EU

New EU rules aim to accelerate GDPR complaint handling

The Council of the European Union has approved new rules aimed at speeding up the handling of cross-border data protection complaints, marking a significant update to the enforcement of the General Data Protection Regulation (GDPR) across the bloc. The new regulation aims to address long-standing bottlenecks in cooperation between national data protection authorities, which often hinder investigations involving companies operating across multiple EU countries.

Among the key changes is the introduction of harmonised criteria for determining whether a complaint is admissible, ensuring that citizens receive the same treatment no matter where they file a GDPR complaint. The rules also strengthen the rights of both complainants and companies under investigation, including clearer procedures for participation in the case and access to preliminary findings.

To reduce administrative burdens, the regulation introduces a simplified cooperation procedure for straightforward cases, allowing authorities to close cases more quickly without relying on the full cooperation framework.

Standard investigations will now be subject to a maximum 15-month deadline, extendable by another 12 months for particularly complex cases. Simple cooperation cases must be concluded within 12 months.

With the Council’s adoption, the legislative process is complete. The regulation will enter into force 20 days after its publication in the EU’s Official Journal and will begin to apply 15 months later. It updates the GDPR’s cross-border enforcement system, under which a single lead authority handles cases but must coordinate with other national regulators when individuals in multiple member states are affected.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

WhatsApp to support cross-app messaging

Meta is launching a ‘third-party chats’ feature on WhatsApp in Europe, allowing users to send and receive messages from other interoperable messaging apps.

Initially, only two apps, BirdyChat and Haiket, will support this integration, but users will be able to send text, voice, video, images and files. The rollout will begin in the coming months for iOS and Android users in the EU.

Meta emphasises that interoperability is opt-in, and messages exchanged via third-party apps will retain end-to-end encryption, provided the other apps match WhatsApp’s security requirements. Users can choose whether to display these cross-app conversations in a separate ‘third-party chats’ folder or mix them into their main inbox.

By opening up its messaging to external apps, WhatsApp is responding to the EU’s Digital Markets Act (DMA), which requires major tech platforms to allow interoperability. This move could reshape how messaging works in Europe, making it easier to communicate across different apps, though it also raises questions about privacy, spam risk and how encryption is enforced.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Researchers join forces to advance Europe’s digital autonomy

Europe is stepping up efforts to strengthen its digital independence with the creation of the European Network for Technological Resilience and Sovereignty (ETRS), launched ahead of the Summit on European Digital Sovereignty in Berlin. Bringing together leading think tanks and experts from across the continent, the network aims to boost Europe’s capacity for innovation and reduce its reliance on foreign technologies, particularly in critical areas such as AI, cloud infrastructure, and semiconductors.

Today, more than 80% of these technologies originate from the US and China, posing significant economic and strategic risks to Europe.

Led by founding members, including Germany’s Bertelsmann Stiftung, Belgium’s Centre for European Policy Studies (CEPS), France’s AI & Society Institute, and the Polish Economic Institute (PEI), the ETRS aims to establish a shared knowledge base to inform evidence-driven policymaking. The initiative aspires to act as a ‘knowledge engine,’ connecting academia, civil society, industry, and public institutions.

Its goal is to transform fragmented national efforts into a coordinated, values-driven approach that helps Europe enhance its technological resilience while safeguarding democratic principles.

Through joint research, strategic mapping of technology dependencies, and practical policy recommendations, the network intends to support a more sovereign digital infrastructure for Europe. Beginning in 2026, ETRS will roll out strategic initiatives, including expert workshops and an international pool of specialists focused on digital sovereignty, to translate its mission into actionable steps.

Founders emphasise that deeper data-driven analysis and cooperation are essential for Europe to regain agency in the global digital arena.

The network is open to new members, with more than a dozen institutions already joining alongside the founding organisations. ETRS invites think tanks, research bodies, and independent experts across Europe to contribute to its mission of building a resilient, competitive, and democratic digital future for the continent.

More information, as well as the policy toolkit prepared for the summit, is available at the initiative’s official website.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EU moves to reinforce cooperation against VAT fraud

The European Commission has presented a plan to strengthen cooperation among the European Public Prosecutor’s Office, the European Anti-Fraud Office, and member states as part of a broader effort to combat VAT fraud.

The proposal establishes a legal framework for the sharing of information. It grants the EU bodies immediate access to VAT data, which is expected to enhance the detection of cross-border tax evasion schemes.

Real-time reporting of cross-border trade, delivered through the VAT in the Digital Age package, provides national authorities with the information needed to identify suspicious activity, rather than relying on delayed or incomplete records.

Carousel fraud alone costs EU taxpayers billions each year and remains a significant element of the broader VAT compliance gap, which stood at over €89 billion in 2022.

The Commission argues that faster access to VAT information will help investigators uncover fraudulent networks, halt their activities and pursue prosecutions more effectively.

EPPO, OLAF and the Eurofisc network would gain direct communication channels, enabling closer coordination and rapid intelligence sharing throughout the Union.

A proposal that will now move to the Council for agreement and to the European Parliament and the Economic and Social Committee for consultation.

Once adopted and published, the changes will take effect and initiate the implementation phase across the EU.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU investigates Google over potential Digital Markets Act breach

The European Commission has opened an investigation into whether Google may be breaching the Digital Markets Act by unfairly demoting news publishers in search results.

An inquiry that centres on Google’s ‘site reputation abuse policy’, which appears to lower rankings for publishers that host content from commercial partners, even when those partnerships support legitimate ways of monetising online journalism.

The Commission is examining whether Alphabet’s approach restricts publishers from conducting business, innovating, and cooperating with third-party content providers. Officials highlighted concerns that such demotions may undermine revenue at a difficult moment for the media sector.

