According to a European Commission report, the EU must catch up to its 2030 AI targets. The investigation into the EU’s Digital Decade project revealed that only 11% of the EU enterprises currently use designated AI technologies, far short of the 75% target set for 2030. At this rate, the Commission estimates it would take almost a century to achieve this goal.
The report also highlighted other areas for improvement, such as the EU being over a decade behind in producing the desired number of tech unicorns and spreading basic tech skills among the general public. Despite these setbacks, European Commission leaders remain optimistic, pointing out that the report offers a clear path forward. Margrethe Vestager, the EC’s competition commissioner, stressed the need for increased State-level investments to reach the digital transformation targets.
Thierry Breton, the EU’s digital chief, echoed these sentiments, emphasising the importance of investments, cross-border cooperation, and the completion of the Digital Single Market to boost the adoption of key technologies like AI. The findings come amid concerns that the EU’s stringent AI regulations could hinder its global competitiveness, especially compared to less regulated regions like the US and China.
Meta asserts that its model complies with a ruling from EU’s top court and is aligned with the DMA, expressing a willingness to engage with the Commission to resolve the issue. However, if found guilty, Meta could face fines of up to 10% of its global annual turnover. The Commission aims to conclude its investigation by March next year.
The charge follows a recent DMA-related charge against Apple for similar non-compliance, highlighting the EU’s efforts to regulate Big Tech and empower users to control their data.
Six individuals were added to the EU’s sanctions list – they all have been involved in cyberattacks targeting critical infrastructure, state functions, classified information, and emergency response systems in EU member states, according to the official press release. These sanctions mark the first instance of measures against cybercriminals employing ransomware in essential services such as health and banking.
Among those sanctioned are Ruslan Peretyatko and Andrey Korinets of the ‘Callisto group,’ known for cyber operations against the EU and third countries through phishing campaigns aimed at stealing sensitive data in defense and external relations.
Also targeted are Oleksandr Sklianko and Mykola Chernykh of the ‘Armageddon hacker group,’ allegedly supported by Russia’s Federal Security Service (FSB), responsible for impactful cyberattacks on EU governments and Ukraine using phishing and malware.
Additionally, Mikhail Tsarev and Maksim Galochkin, involved in deploying ‘Conti‘ and ‘Trickbot‘ malware under the ‘Wizard Spider’ group, face sanctions. These ransomware campaigns have caused significant economic damage across sectors including health and banking in the EU.
The EU’s horizontal cyber sanctions regime now covers 14 individuals and four entities, involving asset freezes and travel bans, and prohibiting EU persons and entities from providing funds to those listed.
With these new measures, the EU and its member states emphasize their commitment to combating persistent malicious cyber activities. Last June, the European Council agreed that new measures were needed to strengthen its Cyber Diplomacy Toolbox.
EU antitrust regulators have accused Microsoft of illegally bundling its Teams chat and video app with its Office product suite, claiming the company’s recent efforts to separate the two were insufficient. The European Commission stated that Microsoft breached antitrust rules by tying Teams to its popular Office 365 and Microsoft 365 suites, which stifled competition.
The regulatory action follows a 2020 complaint by Slack, a rival workspace messaging app owned by Salesforce. Microsoft introduced Teams to Office 365 in 2017 at no extra cost, replacing Skype for Business, and its use surged during the pandemic due to its video conferencing capabilities.
The European Commission has preliminarily determined that Microsoft’s changes don’t adequately address the competition concerns and that more actions are needed. Microsoft has expressed willingness to work with the EU regulators to find acceptable solutions.
The 7th edition of Cyber Europe, organised by the European Union Agency for Cybersecurity (ENISA), tested the resilience of the EU energy sector, highlighting cybersecurity as an increasing threat to critical infrastructure. In 2023, over 200 cyber incidents targeted the energy sector, with more than half aimed specifically at Europe, underscoring the sector’s vulnerability due to its crucial role in the European economy.
Juhan Lepassaar, Executive Director of ENISA, highlighted the exercise’s role in enhancing preparedness and response capacities to protect critical infrastructure, essential for the single market’s stability.
According to ENISA’s Network and Information Security (NIS) Investments report, 32% of energy sector operators lack Security Operations Center (SOC) monitoring for critical Operation Technology (OT) processes, while 52% integrate OT and Information Technology (IT) under a single SOC.
This year’s Cyber Europe exercise focused on a scenario involving cyber threats to EU energy infrastructure amidst geopolitical tensions. Over two days, stakeholders from 30 national cybersecurity agencies and numerous EU bodies collaborated, developing crisis management skills and coordinating responses to simulated cyber incidents. The exercise, one of Europe’s largest, involved over thousand experts across various domains, facilitated by ENISA, which celebrates its 20th anniversary in 2024.
The EU is facing significant controversy over a proposed law that would require AI scanning of users’ photos and videos on messaging apps to detect child sexual abuse material (CSAM). Critics, including major tech companies like WhatsApp and Signal, argue that this law threatens privacy and encryption, undermining fundamental rights. They also warn that the AI detection systems could produce numerous false positives, overwhelming law enforcement.
A recent meeting among the EU member states’ representatives failed to reach a consensus on the proposal, leading to further delays. The Belgian presidency had hoped to finalise a negotiating mandate, but disagreements among member states prevented progress. The ongoing division means that discussions on the proposal will likely continue under Hungary’s upcoming EU Council presidency.
