EU

EU telecoms reform advances in small steps

The European Commission has unveiled the Digital Networks Act, aiming to reduce fragmentation across the EU telecoms sector. Proposals include limited spectrum harmonisation and an EU-wide numbering scheme to support cross-border business services.

Despite years of debate, the plan stops short of creating a fully unified telecoms market. National governments continue to resist deeper integration, particularly around control of 4G, 5G and wi-fi spectrum management.

The proposal reflects a cautious approach from the European Commission, balancing political pressure for reform against opposition from member states. Longstanding calls for consolidation have struggled to gain consensus.

Commission president Ursula von der Leyen has backed greater market integration, though the latest measures represent an incremental step rather than a structural overhaul.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU alternative app store Setapp Mobile closes

European users will soon lose access to Setapp Mobile, an alternative app store created under the EU Digital Markets Act. The service will shut down on 16 February 2026.

MacPaw, a Ukrainian software developer known for Mac productivity tools, launched Setapp as a subscription-based app platform. Its mobile store debuted in 2024 to challenge Apple’s App Store in the EU.

Ongoing uncertainty around Apple’s EU fee structure weakened the business case. The Core Technology Fee and frequent commercial changes made planning and sustainable monetisation difficult.

Setapp’s desktop service will continue operating, while the mobile store is discontinued. Other alternative app stores remain available in the EU, including Epic Games Store and the open source AltStore.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New EU cybersecurity package strengthens resilience and ENISA powers

The European Commission has unveiled a broad cybersecurity package that moves the EU beyond certification reform towards systemic resilience across critical digital infrastructure.

Building on plans to expand EU cybersecurity certification beyond products and services, the revised Cybersecurity Act introduces a risk-based framework for securing ICT supply chains, with particular focus on dependencies, foreign interference, and high-risk third-country suppliers.

A central shift concerns supply-chain security as a geopolitical issue. The proposal enables mandatory derisking of mobile telecommunications networks, reinforcing earlier efforts under the 5G security toolbox.

Certification reform continues through a redesigned European Cybersecurity Certification Framework, promising clearer governance, faster scheme development, and voluntary certification that can cover organisational cyber posture alongside technical compliance.

The package also tackles regulatory complexity. Targeted amendments to the NIS2 Directive aim to ease compliance for tens of thousands of companies by clarifying jurisdictional rules, introducing a new ‘small mid-cap’ category, and streamlining incident reporting through a single EU entry point.

Enhanced ransomware data collection and cross-border supervision are intended to reduce fragmentation while strengthening enforcement consistency.

ENISA’s role is further expanded from coordination towards operational support. The agency would issue early threat alerts, assist in ransomware recovery with national authorities and Europol, and develop EU-wide vulnerability management and skills attestation schemes.

Together, the measures signal a shift from fragmented safeguards towards a more integrated model of European cyber sovereignty.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU considers further action against Grok over AI nudification concerns

The European Commission has signalled readiness to escalate action against Elon Musk’s AI chatbot Grok, following concerns over the spread of non-consensual sexualised images on the social media platform X.

The EU tech chief Henna Virkkunen told Members of the European Parliament that existing digital rules allow regulators to respond to risks linked to AI-driven nudification tools.

Grok has been associated with the circulation of digitally altered images depicting real people, including women and children, without consent. Virkkunen described such practices as unacceptable and stressed that protecting minors online remains a central priority for the EU enforcement under the Digital Services Act.

While no formal investigation has yet been launched, the Commission is examining whether X may breach the DSA and has already ordered the platform to retain internal information related to Grok until the end of 2026.

Commission President Ursula von der Leyen has also publicly condemned the creation of sexualised AI images without consent.

The controversy has intensified calls from EU lawmakers to strengthen regulation, with several urging an explicit ban on AI-powered nudification under the forthcoming AI Act.

A debate that reflects wider international pressure on governments to address the misuse of generative AI technologies and reinforce safeguards across digital platforms.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

European Parliament moves to force AI companies to pay news publishers

Lawmakers in the EU are moving closer to forcing technology companies to pay news publishers for the use of journalistic material in model training, according to a draft copyright report circulating in the European Parliament.

The text forms part of a broader effort to update copyright enforcement as automated content systems expand across media and information markets.

Compromise amendments also widen the scope beyond payment obligations, bringing AI-generated deepfakes and synthetic manipulation into sharper focus.

MEPs argue that existing legal tools fail to offer sufficient protection for publishers, journalists and citizens when automated systems reproduce or distort original reporting.

The report reflects growing concern that platform-driven content extraction undermines the sustainability of professional journalism. Lawmakers are increasingly framing compensation mechanisms as a corrective measure rather than as voluntary licensing or opaque commercial arrangements.

