Meta asserts that its model complies with a ruling from EU’s top court and is aligned with the DMA, expressing a willingness to engage with the Commission to resolve the issue. However, if found guilty, Meta could face fines of up to 10% of its global annual turnover. The Commission aims to conclude its investigation by March next year.
The charge follows a recent DMA-related charge against Apple for similar non-compliance, highlighting the EU’s efforts to regulate Big Tech and empower users to control their data.
Six individuals were added to the EU’s sanctions list – they all have been involved in cyberattacks targeting critical infrastructure, state functions, classified information, and emergency response systems in EU member states, according to the official press release. These sanctions mark the first instance of measures against cybercriminals employing ransomware in essential services such as health and banking.
Among those sanctioned are Ruslan Peretyatko and Andrey Korinets of the ‘Callisto group,’ known for cyber operations against the EU and third countries through phishing campaigns aimed at stealing sensitive data in defense and external relations.
Also targeted are Oleksandr Sklianko and Mykola Chernykh of the ‘Armageddon hacker group,’ allegedly supported by Russia’s Federal Security Service (FSB), responsible for impactful cyberattacks on EU governments and Ukraine using phishing and malware.
Additionally, Mikhail Tsarev and Maksim Galochkin, involved in deploying ‘Conti‘ and ‘Trickbot‘ malware under the ‘Wizard Spider’ group, face sanctions. These ransomware campaigns have caused significant economic damage across sectors including health and banking in the EU.
The EU’s horizontal cyber sanctions regime now covers 14 individuals and four entities, involving asset freezes and travel bans, and prohibiting EU persons and entities from providing funds to those listed.
With these new measures, the EU and its member states emphasize their commitment to combating persistent malicious cyber activities. Last June, the European Council agreed that new measures were needed to strengthen its Cyber Diplomacy Toolbox.
EU antitrust regulators have accused Microsoft of illegally bundling its Teams chat and video app with its Office product suite, claiming the company’s recent efforts to separate the two were insufficient. The European Commission stated that Microsoft breached antitrust rules by tying Teams to its popular Office 365 and Microsoft 365 suites, which stifled competition.
The regulatory action follows a 2020 complaint by Slack, a rival workspace messaging app owned by Salesforce. Microsoft introduced Teams to Office 365 in 2017 at no extra cost, replacing Skype for Business, and its use surged during the pandemic due to its video conferencing capabilities.
The European Commission has preliminarily determined that Microsoft’s changes don’t adequately address the competition concerns and that more actions are needed. Microsoft has expressed willingness to work with the EU regulators to find acceptable solutions.
The 7th edition of Cyber Europe, organised by the European Union Agency for Cybersecurity (ENISA), tested the resilience of the EU energy sector, highlighting cybersecurity as an increasing threat to critical infrastructure. In 2023, over 200 cyber incidents targeted the energy sector, with more than half aimed specifically at Europe, underscoring the sector’s vulnerability due to its crucial role in the European economy.
Juhan Lepassaar, Executive Director of ENISA, highlighted the exercise’s role in enhancing preparedness and response capacities to protect critical infrastructure, essential for the single market’s stability.
According to ENISA’s Network and Information Security (NIS) Investments report, 32% of energy sector operators lack Security Operations Center (SOC) monitoring for critical Operation Technology (OT) processes, while 52% integrate OT and Information Technology (IT) under a single SOC.
This year’s Cyber Europe exercise focused on a scenario involving cyber threats to EU energy infrastructure amidst geopolitical tensions. Over two days, stakeholders from 30 national cybersecurity agencies and numerous EU bodies collaborated, developing crisis management skills and coordinating responses to simulated cyber incidents. The exercise, one of Europe’s largest, involved over thousand experts across various domains, facilitated by ENISA, which celebrates its 20th anniversary in 2024.
