislators reached a provisional agreement on amending the Europol regulation, and IMCO published its Draft Report on the EUID proposal. The EDPB launched a coordinated enforcement action on the use of cloud services by the public sector.

In a nutshell: The upcoming months look busy on the legislative and policy front. France took over the presidency of the Council of the EU until the end of June with an ambitious digital agenda and the aim to finalise key legislative initiatives such as the DSA and NIS 2 before the national elections. The Council of the EU approved its General Approach on the CER Directive. The European Parliament adopted its position on the DSA and is ready to enter trilogue negotiations with the Council of the EU and the European Commission. The European Commission published its long-awaited call for proposals for the deployment of DNS4EU and is looking into proposing new legislative initiatives in the fields of cybersecurity, child protection and hate speech online. It is also expected to put forward an EU Toolbox against counterfeiting, and to publish its study on DNS abuse. 

In a nutshell: Negotiations on the DSA and NIS 2 reached a new milestone as the Council of the EU adopted its General Approach on both legislative initiatives. ENISA published its NIS Investments Report for 2021, highlighting the costs incurred by operators of essential services to comply with the NIS Directive. Europol published its Internet Organised Crime Threat Assessment for 2021. The Slovenian Presidency issued a Progress Report on the EUID proposal. The EDPB published its guidelines on international data transfers and raised concerns regarding the Digital Services Package currently under negotiation in the EU. The Advocate-General of the Court of Justice of the European Union issued an opinion in a case on state-enabled data retention in the electronic communications sector. Home Affairs Ministers released a Joint Statement during a Ministerial conference on the prevention and investigation of child sexual abuse.

In a nutshell: the European Commission published its Work Programme for 2022. Discussions continued within the co-legislators to reach a position on the DSA and a consensus on e-Evidence. October, as the official “European Cybersecurity month”, lived up to its status with many updates on cybersecurity. LIBE adopted its opinion on NIS 2 and its report on CER, while ITRE adopted its position on NIS 2. Member State leaders adopted their conclusions following the European Council meeting, highlighting cybersecurity as one of the key priorities for the EU. The European Data Protection Board adopted its Guidelines on restrictions of data subject rights under Article 23 of the GDPR. The Slovenian Presidency emphasised the fight against child sexual abuse as one of its key priorities.

In a nutshell: Ursula von der Leyen delivered her speech on the State of the Union. Denmark and Germany’s ministers called for stricter rules in the Digital Services Act (DSA), while EEA EFTA states called for more balance with freedom of expression. JURI and ITRE adopted their opinions on the DSA. The Slovenian Presidency circulated its proposal for a compromise text on the DSA. Potential areas for consensus were debated in trilogues regarding the e-Evidence proposal. The Netherlands released a non-paper on the Data Act ahead of the EU proposal expected in December.

In a nutshell: Slovenia took over the Presidency of the Council of the EU. The European Parliament adopted a temporary ePrivacy derogation to detect and remove child abuse. The NIS2 and CER Directives, as well as the DSA Regulation proposals advanced through the European Parliamentary discussions. The Council of the EU published its conclusions on intellectual property policy. The European Data Protection Board adopted guidelines on the concepts of controller and processor. ENISA published a report stating that supply chain cyberattacks are expected to quadruple in 2021.

In a nutshell: The European Parliament is steadily advancing on developing its positions on the proposals for the Digital Services Act, the NIS 2 Directive, the CER Directive, and has adopted a resolution on the challenges of sports events organisers. The Portuguese presidency in the Council of the EU published a progress report on the Digital Services Act. ENISA published its first EU cybersecurity certification scheme. The Cybercrime Convention Committee within the Council of Europe approved the draft of the 2nd Additional Protocol to the Budapest Convention concerning access to electronic evidence. The European Data Protection Board expressed concerns over the alignment of the draft text of the 2nd Additional Protocol to the Budapest Convention with the EU data protection framework.