EU

EU lawmakers to negotiate next data protection supervisor

Lawmakers are set to negotiate with EU member states to determine the next European Data Protection Supervisor (EDPS), following the expiration of the current EDPS, Wojciech Wiewiórowski’s mandate in December. The decision on his successor is expected in March at the earliest, with both the European Parliament and member states backing different candidates. The Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE) voted to appoint Bruno Gencarelli, an Italian Commission official, while member states are supporting Wiewiórowski for another term.

The European Parliament’s group leaders have recently backed the LIBE decision, but a joint committee with the Council of the EU needs to be set up to finalise the appointment. The configuration of the committee is still under discussion. Meanwhile, privacy experts have expressed concern over Gencarelli’s candidacy, arguing that the next EDPS should not come from within the Commission due to potential conflicts of interest, citing past decisions such as the EDPS ruling against Microsoft 365’s use by the EU executive.

The EDPS role, while unable to fine Big Tech companies directly, is significant in shaping EU privacy law, as it publishes opinions on legislative proposals. The new appointee will play a crucial role in overseeing the data protection practices of EU institutions and ensuring that privacy rights are upheld.

ECB pushes for faster digital euro launch

The European Central Bank (ECB) is keen to accelerate the creation of the digital euro, particularly following US President Donald Trump’s endorsement of stablecoins linked to the US dollar. ECB board member Piero Cipollone highlighted that Trump’s backing could push European lawmakers to fast-track the legislation for the digital euro. The ECB envisions the digital euro as a central bank-backed online wallet, offering an alternative to major US payment providers like Visa and PayPal.

Despite the European Commission’s proposal for digital euro legislation in June 2023, progress has been slow due to some scepticism in the political and banking sectors. Cipollone remains optimistic that recent developments, including the rise of US stablecoins, will prompt greater urgency from EU lawmakers. He expressed hope that the digital euro legislation could be finalised by summer, allowing for negotiations with the Commission to be wrapped up before November.

Cipollone also raised concerns over the growing use of US stablecoins in Europe, warning that it could lead to a shift of deposits from European banks to the US. He acknowledged bankers’ fears that a digital euro could have a similar effect. Still, he reassured that the ECB would likely limit the amount of digital euros users can hold to prevent destabilisation. Several countries, including Nigeria and China, have already launched central bank digital currencies, while many others, such as Russia and Brazil, are in the testing phase.

EU supports OpenEuroLLM for open-source AI innovation

The European Commission has launched the OpenEuroLLM Project, a new initiative aimed at developing open-source, multilingual AI models. The project, which began on February 1, is supported by a consortium of 20 European research institutions, companies, and EuroHPC centres. Coordinated by Jan Hajič from Charles University and co-led by Peter Sarlin of AMD Silo AI, the project is designed to produce large language models (LLMs) that are proficient in all EU languages and comply with the bloc’s regulatory framework.

The OpenEuroLLM Project has been awarded the Strategic Technologies for Europe Platform (STEP) Seal, a recognition granted to high-quality initiatives under the Digital Europe Programme. This endorsement highlights the project’s importance as a critical technology for Europe. The LLMs developed will be open-sourced, allowing their use for commercial, industrial, and public sector purposes. The project promises full transparency, with public access to documentation, training codes, and evaluation metrics once the models are released.

The initiative aims to democratise access to high-quality AI technologies, helping European companies remain competitive globally and empowering public organisations to deliver impactful services. While the timeline for model release and specific focus areas have not yet been detailed, the European Commission has already committed funding and anticipates attracting further investors in the coming weeks.

EU bans AI tracking of workers’ emotions and manipulative online tactics

The European Commission has unveiled new guidelines restricting how AI can be used in workplaces and online services. Employers will be prohibited from using AI to monitor workers’ emotions, while websites will be banned from using AI-driven techniques that manipulate users into spending money. These measures are part of the EU’s Artificial Intelligence Act, which takes full effect in 2026, though some rules, including the ban on certain practices, apply from February 2024.

The AI Act also prohibits social scoring based on unrelated personal data, AI-enabled exploitation of vulnerable users, and predictive policing based solely on biometric data. AI-powered facial recognition CCTV for law enforcement will be heavily restricted, except under strict conditions. The EU has given member states until August to designate authorities responsible for enforcing these rules, with breaches potentially leading to fines of up to 7% of a company’s global revenue.

Europe’s approach to AI regulation is significantly stricter than that of the United States, where compliance is voluntary, and contrasts with China‘s model, which prioritises state control. The guidelines aim to provide clarity for businesses and enforcement agencies while ensuring AI is used ethically and responsibly across the region.

Belgium plans AI use for law enforcement and telecom strategy

Belgium‘s new government, led by Prime Minister Bart De Wever, has announced plans to utilise AI tools in law enforcement, including facial recognition technology for detecting criminals. The initiative will be overseen by Vanessa Matz, the country’s first federal minister for digitalisation, AI, and privacy. The AI policy is set to comply with the EU’s AI Act, which bans high-risk systems like facial recognition but allows exceptions for law enforcement under strict regulations.

Alongside AI applications, the Belgian government also aims to combat disinformation by promoting transparency in online platforms and increasing collaboration with tech companies and media. The government’s approach to digitalisation also includes a long-term strategy to improve telecom infrastructure, focusing on providing ultra-fast internet access to all companies by 2030 and preparing for potential 6G rollouts.

The government has outlined a significant digital strategy that seeks to balance technological advancements with strong privacy and legal protections. As part of this, they are working on expanding camera legislation for smarter surveillance applications. These moves are part of broader efforts to strengthen the country’s digital capabilities in the coming years.