The EU is facing significant controversy over a proposed law that would require AI scanning of users’ photos and videos on messaging apps to detect child sexual abuse material (CSAM). Critics, including major tech companies like WhatsApp and Signal, argue that this law threatens privacy and encryption, undermining fundamental rights. They also warn that the AI detection systems could produce numerous false positives, overwhelming law enforcement.
A recent meeting among the EU member states’ representatives failed to reach a consensus on the proposal, leading to further delays. The Belgian presidency had hoped to finalise a negotiating mandate, but disagreements among member states prevented progress. The ongoing division means that discussions on the proposal will likely continue under Hungary’s upcoming EU Council presidency.
Opponents of the proposal, including Signal President Meredith Whittaker and Proton founder Andy Yen, emphasise the dangers of mass surveillance and the need for more targeted approaches to child protection. Despite the current setback, there’s concern that efforts to push the law forward will persist, necessitating continued vigilance from privacy advocates.
Wolfspeed has delayed its $3 billion chip plant project in Germany, highlighting the European Union’s challenges in boosting semiconductor production. Originally set to begin construction this year, the plant in Saarland is now postponed to mid-2025. Wolfspeed, under pressure from an activist investor due to a significant drop in stock value, is focusing on ramping up production in New York instead.
The delay reflects broader issues within the EU’s efforts to enhance its semiconductor industry through the 2022 Chips Act, which aimed to raise €43 billion. Despite ambitious plans from companies like Intel, TSMC, and Infineon, many projects have yet to receive necessary EU state aid approval, crucial for their financial viability. The region’s goal to capture 20% of the global semiconductor market by 2030 appears increasingly unattainable.
Why does it matter?
Germany, a major player in these plans, faces a budget crisis, casting doubt on its infrastructure commitments, though officials claim semiconductor funding remains secure. Meanwhile, European political shifts could threaten support for key projects, complicating efforts to reduce reliance on Asian chip producers. Despite these setbacks, some projects, like TSMC’s in Dresden and STMicroelectronics’ plant in Italy, are progressing with the EU approval and ongoing construction.
Meta’s main EU regulator, the Irish Data Protection Commission (DPC), requested that the company delay the training of its large language models (LLMs) on content published publicly by adults on the company’s platforms. In response, Meta announced they would not be launching their AI in Europe for the time being.
The main reason behind the request is Meta’s plan to use this data to train its AI models without explicitly seeking consent. The company claims it must do so or else its AI ‘won’t accurately understand important regional languages, cultures or trending topics on social media.’ It is already developing continent-specific AI technology. Another cause for concern is Meta’s use of information belonging to people who do not use its services. In a message to its Facebook users, it said that it may process information about non-users if they appear in an image or are mentioned on their platforms.
The DPC welcomed Meta’s decision to delay its implementation. The commission is leading the regulation of Meta’s AI tools on behalf of EU data protection authorities (DPAs), 11 of which received complaints by advocacy group NOYB (None Of Your Business). NOYB argues that the GDPR is flexible enough to accommodate this AI, as long as it asks for the user’s consent. The delay comes right before Meta’s new privacy policy comes into force on 26 June.
Beyond the EU, the executive director of the UK’s Information Commissioner’s Office was pleased with the delay, and added that ‘in order to get the most out of generative AI and the opportunities it brings, it is crucial that the public can trust that their privacy rights will be respected from the outset.’
Apple and Meta Platforms are set to face charges from the European Commission for failing to comply with the EU’s Digital Markets Act (DMA) before the summer. The DMA aims to curb the dominance of Big Tech by ensuring fair competition and making it easier for users to switch between competing services. Apple and Meta are the Commission’s priority cases, with Apple expected to be charged first, followed by Meta.
Apple’s charges will focus on its App Store policies, which allegedly restrict app developers from informing users about alternative offers and impose new fees. Additionally, a separate investigation into Apple’s Safari web browser is expected to take more time. Meta’s charges will centre on its recent ‘pay or consent’ model for Facebook and Instagram, which requires users to either pay for an ad-free experience or consent to targeted advertising.
