EU

EU charges Microsoft over Teams bundling

EU antitrust regulators have accused Microsoft of illegally bundling its Teams chat and video app with its Office product suite, claiming the company’s recent efforts to separate the two were insufficient. The European Commission stated that Microsoft breached antitrust rules by tying Teams to its popular Office 365 and Microsoft 365 suites, which stifled competition.

The regulatory action follows a 2020 complaint by Slack, a rival workspace messaging app owned by Salesforce. Microsoft introduced Teams to Office 365 in 2017 at no extra cost, replacing Skype for Business, and its use surged during the pandemic due to its video conferencing capabilities.

The European Commission has preliminarily determined that Microsoft’s changes don’t adequately address the competition concerns and that more actions are needed. Microsoft has expressed willingness to work with the EU regulators to find acceptable solutions.

EU cybersecurity exercise organised to test energy sector’s cyber resilience

The 7th edition of Cyber Europe, organised by the European Union Agency for Cybersecurity (ENISA), tested the resilience of the EU energy sector, highlighting cybersecurity as an increasing threat to critical infrastructure. In 2023, over 200 cyber incidents targeted the energy sector, with more than half aimed specifically at Europe, underscoring the sector’s vulnerability due to its crucial role in the European economy.

Juhan Lepassaar, Executive Director of ENISA, highlighted the exercise’s role in enhancing preparedness and response capacities to protect critical infrastructure, essential for the single market’s stability.

According to ENISA’s Network and Information Security (NIS) Investments report, 32% of energy sector operators lack Security Operations Center (SOC) monitoring for critical Operation Technology (OT) processes, while 52% integrate OT and Information Technology (IT) under a single SOC.

This year’s Cyber Europe exercise focused on a scenario involving cyber threats to EU energy infrastructure amidst geopolitical tensions. Over two days, stakeholders from 30 national cybersecurity agencies and numerous EU bodies collaborated, developing crisis management skills and coordinating responses to simulated cyber incidents. The exercise, one of Europe’s largest, involved over thousand experts across various domains, facilitated by ENISA, which celebrates its 20th anniversary in 2024.

EU faces controversy over proposed AI scanning law

The EU is facing significant controversy over a proposed law that would require AI scanning of users’ photos and videos on messaging apps to detect child sexual abuse material (CSAM). Critics, including major tech companies like WhatsApp and Signal, argue that this law threatens privacy and encryption, undermining fundamental rights. They also warn that the AI detection systems could produce numerous false positives, overwhelming law enforcement.

A recent meeting among the EU member states’ representatives failed to reach a consensus on the proposal, leading to further delays. The Belgian presidency had hoped to finalise a negotiating mandate, but disagreements among member states prevented progress. The ongoing division means that discussions on the proposal will likely continue under Hungary’s upcoming EU Council presidency.

Opponents of the proposal, including Signal President Meredith Whittaker and Proton founder Andy Yen, emphasise the dangers of mass surveillance and the need for more targeted approaches to child protection. Despite the current setback, there’s concern that efforts to push the law forward will persist, necessitating continued vigilance from privacy advocates.

Wolfspeed delays $3 billion chip plant in Germany as EU slows down semiconductor industry

Wolfspeed has delayed its $3 billion chip plant project in Germany, highlighting the European Union’s challenges in boosting semiconductor production. Originally set to begin construction this year, the plant in Saarland is now postponed to mid-2025. Wolfspeed, under pressure from an activist investor due to a significant drop in stock value, is focusing on ramping up production in New York instead.

The delay reflects broader issues within the EU’s efforts to enhance its semiconductor industry through the 2022 Chips Act, which aimed to raise €43 billion. Despite ambitious plans from companies like Intel, TSMC, and Infineon, many projects have yet to receive necessary EU state aid approval, crucial for their financial viability. The region’s goal to capture 20% of the global semiconductor market by 2030 appears increasingly unattainable.

Why does it matter?

Germany, a major player in these plans, faces a budget crisis, casting doubt on its infrastructure commitments, though officials claim semiconductor funding remains secure. Meanwhile, European political shifts could threaten support for key projects, complicating efforts to reduce reliance on Asian chip producers. Despite these setbacks, some projects, like TSMC’s in Dresden and STMicroelectronics’ plant in Italy, are progressing with the EU approval and ongoing construction.

Meta halts AI launch in Europe after EU regulator ruling

Meta’s main EU regulator, the Irish Data Protection Commission (DPC), requested that the company delay the training of its large language models (LLMs) on content published publicly by adults on the company’s platforms. In response, Meta announced they would not be launching their AI in Europe for the time being. 

