Q1/2020 - European Union, Brussels

Brussels, 1 December 2019

Strategy for a digital Europe, Brussels, 19 February 2020

On 19 February 2020, the new European Commission presented its strategy for a digital Europe for the coming 5 years[1]. Ursula von der Leyen, President of the European Commission, pointed out that the future of Europe was “green and digital”. Europe wanted to shape its digital future independently on the basis of the “European values”. She explained that the new digital strategy covered all fields: from cyber security to digital economy, the basic democratic rights and new technological developments. Van der Leyen was supported by the Executive Vice President of the EU Commission, Margrethe Vestager, and by Commission member Thierry Breton. The two Commissioners are responsible for the implementation of the digital strategy. All in all, five documents were presented:

  1. Communication “Shaping Europe's digital future”
  2. Communication “A European strategy for data”,
  3. White Paper “On Artificial Intelligence”,
  4. Expert report “Towards a European strategy on business-to-government data sharing for the public interest”,
  5. Commission report on safety and liability implications of AI, the Internet of Things and robotics.

Shaping Europe's digital future: In four sections, the document outlines the key strategic cornerstones the EU intends to rely on in order to prepare itself for the digital age in the next five years. The digital Europe shall be “open, fair, diverse, democratic and confident” and be based on the European “values”. Europe‘s technological sovereignty, it says, is derived from the ability to determine its own rules and values. European technological sovereignty is not defined against anyone else, but focusing on the needs of Europeans and of the European model of social market economy. The EU will remain open to anyone willing “to play by European rules”. The overall strategy is a “complex puzzle”. For the four strategic areas, a total of 28 key actions is proposed.

Technology that works for people: Europe must invest more in its strategic capacities, above all in 5G/6G, deep tech and education in digital skills. Artificial intelligence will play a major role in this context. The changes will go far beyond the technical sector, especially in the field of cyber security. The transition must be fair and just and encourage women to fully take part. The design of the platform economy must ensure that disturbances of the labour market do not result in undermining of social rights. The key actions include

  1. The drafting of a White Paper on Artificial Intelligence with the purpose to create a legislative framework,
  2. The establishment of a Cybersecurity Unit,
  3. A Digital Education Action Plan,
  4. An Interoperability Strategy, and
  5. A Framework for Platform Workers[2].

A fair and competitive economy: Europe needs a genuine digital market, where data are widely and easily available, easily accessible, and simple to use and process. Administrative burdens and hampering legal regulations must be reduced, in particular for SMEs. The rules that apply offline must also apply online. The European competition law must be adjusted. This includes the creation of a tax regime that makes it impossible for a small group of large Internet platform companies to avoid paying taxes. The key actions proposed in this field include

  1. The drafting of a “European Data Strategy”,
  2. A fitness check for current European legislation concerning the digital economy, and
  3. A strategy for introducing a global digital tax in cooperation with the OECD[3].

An open, democratic and sustainable society: A digital Europe must be based on the rule of law. There is no doubt in Europe that what is illegal offline is also illegal online in Europe. This affects particularly the fundamental rights and freedoms of European citizens, including data and consumer protection. Citizens and consumers need more control over their own data. A universally accepted “electronic Identity” (eID) would be helpful in this respect. Protective measures for democratic processes such as elections and referendums are necessary to protect these processes against manipulation and disinformation campaigns. This also includes strengthening "trustworthy quality media", such as public broadcasting. The key actions proposed in this field include

  1. New and revised European legislative provisions within the framework of the newly proposed “Digital Services Act”,
  2. A revised regulation for electronic identity (eIDAS), and
  3. An action plan for the media sector and a “European Democracy Action Plan”[4].

The international dimension: Europe as a global player: The strength of Europe in geopolitical terms is its regulatory power, but also its industrial and technological capabilities, its diplomatic instruments and global aid programs. Europe must assume a leading role in the international negotiations on Internet issues, such as cyber security, digital economy, human rights and technology within the UN ecosystem, the G20, the OECD and other institutions like the standardisation bodies. This applies in particular to issues like 5G, Internet of Things and artificial intelligence. Europe has special responsibility for the cooperation with Africa. Therefore, the EU-AU Digital Economy Task Force must be strengthened. As regards digital trade, unjustified restrictions for European companies must be removed. The key actions proposed in this field include

  1. The drafting of a “Global Digital Cooperation Strategy” by 2021,
  2. A white paper on an instrument on foreign subsidies for the digital economy,
  3. A strategy for standardisation, and
  4. An action plan to promote the European approach in bilateral relations and multilateral negotiation fora[5].