These proceedings do not imply a final decision; instead, they allow the EU to gather evidence and assess Google’s practices in detail.

If the Commission finds evidence of non-compliance, it will present preliminary findings and request corrective measures. The investigation is expected to conclude within 12 months.

Under the DMA, infringements can lead to fines of up to ten percent of a company’s worldwide turnover, rising to twenty percent for repeated violations, alongside possible structural remedies.

Senior Commissioners stressed that gatekeepers must offer fair and non-discriminatory access to their platforms. They argued that protecting publishers’ ability to reach audiences supports media pluralism, innovation, and democratic resilience.

Google Search, designated as a core platform service under the DMA, has been required to comply fully with the regulation since March 2024.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Romania pilots EU Digital Identity Wallet for payments

In a milestone for the European digital identity ecosystem, Banca Transilvania and payments-tech firm BPC have completed the first pilot in Romania using the EU Digital Identity Wallet (EUDIW) for a real-money transaction.

The initiative lets a cardholder authenticate a purchase using the wallet rather than a conventional one-time password or card reader.

The pilot forms part of a large-scale testbed led by the European Commission under the eIDAS 2 Regulation, which requires all EU banks to accept the wallet for strong customer authentication and KYC (know-your-customer) purposes by 2027.

Banca Transilvania’s Deputy CEO Retail Banking, Oana Ilaş, described the project as a historic step toward a unified European digital identities framework that enhances interoperability, inclusivity and banking access.

From a digital governance and payments policy perspective, this pilot is significant. It shows how national banking systems are beginning to integrate digital-ID wallets into card and account-based flows, potentially reducing reliance on legacy authentication mechanisms (such as SMS OTP or hardware tokens) that are vulnerable to fraud.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

European Commission launches Culture Compass to strengthen the EU identity

The European Commission unveiled the Culture Compass for Europe, a framework designed to place culture at the heart of the EU policies.

An initiative that aims to foster the identity ot the EU, celebrate diversity, and support excellence across the continent’s cultural and creative sectors.

The Compass addresses the challenges facing cultural industries, including restrictions on artistic expression, precarious working conditions for artists, unequal access to culture, and the transformative impact of AI.

It provides guidance along four key directions: upholding European values and cultural rights, empowering artists and professionals, enhancing competitiveness and social cohesion, and strengthening international cultural partnerships.

Several initiatives will support the Compass, including the EU Artists Charter for fair working conditions, a European Prize for Performing Arts, a Youth Cultural Ambassadors Network, a cultural data hub, and an AI strategy for the cultural sector.

The Commission will track progress through a new report on the State of Culture in the EU and seeks a Joint Declaration with the European Parliament and Council to reinforce political commitment.

Commission officials emphasised that the Culture Compass connects culture to Europe’s future, placing artists and creativity at the centre of policy and ensuring the sector contributes to social, economic, and international engagement.

Culture is portrayed not as a side story, but as the story of the EU itself.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Brussels leak signals GDPR and AI Act adjustments

The European Commission is preparing a Digital Package on simplification for 19 November. A leaked draft outlines instruments covering GDPR, ePrivacy, Data Act and AI Act reforms.

Plans include a single breach portal and a higher reporting threshold. Authorities would receive notifications within 96 hours, with standardised forms and narrower triggers. Controllers could reject or charge for data subject access requests used to pursue disputes.

Cookie rules would shift toward browser-level preference signals respected across services. Aggregated measurement and security uses would not require popups, while GDPR lawful bases expand. News publishers could receive limited exemptions recognising reliance on advertising revenues.

Drafting recognises legitimate interest for training AI models on personal data. Narrow allowances are provided for sensitive data during development, along with EU-wide data protection impact assessment templates. Critics warn proposals dilute safeguards and may soften the AI Act.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU and Switzerland deepen research ties through Horizon Europe agreement

Switzerland has formally joined Horizon Europe, the EU’s flagship research and innovation programme, together with Digital Europe and the Euratom Research and Training Programme.

An agreement, signed in Bern by Commissioner Ekaterina Zaharieva and Federal Councillor Guy Parmelin, that grants Swiss researchers the same status as their EU counterparts.

They can now lead projects, receive EU funding, and access every thematic pillar, reinforcing cross-border collaboration in fields such as climate technology, digital transformation, and energy security.

The accord, effective from 1 January 2025, also enables Switzerland to become a member of Fusion for Energy in 2026, thereby integrating its researchers into ITER, the world’s largest fusion energy initiative.

Plans include Swiss participation in Erasmus+ from 2027 and in the EU4Health programme once a separate health agreement takes effect.

A development that forms part of a broader package designed to deepen EU–Swiss relations and modernise cooperation frameworks across science, technology, and education.

The European Commission reaffirmed its commitment to finalising ratification of all related agreements, ensuring long-term collaboration and strengthening Europe’s position as a global leader in innovation and research.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Denmark’s new chat control plan raises fresh privacy concerns

Denmark has proposed an updated version of the EU’s controversial ‘chat control’ regulation, shifting from mandatory to voluntary scanning of private messages. Former MEP Patrick Breyer has warned, however, that the revision still threatens Europeans’ right to private communication.

Under the new plan, messaging providers could choose to scan chats for illegal material, but without a clear requirement for court orders. Breyer argued that this sidesteps the European Parliament’s position, which insists on judicial authorisation before any access to communications.

He also criticised the proposal for banning under-16s from using messaging apps like WhatsApp and Telegram, claiming such restrictions would prove ineffective and easily bypassed. In addition, the plan would effectively outlaw anonymous communication, requiring users to verify their identities through IDs.

Privacy advocates say the Danish proposal could set a dangerous precedent by eroding fundamental digital rights. Civil society groups have urged EU lawmakers to reject measures that compromise secure, anonymous communication essential for journalists and whistleblowers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot