The Federation of European Risk Management Associations (FERMA) has called on European institutions to simplify cyber reporting requirements and consider the insurance implications of cyber legislation. This appeal follows the release of the Cyber Reporting Stack report, developed in collaboration with WTW, which offers risk managers vital guidance on navigating the landscape of cyber policy and reporting obligations.
Charlotte Hedemark, President of FERMA, highlighted the growing burden of cyber reporting and added that FERMA believes companies need a streamlined and consistent set of requirements for reporting cyber incidents. The report recommends establishing a ‘single point of entry’ for cyber incident notifications and guides EU member states to streamline their processes and participant involvement.
Philippe Cotelle, Chair of FERMA’s Digital Committee, emphasised there currently needs to be regulations specifying the necessary risk management measures or considering their insurance implications.
Chinese companies have invested over $100 billion in overseas clean energy technology projects since 2023, aiming to bypass growing trade barriers, according to a report by Australian research group Climate Energy Finance (CEF). China, the world’s largest producer of solar panels, lithium batteries, and electric vehicles, has seen its exports face steep tariffs, particularly from the US and Canada. The European Union is also considering similar tariffs to protect domestic industries from an influx of cheaper Chinese-made products.
Chinese firms like electric vehicle giant BYD and battery maker CATL have responded by expanding production abroad, with BYD building a $1 billion plant in Turkey and CATL planning factories across Europe. These investments are largely driven by the need to avoid punitive tariffs, including a proposed 40% EU tariff on Chinese electric vehicles. Despite China’s dominance in clean energy, concerns have emerged that it could oversupply the global market, driving down prices and undercutting competitors.
The surge in Chinese investment comes as the country faces increasing pushback from Western nations, who argue that Chinese products are unfairly flooding their markets. Beijing, however, insists that such restrictions will slow global efforts to combat climate change, emphasising the importance of affordable clean energy solutions. With China expected to have surplus production capacity by 2030, these overseas investments will play a critical role in finding new markets.
The European Union has chosen a team of AI experts to help shape the guidelines for compliance with its upcoming AI Act. On 30 September 2024, the European Commission convened the first meeting of working groups responsible for drafting a ‘code of practice’ to guide how companies should meet the law’s requirements. The selected experts include figures like AI pioneer Yoshua Bengio, former UK policy adviser Nitarshan Rajkumar, and Marietje Schaake from Stanford University.
These working groups, which also feature representatives from major tech companies such as Google and Microsoft, will address issues like copyright and risk management. Although the code of practice won’t be legally binding, it will serve as a checklist for companies to prove compliance with the AI Act, which takes full effect in 2025. Firms that claim to follow the law but ignore the code may face legal challenges.
A key focus will be on the transparency of AI training data, a contentious issue in the industry. Some AI companies resist sharing details about the data used to train their models, citing trade secrets. The code of practice is expected to clarify how much information companies will need to disclose, with the potential for increased legal scrutiny over the use of copyrighted content.
The European Commission’s Competition Directorate (DG COMP) and the Connectivity Directorate (DG CNECT) are at the centre of a critical debate over the future of the EU telecom regulations. That discussion highlights the struggle within the EU to balance regulatory harmonisation with market fragmentation.
DG CNECT advocates for increased consolidation in the telecom sector, arguing that the current fragmented landscape hampers competitiveness and investment compared to the more integrated markets of the US and China. In contrast, DG COMP warns that excessive national consolidation could lead to higher consumer prices and undermine the competition necessary for innovation.
As these discussions progress, DG COMP and DG CNECT are examining the implications of indirect deregulation in the telecom sector. Specifically, DG COMP has raised concerns that eliminating regulated sub-markets could increase the bureaucratic burden on national regulators, thereby reducing the effectiveness of oversight across the EU. That shift would transfer more responsibility to individual member states, potentially leading to inconsistencies hindering the EU’s telecom objectives. Meanwhile, while DG CNECT supports deregulation, it must consider the potential impacts on market dynamics and consumer protection.
DG COMP and DG CNECT are committed to fostering innovation within the telecommunications sector through strategic investments in future technologies. DG COMP emphasises the importance of competitive markets in driving advancements like edge computing and OpenRAN. At the same time, DG CNECT argues for regulatory frameworks and consolidation to facilitate these investments. Ultimately, their shared focus on innovation aims to enhance the EU’s telecommunications infrastructure and maintain its competitiveness in the global market.
Hungary plans to emphasise competition as the primary driver for investment in telecom infrastructure in its upcoming draft of the Council conclusions. This shift reflects a growing reluctance among the EU member states to adopt the European Commission’s deregulation proposals, highlighting the complexities within the telecom sector as member states consider the potential impacts on market dynamics and investment.
Prompted by the Commission’s February white paper advocating for consolidation, Hungary initially aimed to reconcile diverse stakeholder views in its draft. However, it faced criticism for being overly prescriptive, leading to revision plans. Moreover, Hungary is expected to clarify that the review of the EU’s telecom law, particularly the European Electronic Communications Code (EECC), must precede any consideration of transitioning from ex-ante regulation, designed to prevent monopolistic practices, to ex-post regulation, which addresses violations only after they occur.
That clarification highlights the critical need to uphold regulatory safeguards within the telecom sector. Additionally, Hungary is under pressure from fellow member states to ensure that the Commission publishes a new telecom strategy before allocating the EU funds to enhance submarine cable infrastructure’s security and resilience. Such an approach aligns with the broader objective of ensuring that funding mechanisms support robust and secure telecom networks throughout the EU.