European Strategy for Data: In a communication to the European Parliament and the European Council dated 19 February 2020, the European Commission set out its strategy for handling data[6]. According to this document, data is the central resource of the digital transformation, the lifeblood of economic development (data-agile economy). By 2030, the EU must have become “the most attractive, most secure and most dynamic data-agile economy in the world”. At present, a small group of large companies controls the major share of all data. But the leading competitors, the US and China, have other strategic concepts – the US relies exclusively on market mechanisms, China on state control. Europe opposes these approaches with a balanced concept, in which the use of the resource data is reconciled with the guarantee of data privacy, security and ethical standards. Europe has a large reservoir of previously untapped non-personal industrial data and public data. The amount of this data will grow exponentially in the context of the Internet of Things, especially in the areas of G2B (Government to Business), B2B (Business to Business), B2G (Business to Government) and G2G (Government to Government). This will open a window of opportunity for Europe. Today's winners do not necessarily have to be those of tomorrow. Europe's technological sovereignty is not based on isolation, but expects global partners to respect European values and statutory basis. The communication cites national fragmentation, lack of interoperability, underdeveloped consumer awareness and skills gaps as European weaknesses. The strategy is based on four interlinked lines of action:

  • Cross-cultural governance framework for data access and use: An overarching legal framework for the governance of a common European data space must be created. Moreover, high-quality public sector data must be made available to the private sector in Europe, in particular to small and medium-sized enterprises and start-ups. By 2021,regulations shall have been drafted in a data act for this new level of data sharing between the public and the private sector[7].
  • Enablers: Investment in data and strengthening Europe´s capabilities and infrastructure for hosting, processing and using data, interoperability: Within the scope of this action line, the European Union intends to develop a project extending up until 2027 for developing a European cloud (High Impact Project on European data spaces and federated cloud infrastructure). National initiatives – like Germany’s GAIA-X project – shall be integrated and it is intended to adopt a memorandum of understanding with all EU member states (“EU Cloud Federation”). Existing cloud codes of conduct and certifications related to security, energy efficiency, quality of service, data privacy and data portability shall be compiled in an EU cloud book[8].
  • Competences: Empowering individuals, investing in skills and in SMEs. The communication laments that on both the user side and the provider side there is insufficient awareness of the issue and that a fundamental lack of qualification exists. Investments must be made in education programs designed to increase consumer awareness with regard to the handling of their personal data and also and in particular to impart to SMEs the knowledge they need (Digital Education Action Plan), so that they can hold their ground in the data-agile economy[9].
  • Common European data space in strategic sectors and domains of public interest: When implementing the activities described for the three areas above, nine common European data spaces shall be created by means of a so-called horizontal framework.
  1. A Common European industrial (manufacturing) data space, to support the competitiveness and performance of the EU’s industry, allowing to capture the potential value of use of non-personal data in manufacturing (estimated at €1,5 trillion by 2027);
  2. A Common European Green Deal data space, to use the major potential of data in support of the Green Deal priority actions on climate change, circular economy, zero-pollution, biodiversity, deforestation and compliance assurance. The “GreenData4All” and “Destination Earth” (digital twin of the Earth) initiatives will cover concrete actions;
  3. A Common European mobility data space, to position Europe at the forefront of the development of an intelligent transport system, including connected cars as well as other modes of transport. Such data space will facilitate access, pooling and sharing of data from existing and future transport and mobility databases;
  4. A Common European health data space, which is essential for advances in preventing, detecting and curing diseases as well as for informed, evidence-based decisions to improve the accessibility, effectiveness and sustainability of the healthcare systems;
  5. A Common European financial data space, to stimulate, through enhanced data sharing, innovation, market transparency, sustainable finance, as well as access to finance for European businesses and a more integrated market;
  6. A Common European energy data space, to promote a stronger availability and cross-sector sharing of data, in a customer-centric, secure and trustworthy manner, as this would facilitate innovative solutions and support the decarbonisation of the energy system;
  7. A Common European agriculture data space, to enhance the sustainability performance and competitiveness of the agricultural sector through the processing and analysis of production and other data, allowing for precise and tailored application of production approaches at farm level;
  8. Common European data spaces for public administration, to improve transparency and accountability of public spending and spending quality, fighting corruption, both at EU and national level, and to address law enforcement needs and support the effective application of EU law and enable innovative computer-aided applications for government action (‘gov tech’), governance (‘reg tech’) and administration of justice (‘legal tech’), supporting practitioners as well as other services of public interest;
  9. A Common European skills data space, to reduce the skills mismatches between the education and training system on the one hand and the labour market needs on the other[10].