The main reason behind the request is Meta’s plan to use this data to train its AI models without explicitly seeking consent. The company claims it must do so or else its AI ‘won’t accurately understand important regional languages, cultures or trending topics on social media.’ It is already developing continent-specific AI technology. Another cause for concern is Meta’s use of information belonging to people who do not use its services. In a message to its Facebook users, it said that it may process information about non-users if they appear in an image or are mentioned on their platforms. 

The DPC welcomed Meta’s decision to delay its implementation. The commission is leading the regulation of Meta’s AI tools on behalf of EU data protection authorities (DPAs), 11 of which received complaints by advocacy group NOYB (None Of Your Business). NOYB argues that the GDPR is flexible enough to accommodate this AI, as long as it asks for the user’s consent. The delay comes right before Meta’s new privacy policy comes into force on 26 June. 

Beyond the EU, the executive director of the UK’s Information Commissioner’s Office was pleased with the delay, and added that ‘in order to get the most out of generative AI and the opportunities it brings, it is crucial that the public can trust that their privacy rights will be respected from the outset.’

EU charges Apple and Meta for non-compliance

Apple and Meta Platforms are set to face charges from the European Commission for failing to comply with the EU’s Digital Markets Act (DMA) before the summer. The DMA aims to curb the dominance of Big Tech by ensuring fair competition and making it easier for users to switch between competing services. Apple and Meta are the Commission’s priority cases, with Apple expected to be charged first, followed by Meta.

Apple’s charges will focus on its App Store policies, which allegedly restrict app developers from informing users about alternative offers and impose new fees. Additionally, a separate investigation into Apple’s Safari web browser is expected to take more time. Meta’s charges will centre on its recent ‘pay or consent’ model for Facebook and Instagram, which requires users to either pay for an ad-free experience or consent to targeted advertising.

Both companies have the opportunity to address the concerns before the final decision, which could result in fines of up to 10% of their global annual turnover. Apple stated in March that it believes its plans comply with the DMA and is engaging constructively with the Commission. Meta and the Commission declined to comment on the ongoing investigations.

European groups urge fairness in EU cybersecurity label for Big Tech

A proposed cybersecurity certification scheme (EUCS) for cloud services has raised concerns among 26 industry groups across Europe, who caution against potential discrimination towards major US tech firms like Amazon, Alphabet’s Google, and Microsoft. The European Commission, EU cybersecurity agency ENISA, and EU countries are set to discuss the scheme, which has seen multiple revisions since its draft release in 2020. The EUCS aims to help governments and businesses select secure and reliable cloud vendors, a critical consideration in the rapidly growing global cloud computing industry.

The latest version of the scheme, updated in March, removed stringent sovereignty requirements that would have forced US tech giants to form joint ventures or collaborate with EU-based companies to handle data within the bloc, a criterion for earning the highest EU cybersecurity label. In a joint letter, the industry groups argued for a non-discriminatory EUCS that fosters the free movement of cloud services across Europe, aligning with industry best practices and supporting Europe’s digital goals and security resilience.

The signatories, which include various chambers of commerce and industry associations from several European countries, emphasised the importance of diverse and resilient cloud technologies for their members to compete globally. They welcomed the removal of ownership controls and specific data protection requirements, arguing that these changes would ensure cloud security improvements without discriminating against non-EU companies.

EU cloud vendors like Deutsche Telekom, Orange, and Airbus have advocated for sovereignty requirements, fearing non-EU government access to European data under foreign laws. However, the industry groups contend that the inclusive approach of the revised EUCS will better serve Europe’s digital and security needs while promoting a competitive market environment.

India’s EU-inspired antitrust law raises concerns among tech giants

India’s recent legislative push to implement antitrust laws like those in the EU has stirred significant concern among technology giants operating within the country, like Google, Meta, Apple and Amazon. That move, aimed at curbing the dominance of big tech companies and fostering a more competitive market environment, was met with a mixed reception, particularly from those within the technology sector.

The proposed antitrust law draws inspiration from the regulatory framework of the EU, which has been at the forefront of global antitrust enforcement. The EU’s regulations are known for their rigorous scrutiny of large tech corporations, often resulting in major fines and operational restrictions for companies that violate competition laws. Adaptation of this model in India signals a shift towards more assertive regulatory practices in the tech industry.