Both companies have the opportunity to address the concerns before the final decision, which could result in fines of up to 10% of their global annual turnover. Apple stated in March that it believes its plans comply with the DMA and is engaging constructively with the Commission. Meta and the Commission declined to comment on the ongoing investigations.
A proposed cybersecurity certification scheme (EUCS) for cloud services has raised concerns among 26 industry groups across Europe, who caution against potential discrimination towards major US tech firms like Amazon, Alphabet’s Google, and Microsoft. The European Commission, EU cybersecurity agency ENISA, and EU countries are set to discuss the scheme, which has seen multiple revisions since its draft release in 2020. The EUCS aims to help governments and businesses select secure and reliable cloud vendors, a critical consideration in the rapidly growing global cloud computing industry.
The latest version of the scheme, updated in March, removed stringent sovereignty requirements that would have forced US tech giants to form joint ventures or collaborate with EU-based companies to handle data within the bloc, a criterion for earning the highest EU cybersecurity label. In a joint letter, the industry groups argued for a non-discriminatory EUCS that fosters the free movement of cloud services across Europe, aligning with industry best practices and supporting Europe’s digital goals and security resilience.
The signatories, which include various chambers of commerce and industry associations from several European countries, emphasised the importance of diverse and resilient cloud technologies for their members to compete globally. They welcomed the removal of ownership controls and specific data protection requirements, arguing that these changes would ensure cloud security improvements without discriminating against non-EU companies.
EU cloud vendors like Deutsche Telekom, Orange, and Airbus have advocated for sovereignty requirements, fearing non-EU government access to European data under foreign laws. However, the industry groups contend that the inclusive approach of the revised EUCS will better serve Europe’s digital and security needs while promoting a competitive market environment.
India’s recent legislative push to implement antitrust laws like those in the EU has stirred significant concern among technology giants operating within the country, like Google, Meta, Apple and Amazon. That move, aimed at curbing the dominance of big tech companies and fostering a more competitive market environment, was met with a mixed reception, particularly from those within the technology sector.
The proposed antitrust law draws inspiration from the regulatory framework of the EU, which has been at the forefront of global antitrust enforcement. The EU’s regulations are known for their rigorous scrutiny of large tech corporations, often resulting in major fines and operational restrictions for companies that violate competition laws. Adaptation of this model in India signals a shift towards more assertive regulatory practices in the tech industry.
The Indian government is examining a panel’s report proposing a new ‘Digital Competition Bill‘ to complement existing antitrust laws. The law would target ‘systemically significant digital’ companies with a domestic turnover exceeding $480 million or a global turnover over $30 billion, along with a local user base of at least 10 million for its digital services. Companies would be required to operate in a fair and non-discriminatory manner, with the bill recommending a penalty of up to 10% of a company’s global turnover for violations, mirroring the EU’s Digital Markets Act. Big digital companies would be prohibited from exploiting non-public user data and from favoring their own products or services on their platforms. Additionally, they would be barred from restricting users’ ability to download, install, or use third-party apps in any way, and must allow users to select default settings freely.
Both domestic and international tech firms have voiced concerns about the potential impact of these regulations on their operations. A key US lobby group has already opposed the move, fearing its business impact. The primary worry is that the new laws could stifle innovation and place difficult compliance burdens on companies. That sentiment echoes the broader global debate on the balance between regulation and innovation in the tech sector.
Why does it matter?
Market Dynamics: These laws could significantly alter the competitive landscape in India’s tech industry, making it easier for smaller companies to challenge established giants.
Consumer Protection: Robust antitrust regulations are designed to protect consumers from monopolistic practices that can lead to higher prices, reduced choices, and stifled innovation. Ensuring fair competition can enhance consumer welfare.
Global Influence: By aligning its regulatory framework with that of the EU, India could influence how other emerging markets approach antitrust issues.
Investment Climate: Clear and consistent regulatory standards can attract foreign investment by providing a predictable business environment. However, the perceived stringency of these laws could also deter some investors concerned about compliance costs and regulatory risks.