If adopted, the position of the Parliament would add further regulatory pressure on large technology firms already facing tighter scrutiny under the Digital Markets Act and related digital legislation, reinforcing Europe’s push to assert control over data use, content value and democratic safeguards.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI firms fall short of EU transparency rules on training data

Several major AI companies appear slow to meet EU transparency obligations, raising concerns over compliance with the AI Act.

Under the regulation, developers of large foundation models must disclose information about training data sources, allowing creators to assess whether copyrighted material has been used.

Such disclosures are intended to offer a minimal baseline of transparency, covering the use of public datasets, licensed material and scraped websites.

While open-source providers such as Hugging Face have already published detailed templates, leading commercial developers have so far provided only broad descriptions of data usage instead of specific sources.

Formal enforcement of the rules will not begin until later in the year, extending a grace period for companies that released models after August 2025.

The European Commission has indicated willingness to impose fines if necessary, although it continues to assess whether newer models fall under immediate obligations.

The issue is likely to become politically sensitive, as stricter enforcement could affect US-based technology firms and intensify transatlantic tensions over digital regulation.

Transparency under the AI Act may therefore test both regulatory resolve and international relations as implementation moves closer.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU revises Cybersecurity Act to streamline certification

The European Commission plans to revise the Cybersecurity Act to expand certification schemes beyond ICT products and services. Future assessments would also cover companies’ overall risk-management posture, including governance and supply-chain practices.

Only one EU-wide scheme, the Common Criteria framework, has been formally adopted since 2019. Cloud, 5G, and digital identity certifications remain stalled due to procedural complexity and limited transparency under the current Cybersecurity Act framework.

The reforms aim to introduce clearer rules and a rolling work programme to support long-term planning. Managed security services, including incident response and penetration testing, would become eligible for EU certification.

ENISA would take on a stronger role as the central technical coordinator across member states. Additional funding and staff would be required to support its expanding mandate under the newer cybersecurity laws.

Stakeholders broadly support harmonisation to reduce administrative burden and regulatory fragmentation. The European Commission says organisational certification would assess cybersecurity maturity alongside technical product compliance.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

SRB GDPR case withdrawn from EU court

A high-profile EU court case on pseudonymised data has ended without a final ruling. The dispute involved the Single Resolution Board and the European Data Protection Supervisor.

The case focused on whether pseudonymised opinions qualify as personal data under the GDPR. Judges were also asked to assess reidentification risks and notification duties.

After intervention by the Court of Justice of the European Union, the matter returned to the General Court. Both parties later withdrew the case, leaving no binding judgement.

Legal experts say the CJEU’s guidance continues to shape enforcement practice. Regulators are expected to reflect those principles in updated EU pseudonymisation guidelines.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU lawmakers push limits on AI nudity apps

More than 50 EU lawmakers have called on the European Commission to clarify whether AI-powered applications for nudity are prohibited under existing EU legislation, citing concerns about online harm and legal uncertainty.

The request follows public scrutiny of the Grok, owned by xAI, which was found to generate manipulated intimate images involving women and minors.

Lawmakers argue that such systems enable gender-based online violence and the production of child sexual abuse material instead of legitimate creative uses.

In their letter, lawmakers questioned whether current provisions under the EU AI Act sufficiently address nudification tools or whether additional prohibitions are required. They also warned that enforcement focused only on substantial online platforms risks leaving similar applications operating elsewhere.

While EU authorities have taken steps under the Digital Services Act to assess platform responsibilities, lawmakers stressed the need for broader regulatory clarity and consistent application across the digital market.

Further political debate on the issue is expected in the coming days.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU reaffirms commitment to Digital Markets Act enforcement

European Commission Executive Vice President Teresa Ribera has stated that the EU has a constitutional obligation under its treaties to uphold its digital rulebook, including the Digital Markets Act (DMA).

Speaking at a competition law conference, Ribera framed enforcement as a duty to protect fair competition and market balance across the bloc.

Her comments arrive amid growing criticism from US technology companies and political pressure from Washington, where enforcement of EU digital rules has been portrayed as discriminatory towards American firms.

Several designated gatekeepers have argued that the DMA restricts innovation and challenges existing business models.

Ribera acknowledged the right of companies to challenge enforcement through the courts, while emphasising that designation decisions are based on lengthy and open consultation processes. The Commission, she said, remains committed to applying the law effectively rather than retreating under external pressure.

Apple and Meta have already announced plans to appeal fines imposed in 2025 for alleged breaches of DMA obligations, reinforcing expectations that legal disputes around EU digital regulation will continue in parallel with enforcement efforts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!