EU

EU prepares tougher rules for older data centres

The European Commission is preparing more stringent requirements for ageing data centres rather than allowing legacy infrastructure to operate under looser rules.

A draft strategy tied to the EU’s tech sovereignty package signals that older sites will face higher efficiency expectations and stricter sustainability checks as part of an effort to modernise the digital backbone of the EU.

The proposal outlines minimum performance standards for new data centres by 2030, aiming to align the entire sector with the bloc’s climate and resilience goals. Officials want to reduce energy waste and improve monitoring across facilities that have long operated without uniform benchmarks.

The draft points to an expanded role for the Cloud and AI Development Act, which is expected to frame future obligations for cloud providers instead of relying on fragmented national measures.

Brussels sees consistent rules as essential for supporting secure cloud services, AI infrastructure and cross-border digital operations.

The strategy underscores that modernisation is central to the EU’s vision of tech sovereignty. Older centres would need upgrades to maintain compliance, ensuring that Europe’s digital infrastructure remains competitive, efficient and less dependent on external providers.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU pushes federated cloud plan to reduce dependence on foreign tech

Europe is building a federated cloud and AI infrastructure intended to reduce reliance on US and Chinese technology providers and avoid ongoing strategic vulnerability.

The project, known as EURO-3C, was announced in Barcelona by Telefónica and is backed by the European Commission. More than seventy organisations across telecommunications, technology and emerging companies have joined the effort.

Architects of the scheme argue that linking national infrastructures into a shared network of nodes offers a realistic path forward, particularly as Europe cannot easily create a hyperscale cloud provider from scratch.

The initiative follows a series of US cloud outages that exposed the risks of excessive dependence on external infrastructure and raised questions about sovereignty, resilience and long-term competitiveness.

Commission officials described the programme as a way to build a secure cross-border digital ecosystem that supports industries such as automotive, e-health, public administration and sovereign government cloud.

Telefónica stressed that agentic AI, capable of taking autonomous actions, will play a central role in enabling Europe to develop technology rather than import it.

The partners view the project as a foundation for a unified and independent digital environment that strengthens industrial supply chains and prepares European sectors for the next phase of cloud and AI adoption.

They present the initiative as a significant step toward reducing strategic exposure while stimulating domestic innovation.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Parliament deadlock leaves EU chat-scanning extension in doubt

The civil liberties committee failed to secure majority backing for its amended report on extending the EU’s temporary chat-scanning rules instead of giving a clear negotiating position.

Members of Parliament reviewed the amendments on Monday, but the final text did not garner sufficient support, leaving the proposal without endorsement as the adoption deadline approaches.

A proposal to extend the current derogation that allows tech companies to voluntarily scan their services for Child Sexual Abuse Material (CSAM).

The existing regime expires in April 2026 and was intended only as a stopgap while a permanent Child Sexual Abuse Regulation was developed. Years of stalled negotiations have led to the temporary rules being extended twice since 2021.

Council has already approved its position without changes to the Commission proposal, creating a tight timeline for Parliament.

With trilogue talks finally underway, institutions would need to conclude discussions unusually quickly to prevent the legal basis from expiring. If no agreement is reached by April, companies would lose their ability to scan services under the EU law.

The committee confirmed that the file will now move to plenary in the week of 9–12 March, where political groups may table new amendments. An outcome that will determine whether the temporary regime remains in place while negotiations on the permanent system continue.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU launches ProtectEU counterterrorism agenda

The European Commission has unveiled a new counterterrorism agenda under the ProtectEU initiative, outlining measures to strengthen the EU’s response to evolving security threats. Officials say the strategy aims to improve preparedness, reinforce cooperation and protect citizens and businesses from emerging forms of terrorism and violent extremism.

Authorities warn that technological change is reshaping the threat landscape. Terrorist groups increasingly exploit digital tools such as social media, AI and encrypted platforms for recruitment, propaganda and fundraising.

New risks also include the potential misuse of drones, crypto-assets and 3D-printed weapons, while radicalisation of minors online has become a growing concern across Europe.