Opponents of the proposal, including Signal President Meredith Whittaker and Proton founder Andy Yen, emphasise the dangers of mass surveillance and the need for more targeted approaches to child protection. Despite the current setback, there’s concern that efforts to push the law forward will persist, necessitating continued vigilance from privacy advocates.
Wolfspeed has delayed its $3 billion chip plant project in Germany, highlighting the European Union’s challenges in boosting semiconductor production. Originally set to begin construction this year, the plant in Saarland is now postponed to mid-2025. Wolfspeed, under pressure from an activist investor due to a significant drop in stock value, is focusing on ramping up production in New York instead.
The delay reflects broader issues within the EU’s efforts to enhance its semiconductor industry through the 2022 Chips Act, which aimed to raise €43 billion. Despite ambitious plans from companies like Intel, TSMC, and Infineon, many projects have yet to receive necessary EU state aid approval, crucial for their financial viability. The region’s goal to capture 20% of the global semiconductor market by 2030 appears increasingly unattainable.
Why does it matter?
Germany, a major player in these plans, faces a budget crisis, casting doubt on its infrastructure commitments, though officials claim semiconductor funding remains secure. Meanwhile, European political shifts could threaten support for key projects, complicating efforts to reduce reliance on Asian chip producers. Despite these setbacks, some projects, like TSMC’s in Dresden and STMicroelectronics’ plant in Italy, are progressing with the EU approval and ongoing construction.
Meta’s main EU regulator, the Irish Data Protection Commission (DPC), requested that the company delay the training of its large language models (LLMs) on content published publicly by adults on the company’s platforms. In response, Meta announced they would not be launching their AI in Europe for the time being.
The main reason behind the request is Meta’s plan to use this data to train its AI models without explicitly seeking consent. The company claims it must do so or else its AI ‘won’t accurately understand important regional languages, cultures or trending topics on social media.’ It is already developing continent-specific AI technology. Another cause for concern is Meta’s use of information belonging to people who do not use its services. In a message to its Facebook users, it said that it may process information about non-users if they appear in an image or are mentioned on their platforms.
The DPC welcomed Meta’s decision to delay its implementation. The commission is leading the regulation of Meta’s AI tools on behalf of EU data protection authorities (DPAs), 11 of which received complaints by advocacy group NOYB (None Of Your Business). NOYB argues that the GDPR is flexible enough to accommodate this AI, as long as it asks for the user’s consent. The delay comes right before Meta’s new privacy policy comes into force on 26 June.
Beyond the EU, the executive director of the UK’s Information Commissioner’s Office was pleased with the delay, and added that ‘in order to get the most out of generative AI and the opportunities it brings, it is crucial that the public can trust that their privacy rights will be respected from the outset.’
Apple and Meta Platforms are set to face charges from the European Commission for failing to comply with the EU’s Digital Markets Act (DMA) before the summer. The DMA aims to curb the dominance of Big Tech by ensuring fair competition and making it easier for users to switch between competing services. Apple and Meta are the Commission’s priority cases, with Apple expected to be charged first, followed by Meta.
Apple’s charges will focus on its App Store policies, which allegedly restrict app developers from informing users about alternative offers and impose new fees. Additionally, a separate investigation into Apple’s Safari web browser is expected to take more time. Meta’s charges will centre on its recent ‘pay or consent’ model for Facebook and Instagram, which requires users to either pay for an ad-free experience or consent to targeted advertising.
Both companies have the opportunity to address the concerns before the final decision, which could result in fines of up to 10% of their global annual turnover. Apple stated in March that it believes its plans comply with the DMA and is engaging constructively with the Commission. Meta and the Commission declined to comment on the ongoing investigations.
A proposed cybersecurity certification scheme (EUCS) for cloud services has raised concerns among 26 industry groups across Europe, who caution against potential discrimination towards major US tech firms like Amazon, Alphabet’s Google, and Microsoft. The European Commission, EU cybersecurity agency ENISA, and EU countries are set to discuss the scheme, which has seen multiple revisions since its draft release in 2020. The EUCS aims to help governments and businesses select secure and reliable cloud vendors, a critical consideration in the rapidly growing global cloud computing industry.
The latest version of the scheme, updated in March, removed stringent sovereignty requirements that would have forced US tech giants to form joint ventures or collaborate with EU-based companies to handle data within the bloc, a criterion for earning the highest EU cybersecurity label. In a joint letter, the industry groups argued for a non-discriminatory EUCS that fosters the free movement of cloud services across Europe, aligning with industry best practices and supporting Europe’s digital goals and security resilience.
The signatories, which include various chambers of commerce and industry associations from several European countries, emphasised the importance of diverse and resilient cloud technologies for their members to compete globally. They welcomed the removal of ownership controls and specific data protection requirements, arguing that these changes would ensure cloud security improvements without discriminating against non-EU companies.
EU cloud vendors like Deutsche Telekom, Orange, and Airbus have advocated for sovereignty requirements, fearing non-EU government access to European data under foreign laws. However, the industry groups contend that the inclusive approach of the revised EUCS will better serve Europe’s digital and security needs while promoting a competitive market environment.