Finally, Hungary has set a timeline for revisions, with member states given until 30 September to respond. A revised text is expected on 9 October, before the working group meeting on 15 October. That underscores the urgency of these discussions for the EU telecom policy.
Meta, Facebook’s owner, has been fined €91 million ($101.5 million) by the EU’s privacy regulator for mishandling user passwords. The issue, which surfaced five years ago, involved Meta storing certain users’ passwords in plaintext, a format lacking encryption or security protection. Ireland’s Data Protection Commission (DPC), which oversees GDPR compliance for many US tech firms operating in the EU, launched an investigation after Meta reported the incident.
Meta admitted the error, emphasising that third parties had not accessed the exposed passwords. However, storing passwords in an unprotected format is considered a major security flaw, as it exposes users to significant risks if unauthorised individuals access the data. Deputy Commissioner Graham Doyle underscored that storing passwords without encryption is widely unacceptable due to potential abuse.
This fine adds to Meta’s growing list of penalties under the EU’s General Data Protection Regulation (GDPR). To date, Meta has been fined a total of 2.5 billion euros for various data breaches, including a record €1.2 billion fine in 2023, which Meta is currently appealing. These repeated infractions highlight ongoing concerns about how the company handles sensitive user data.
Meta Platforms has announced it will not immediately join the European Union‘s voluntary AI Pact, which is a temporary initiative ahead of the AI Act coming into force. The company is currently focusing on compliance with the forthcoming regulations set out in the act, but may sign the pact at a later stage.
The EU’s AI Act, agreed in May and adopted by the European Council, will introduce strict rules governing the development and use of artificial intelligence. Under these regulations, companies must provide detailed summaries of the data used to train their AI models. The majority of the law’s provisions will take effect from August 2026.
In the interim, the AI Pact encourages companies to voluntarily adopt some of the key requirements of the forthcoming act. Meta has expressed its support for harmonised EU regulations but is prioritising work on meeting the obligations of the AI Act.
Google has filed a formal complaint with the European Commission over Microsoft’s cloud business practices. The tech giant argues that Microsoft uses its dominant position with Windows Server to stifle competition and lock customers into its Azure platform. Specifically, Google claims Microsoft enforces heavy mark-ups on users of rival cloud services and restricts access to essential security updates.
The dispute follows a recent settlement where Microsoft paid €20 million to resolve concerns raised by European cloud providers. However, the agreement excluded key rivals like Google and Amazon Web Services (AWS), fuelling further criticism. Google insists only regulatory action will halt what it sees as Microsoft’s monopolistic approach, urging the EU to step in and ensure fair competition.
Microsoft denies the accusations, stating they have settled similar issues amicably with other European providers. A Microsoft spokesperson expressed confidence that Google would fail to persuade the European Commission, as it had failed with EU businesses.
Google believes immediate intervention is necessary to prevent the cloud market from becoming increasingly restrictive. They warn that Microsoft’s influence over the European cloud sector, which is growing rapidly, could limit options for customers and hurt competitors.
The European Commission has tasked the EU Agency for Cybersecurity (ENISA) with developing a cybersecurity certification scheme for the EU Digital Identity (EUDI) wallets. That move aims to standardise and comprehensively secure digital identity wallets across EU member states.
ENISA will create harmonised requirements to support national certification schemes, involving the establishment of reference standards, procedures, and specifications crucial for security and privacy protection. The certification process will align with the Cybersecurity Act and ensure that EUDI Wallets are secure, protecting users’ privacy and personal data while allowing cross-border usability throughout the EU.
The European Digital Identity Framework, effective since May, requires EU member states to start providing EUDI Wallets within two years of adopting their implementing acts. The EC concluded its collection of input on the cybersecurity certification scheme earlier this month, with feedback highlighting the importance of preventing excessive consumer data sharing. ENISA will consider existing certification schemes, such as the European Cybersecurity Certification Scheme on Common Criteria while developing the new framework.
Why does it matter?
ENISA’s ongoing collaboration with the eIDAS Expert Group and the Certification Subgroup, alongside recommendations from its Digital Identity Standards report and current EUDI Wallet pilot projects, will significantly influence the development of the certification scheme, ensuring a robust and trustworthy digital identification system across Europe.
Demetris Skourides, the Chief Scientist, spoke at the Learning Innovation Summit 2024, stressing the significance of ethical AI development. He emphasised the EU AI Act’s role in establishing trustworthy AI systems that focus on ethics, transparency, and accountability. Skourides advocated for AI’s application in education, pointing out its ability to personalise learning, automate tasks, and enhance teaching environments.
He praised rapid AI advancements in Cyprus, with more than 50 companies leveraging the technology across key industries like healthcare and finance. Skourides highlighted the country’s commitment to upholding the EU AI Act, ensuring that AI systems meet the highest standards of accountability and ethics. The Chief Scientist also noted how Cyprus could generate new job opportunities through this AI revolution.
The potential for AI to transform education was a central theme. Skourides discussed the benefits of adaptive learning platforms, which can tailor lessons to individual students’ strengths, enabling each learner to reach their full potential. He urged educators to embrace AI, foreseeing a shift from rote memorisation to fostering creativity, critical thinking, and collaboration in the classroom.
Finally, Skourides called for a balanced approach to AI development. By equipping future generations with digital skills and ensuring that ethics remain central, AI’s power can be harnessed to drive both economic growth and innovation. He reaffirmed his commitment to advancing AI in education and collaborating with industry leaders to create an empowering learning environment.