The agenda proposes stronger capabilities for anticipating threats through expanded intelligence analysis and enhanced support for Europol, including greater use of open-source intelligence. Additional research funding will explore the security implications of emerging technologies, while new initiatives aim to strengthen early prevention efforts and community engagement to counter radicalisation, particularly among young people.

Online safety forms another key priority. The Commission plans to intensify cooperation with digital platforms to remove extremist content more quickly and to strengthen enforcement of the Digital Services Act. A new EU Online Crisis Response Framework is also proposed to improve coordination between authorities and technology companies during security incidents.

Measures targeting the physical environment will focus on protecting public spaces and critical infrastructure, including investments in security projects and stronger monitoring of individuals suspected of terrorism.

The strategy also seeks to improve the tracking of terrorist financing, including through cryptocurrencies, and to expand cooperation with international partners, such as countries in the Western Balkans and the Mediterranean region.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU pressures Meta over alleged smart glasses privacy breaches

Lawmakers in the European Parliament are pressing the European Commission for clarity after reports that Meta’s smart glasses recorded people in intimate moments without their knowledge.

Concerns intensified when Swedish outlets reported that Ray-Ban AI glasses captured and uploaded sensitive footage in violation of strict consent requirements under the EU’s General Data Protection Regulation.

The reports indicate that personal data from EU users was sent to Sama, a third-party contractor, in Kenya for human review. Annotators working there said they viewed images of individuals changing clothes and believed the recordings were taken without consent.

They added that Meta’s attempts to blur faces or apply other safeguards failed often enough to expose identifiable material instead of ensuring proper anonymisation.

EU privacy law requires clear information and consent before collecting and processing personal data, and additional safeguards when exporting data to countries without recognised adequacy status.

Kenya is still negotiating such recognition with the Commission, meaning contractual protections would be necessary.

The Irish Data Protection Commission, responsible for Meta’s GDPR oversight, has been contacted amid questions about whether Meta complied with EU requirements.

Lawmakers also want the Commission to examine whether proposed changes in the Digital Omnibus package could dilute privacy protections rather than strengthen them.

Critics argue the reforms might ease data-use rules for AI training at a moment when allegations about Meta’s smart glasses have intensified scrutiny of the EU’s broader digital policy agenda.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU faces renewed pressure to ease industrial AI rules

European governments are renewing pressure to scale back industrial AI rules rather than expand regulatory demands.

Ten countries, including Germany, France, Italy, Spain and Poland, have urged the EU to clarify how the AI Act overlaps with machinery law and to adopt more realistic implementation deadlines. Their position is even more surprising, given that the legislation already outlines its relationship with existing industrial frameworks.

Parliament’s centre and centre-right groups are pushing for deeper cuts. The European People’s Party wants all industrial sectors to move to a lighter regime, while Renew is advocating broad exemptions for industrial and business-to-business AI.

The European Conservatives and Reformers are also seeking reductions for non-safety-related systems. Together, the three groups edge close to a parliamentary majority, signalling momentum for a broader deregulation push.

No sweeping changes have been added to the AI omnibus so far, yet policymakers expect more adjustments ahead. The package must be finalised by August, so legislators are focused on meeting the deadline instead of reopening primary debates.

Broader revisions to industrial AI rules are likely to reappear in the Commission’s forthcoming Digital Fitness Check, which will reassess how multiple EU tech laws interact.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Italy orders Amazon to stop processing sensitive employee data after privacy ruling

The Italian data protection authority has ordered Amazon Italia Logistics to halt processing of sensitive employee data after investigators found that the company gathered details ranging from health conditions to union involvement.

Information about workers’ private lives and family members had also been collected, often retained for a decade through internal tracking systems rather than being limited to what labour rules in Italy allow.

Regulators discovered that some data originated from cameras positioned near restrooms and staff break areas, a practice that breached EU privacy standards.

The watchdog concluded that the company’s monitoring went far beyond what employers are permitted to compile when assessing staff performance or workplace needs.

Amazon responded by stressing that protecting employee information remains a priority and said that internal rules and training programmes are designed to ensure compliance. The company added that any findings from the Italian authority would prompt a review of its procedures instead of being dismissed.

An order that arrives as Amazon attempts to regain its lobby badges at the European Parliament.