The Indian government is examining a panel’s report proposing a new ‘Digital Competition Bill‘ to complement existing antitrust laws. The law would target ‘systemically significant digital’ companies with a domestic turnover exceeding $480 million or a global turnover over $30 billion, along with a local user base of at least 10 million for its digital services. Companies would be required to operate in a fair and non-discriminatory manner, with the bill recommending a penalty of up to 10% of a company’s global turnover for violations, mirroring the EU’s Digital Markets Act. Big digital companies would be prohibited from exploiting non-public user data and from favoring their own products or services on their platforms. Additionally, they would be barred from restricting users’ ability to download, install, or use third-party apps in any way, and must allow users to select default settings freely.

Both domestic and international tech firms have voiced concerns about the potential impact of these regulations on their operations. A key US lobby group has already opposed the move, fearing its business impact. The primary worry is that the new laws could stifle innovation and place difficult compliance burdens on companies. That sentiment echoes the broader global debate on the balance between regulation and innovation in the tech sector.

Why does it matter?

  •  Market Dynamics: These laws could significantly alter the competitive landscape in India’s tech industry, making it easier for smaller companies to challenge established giants. 
  • Consumer Protection: Robust antitrust regulations are designed to protect consumers from monopolistic practices that can lead to higher prices, reduced choices, and stifled innovation. Ensuring fair competition can enhance consumer welfare.
  • Global Influence: By aligning its regulatory framework with that of the EU, India could influence how other emerging markets approach antitrust issues.
  • Investment Climate: Clear and consistent regulatory standards can attract foreign investment by providing a predictable business environment. However, the perceived stringency of these laws could also deter some investors concerned about compliance costs and regulatory risks.

LinkedIn disables targeted ads tool to comply with EU regulations

In a move to align with EU’s technology regulations, LinkedIn, the professional networking platform owned by Microsoft, has disabled a tool that facilitated targeted advertising. The decision comes in adherence to the Digital Services Act (DSA), which imposes strict rules on tech companies operating within the EU.

The move by LinkedIn followed a complaint by several civil society organizations, including European Digital Rights (EDRi), Gesellschaft für Freiheitsrechte (GFF), Global Witness, and Bits of Freedom, to the European Commission. These groups raised concerns that LinkedIn’s tool might allow advertisers to target users based on sensitive personal data such as racial or ethnic origin, political opinions, and other personal details due to their membership in LinkedIn groups.

In March, the European Commission had sent a request for information to LinkedIn after these groups highlighted potential violations of the DSA. The DSA requires online intermediaries to provide users with more control over their data, including an option to turn off personalised content  and to disclose how algorithms impact their online experience. It also prohibits the use of sensitive personal data, such as race, sexual orientation, or political opinions, for targeted advertising. In recent years, the EU has been at the forefront of enforcing data privacy and protection laws, notably with the GDPR. The DSA builds on these principles, focusing more explicitly on the accountability of online platforms and their role in shaping public discourse.

A LinkedIn spokesperson emphasised that the platform remains committed to supporting its users and advertisers, even as it navigates these regulatory changes. “We are continually reviewing and updating our processes to ensure compliance with applicable laws and regulations,” the spokesperson said. “Disabling this tool is a proactive step to align with the DSA’s requirements and to maintain the trust of our community.” EU industry chief Thierry Breton commented on LinkedIn’s move, stating, “The Commission will monitor the effective implementation of LinkedIn’s public pledge to ensure full compliance with the DSA.” 

Why does it matter?

The impact of LinkedIn’s decision extends beyond its immediate user base and advertisers. Targeted ads have been a lucrative source of income for social media platforms, allowing advertisers to reach niche markets with high precision. By disabling this tool, LinkedIn is setting a precedent for other tech companies to follow, highlighting the importance of regulatory compliance and user trust.

Meta faces EU complaints over AI data use

Meta Platforms is facing 11 complaints over proposed changes to its privacy policy that could violate EU privacy regulations. The changes, set to take effect on 26 June, would allow Meta to use personal data, including posts and private images, to train its AI models without user consent. Advocacy group NOYB has urged privacy watchdogs to take immediate action against these changes, arguing that they breach the EU’s General Data Protection Regulation (GDPR).

Meta claims it has a legitimate interest in using users’ data to develop its AI models, which can be shared with third parties. However, NOYB founder Max Schrems contends that the European Court of Justice has previously ruled against Meta’s arguments for similar data use in advertising, suggesting that the company is ignoring these legal precedents. Schrems criticises Meta’s approach, stating that the company should obtain explicit user consent rather than complicating the opt-out process.

In response to the impending policy changes, NOYB has called on data protection authorities across multiple European countries, including Austria, Germany, and France, to initiate an urgent procedure to address the situation. If found in violation of GDPR, Meta could face strict fines.