Apple criticises first porn app on iPhone in EU

Apple has criticised the availability of a pornography app on iPhones in the European Union, blaming the Digital Markets Act (DMA) for undermining consumer trust. The regulation, which took effect in 2022, forced Apple to permit alternative app stores, leading to the distribution of an adult content app called Hot Tub via AltStore.

Apple expressed concern about the safety risks posed by such apps, particularly for younger users. AltStore, which received financial backing from Epic Games, stated that Apple’s notarisation process approved Hot Tub. Apple, however, dismissed this claim, insisting that EU rules compelled it to allow the app but that it would never have accepted it in its own store.

Epic Games’ CEO defended laws like the DMA, arguing that Apple had previously abused its control over competing apps. Despite its support for AltStore’s expansion, Epic Games clarified that its own app store in the EU does not carry the Hot Tub app and has never hosted pornographic content.

EU plans stricter rules for online platforms selling goods

The European Union is preparing to introduce new regulations that would hold e-commerce platforms such as Temu, Shein, and Amazon Marketplace accountable for illegal or unsafe products sold online. Under the proposed customs reforms, online retailers will be required to provide data before goods arrive in the EU, allowing officials to inspect and monitor shipments more effectively.

Currently, consumers purchasing goods online are considered the official importers for customs purposes. The proposed changes would shift this responsibility to online platforms, making them liable for ensuring compliance with EU safety standards, as well as collecting duty and VAT. The reforms also include the creation of a central EU customs authority (EUCA) to oversee inspections and identify risks before shipments enter the bloc.

The draft proposal aims to improve consumer safety and close regulatory gaps in online commerce. E-commerce giants have not yet responded to the proposed changes, which could have significant financial and operational implications for their businesses.

Irish regulator wants answers from DeepSeek on data practices

Ireland’s Data Protection Commission (DPC) has asked Chinese AI company DeepSeek to clarify how it processes the personal data of Irish users. The request comes as part of ongoing efforts to ensure compliance with European data protection laws.

Unlike major US tech firms that base their EU operations in Ireland, DeepSeek has not designated the country as its European headquarters. This means the company does not fall under the same oversight framework as other large technology firms, prompting the regulator to seek direct answers on its data handling practices.

The DPC’s inquiry highlights the increasing scrutiny of foreign tech companies operating in Europe, especially those dealing with sensitive user information. As concerns over privacy and data security continue to grow, regulators are expected to tighten enforcement to ensure adherence to strict EU data protection laws.

EU sanctions three Russians over 2020 cyberattacks on Estonia

The European Union has imposed sanctions on three Russian nationals for their alleged role in cyberattacks targeting Estonia in 2020. Nikolay Korchagin, 28, Vitaly Shevchenko, 28, and Yuriy Denisov, 45—suspected operatives of the cyber division of Russia’s GRU military intelligence service—are accused of breaching classified Estonian government networks and stealing sensitive data.

According to the Council of the EU, the attacks compromised thousands of confidential documents, including business secrets, health records, and other critical information. In September 2024, Estonia publicly attributed the attack to Unit 29155, marking the first time the country formally identified a state-backed cyber operation.

‘Both a national and an international investigation that included 10 countries showed that Russia aimed to damage national computer systems, obtain sensitive information and strike a blow against our sense of security,’ Estonian Foreign Minister Margus Tsahkna stated at the time.

As part of the sanctions, Korchagin, Shevchenko, and Denisov face an asset freeze, a prohibition on EU individuals and businesses providing them with funds, and a travel ban barring them from entering or transiting through the EU territory.

The move follows a similar decision by the US government in September last year. The US Department of Justice indicted members of Unit 29155 and placed a $10 million bounty for information aiding prosecution. The indictment primarily focused on the WhisperGate cyberattack—a data-wiping operation targeting Ukraine ahead of Russia’s 2022 invasion. Korchagin and Denisov were specifically named in the US sanctions, while Shevchenko was labelled an ‘associated individual’ by the State Department.

Last year, the EU’s credibility in cyber sanctions was undermined when a clerical error in a formal sanctions notice mistakenly identified the wrong Russian intelligence agency responsible for a series of cyberattacks. Additionally, Bart Groothuis, a Dutch MEP and former Ministry of Defence employee, noted that the EU’s response remains fragmented, particularly in comparison to coordinated actions taken by the US and UK.

Google appeals EU’s record antitrust fine

Google has appealed to the EU’s top court to overturn a record 4.3-billion-euro antitrust fine imposed seven years ago, arguing that the penalty punished the company for its innovation. The fine was originally levied by the European Commission, which accused Google of using its Android operating system to suppress competition by forcing manufacturers to pre-install Google Search, Chrome, and the Google Play store on devices. While the fine was later reduced to 4.1 billion euros by a lower court, Google maintains that its actions fostered competition, not hindered it.

During Tuesday’s hearing, Google lawyer Alfonso Lamadrid stated that the Commission failed to meet its legal obligations and relied on errors in law. Lamadrid defended Google’s agreements with phone manufacturers, insisting they were not anti-competitive, but rather beneficial to the market. The case centres on whether the European Commission acted appropriately in its investigation and decision to reshape markets through such penalties.

The judges of the Luxembourg-based Court of Justice of the European Union will make a final ruling in the coming months, with no further opportunity for appeal. In addition to this case, Google remains under scrutiny by EU regulators for its advertising business, with another major decision expected later this year.