Access was suspended in 2024 after senior representatives declined to attend hearings on warehouse working conditions, and opposition from MEPs continues to place pressure on Parliament President Roberta Metsola to reject reinstatement.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

EU moves to enforce digital fairness rules with stronger consumer oversight

Regulatory scrutiny of the EU’s digital fairness framework is set to begin on 1 July as the European Commission moves to tighten its supervision of online platforms.

An initiative that forms part of a broader effort to ensure stronger consumer protection across digital markets, with officials signalling stricter oversight of commercial practices that disadvantage users.

The Commission is preparing a major upgrade of its consumer protection framework, expected by December 2026.

The reforms aim to reinforce enforcement tools under the Unfair Commercial Practices Directive and the Consumer Protection Cooperation Regulation, allowing regulators to intervene more effectively when platforms breach fairness standards.

Michael McGrath, Commissioner for Democracy, Justice and Rule of Law, has highlighted the need for greater transparency and accountability as digital markets expand rapidly.

The forthcoming scrutiny focuses on ensuring that platforms respect transparency obligations, avoid manipulating users and provide fair conditions in online transactions.

Regulators seek to replace fragmented enforcement with a more coordinated model that reflects the increasingly cross-border nature of digital commerce.

Stronger consumer safeguards are becoming central to the digital agenda of the EU.

The next phase of reforms is expected to streamline investigations across member states and deliver more predictable outcomes for affected consumers, offering steadier enforcement instead of reactive measures taken after violations escalate.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Western Balkans closer to the EU roaming free zone

The European Commission has proposed opening negotiations to bring Albania, Bosnia and Herzegovina, Kosovo, Montenegro, North Macedonia, and Serbia into the EU’s ‘Roam Like at Home’ regime. The move would allow citizens and businesses to use their mobile phones across borders without incurring additional roaming charges, once the necessary agreements are finalised and the rules are aligned.

If implemented, travellers between the EU and the Western Balkans would be able to make calls, send text messages, and use mobile data at domestic rates. This would apply both to Western Balkan visitors in the EU and to the EU citizens travelling in the region, ensuring seamless connectivity without unexpected costs.

The change would make travel for study, work, and tourism more affordable and practical. By removing roaming surcharges, the initiative aims to simplify cross-border communication and strengthen economic and social ties between the two regions.

To move forward, the European Commission has adopted proposals for negotiating mandates and is now seeking authorisation from the European Council to begin formal talks. Once approved, the Commission will negotiate bilateral agreements with each Western Balkan partner. After successful alignment with the EU roaming rules, the countries would join the EU’s roaming area.

The proposal builds on existing voluntary arrangements between some EU and Western Balkan mobile operators, which already offer reduced roaming charges. It also complements the regional roaming agreement within the Western Balkans, where lower tariffs are already in place.

More broadly, the initiative reflects the EU’s gradual integration strategy outlined in the 2023 Growth Plan for the Western Balkans. By progressively extending elements of the EU Single Market to candidate countries, the plan aims to deliver practical benefits to citizens and businesses before full EU membership, while keeping the enlargement process on track.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU AI Act enforcement begins, reshaping startup compliance landscape

The first enforcement provisions of the EU AI Act entered into force on 2 February 2025, marking a turning point for Europe’s AI startup ecosystem. The initial phase targets ‘unacceptable risk’ systems, including social scoring, real-time biometric surveillance in public spaces, and manipulative AI practices.

Under the regulation, penalties can reach €35 million or 7% of global annual turnover, whichever is higher. Although the current enforcement covers only prohibited practices, the move signals that Europe’s AI rulebook is now operational rather than theoretical.

Broader obligations for high-risk AI systems, such as hiring tools, credit scoring, and medical diagnostics, will apply from August 2026. Separate rules for general-purpose AI models are scheduled to take effect in August 2025.

Surveys from European SME groups indicate that many smaller technology companies feel unprepared. A significant share of reports have not conducted formal risk classification of their AI systems, despite this being a foundational requirement under the EU AI Act’s tiered framework.

While some founders warn that compliance costs could slow innovation, others point to long-term benefits from clearer governance standards. For startups, the coming months will focus on aligning products with AI Act risk tiers and strengthening documentation and oversight before stricter rules apply.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.