Europe’s digital decade: How the EU is regulating technology

21 Nov 2023

Image: © Nancy Pauwels/Stock.adobe.com

We speak to Leo Moore, a partner and head of technology at William Fry, about the many facets of the EU’s digital reforms this decade to keep the bloc one step ahead of tech.

“The EU is pursuing a human-centric, sustainable vision for digital society throughout the digital decade to empower citizens and businesses,” says Leo Moore, partner and head of the technology group at William Fry.

He is referring to the EU Digital Decade policy programme, which is a comprehensive framework that lays down concrete targets and objectives in Europe’s digital transformation for 2030.

The framework, which was recently published by the European Commission, will impact how businesses use and engage with non-personal data content and tech platforms, cybersecurity and artificial intelligence.

Its core objective, Moore says, is to reduce the risks associated with online services and ensure a “harmonised approach” to managing these risks across the EU. “This will result in legislative reforms creating a seismic shift that will affect the entire technology sector.”

But what are the specific digital reforms it proposes and how will they impact businesses? According to Moore, the Digital Decade framework will result in new legislation across four key areas: digital services, AI, cyber and data.

“It is anticipated that these new laws will result in a secure, safe and sustainable digital environment for individuals,” he explains. “However, it will create new obligations and regulations for businesses affected, requiring investment and new functions to ensure compliance with quite complex and onerous new rules.”

Data, AI and cyber

AI, which has taken centre stage at the theatres of both private enterprise and regulatory bodies, is being treated with two new laws in the EU.

First is the landmark AI Act passed in June, which aims to curb the dangers of the emerging technology and monitor its application across industries. Second is the AI Liability Directive, which introduces rules for damages caused by AI systems.

“It will apply to providers and users of AI systems, and victims of injury and/or damage of these systems. Businesses developing or providing AI-enabled products and services will be caught under this directive,” Moore says.

Then there are the two major digital services acts, including the Digital Services Act (DSA) itself and the closely related Digital Markets Act, both of which aim to rein in the power of Big Tech to make platforms more safe, transparent and fair.

At the national level in Ireland, there’s also the Online Safety and Media Regulation Act, or OSMR, which establishes a new regulator called Coimisiún na Meán to tackle the spread of harmful content online.

“The OSMR applies to providers of broadcasting services; audio-visual on-demand media services; and any ‘relevant online service’ designated by the commission as being subject to online safety codes,” explains Moore.

“There is some overlap with the DSA, and An Coimisiún is the designated supervisory authority under the DSA as well as the OSMR.”

Under the data category of the EU digital reforms, there’s the Data Act which facilitates third-party access to data generated by providers and manufacturers of connected devices and smart objects on certain terms.

According to Moore, it will reinforce the GDPR’s “right to data portability” as it will allow end-users to switch providers and facilitate the transfer of data gathered through smart and connected devices from one provider to another.

To compliment the Data Act, there’s the EU Data Governance Act, or DGA, which aims to make more data available and facilitate data sharing across sectors and EU countries to use data for the benefit of European citizens and businesses.

“The DGA applies to personal and non-personal data, and imposes obligations on public sector bodies, data sharing service providers (data intermediation services) and data altruism organisations,” says Moore.

“There is also the E-Privacy Regulation that aims to strengthen online privacy of citizens by introducing a single set of rules that will apply across the EU. People and businesses in the EU will enjoy additional protections relating to their electronic communications.”

And finally, there’s the NIS2, an EU directive that provides legal measures to boost the overall level of cybersecurity in the bloc. Moore said that it modernises the existing legal framework to “keep up” with digitisation and an evolving cybersecurity threat landscape.

The Digital Operational Resilience Act and the Cyber Resilience Act, both aimed at digital transformation in the EU’s cybersecurity space, set out governance requirements for financial entities and strengthens cyber rules to ensure “more secure” hardware and software.

Irish regulators to play a central role

Of the top 10 US technologies companies that have regional headquarters in the EU, Ireland is home to a whopping nine of them. This is in addition to a burgeoning domestic tech sector, including many unicorns and ‘soonicorns’.

“With such a large cohort of technology companies headquartered in Ireland, the newly appointed Irish regulators will be playing a central role in the harmonised enforcement of the regulations in collaboration and cooperation with the other regulators across the EU,” Moore argues.

“Existing regulators such as the Irish DPC, the Competition and Consumer Protection Commission and ComReg will oversee the implementation of new legislation that falls under their respective remits but will also work in a collaborative way with other regulators.”

Overall, Moore argues, the EU is moving from a digital environment that was “largely self-regulated” to a “highly regulated” one.

“This will require affected companies to seek education and then implement legal and organisational reforms to effect required changes governing internet use and provision of online services,” he says, adding that this will create new jobs and more enforcement actions and litigation.

“With its unique position in the EU, Ireland will need to ensure it has the relevant resources to enforce and monitor those that come withing the scope of the EU Digital Reforms.

“While the emerging digital landscape will align and harmonise the laws across the EU, there is a concern that some of the laws will also hamper the speed of innovation within the EU.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com