White Paper on Artificial Intelligence[11]: On 19 February 2020, the European Commission started a broad multistakeholder consultation with a White Paper for a European approach to artificial intelligence, which shall culminate in key elements of a future regulatory framework for AI in Europe. This regulatory framework shall be developed with a view to the global efforts of the OECD, UNESO, UN, WTO and other global institutions. In May 2019, the OECD adopted a “Declaration on Principles on Artificial Intelligence“, which was supported by the G20 in June 2019. The UNESCO is working at a normative instrument related to this issue. The EU intends to assume a leading role in AI in the next ten years.

For Europe, the White Paper relies above all on the next wave of data. It says that while Europe is lagging behind the major US platforms in the commercial exploitation of personal data, it could gain an edge in the processing of public and economic data (B2G, G2G, B2B, G2) due to its industrial and administrative strengths. However, this would require higher investments. The White Paper states that in 2016, Europe will have invested €3.2 billion in AI, which is far too little compared to China (€6.5 billion) and the USA (€12.1 billion).
In order to achieve the objectives, the White Paper proposes to build an "ecosystem of excellence", which shall comprise investment in research and development across the entire value chain up to promotion of innovative offers by small and medium-sized enterprises. The aim behind this is to overcome the lack of skilled workers and the fragmented landscape of national competence centers in the 27 EU states.
This shall be supplemented by an "ecosystem of trust". European initiatives on artificial intelligence shall be in line with European values and in accordance with the European legal system, including the fundamental and consumer rights of European citizens. An autonomous new legislative framework is envisaged, which will aim at promoting Europe's innovative capacity in the field of AI, while supporting the development and deployment of ethical and trustworthy AI throughout the EU economy to put artificial intelligence at the service of people.
The White Paper also addresses risks, particularly in relation with issues such as face recognition  and human oversight . It is necessary to introduce a mechanism for conformity assessment for AI applications, which also distinguishes between “high risk” and “low risk”.
The White Paper states that a multistakeholder approach is the only way to find appropriate solutions for a European approach to artificial intelligence. All the partners concerned and involved from the private sector, academia and civil society must be involved on a broad basis. A future legislative framework must be based on the seven key demands presented by the EU High-Level Expert Group on AI in April 2019[12].

In addition to the three policy documents, the European Commission published two other papers on 19 February, which all together constitute the new European digital strategy:

  • The report of the “B2G Expert Group: Towards a European strategy on business-to-government data sharing for the public interest” states that a large amount of data held by European public administrations in Europe is not yet available for commercial use. Thus, great potential for the development of innovative services for European citizens remains unused. The report recommends how this potential can be tapped by new "data sharing" strategies in the G2B, but also in the B2G sector, taking into account European values and the fundamental rights of citizens[13].
  • The “Commission Report on safety and liability implications of AI, the Internet of Things and Robotics” deals with product safety and liability implications of new digital technologies such as artificial intelligence, Internet of Things and robotics. It requests existing product safety regulations, in particular the Directive on General Product Safety, the Machinery Directive and the Radio Equipment Directive to be adapted[14].

EU Toolbox zu 5G, Brussels 29 January 2020

On 29th January the European Commission published a so-called toolbox (EU toolbox on 5G cybersecurity) that aims to help European governments in dealing with calls for tender for national 5G networks in a differentiated manner[15]. The EU Commission recommends a series of measures such as the specification of security requirements for network operators, concrete supervisory mechanisms, precise risk analyses, differentiation between high and low risk areas, diversification of supply chains and suppliers as well as own research into 5G and subsequent technology generations such as 6G.

Speech of Ursula von der Leyen, President of the European Commission, at the World Economic Forum, Davos, 22 January 2020

Even before the new European digital strategy was published, the new EU Commission President Ursula von der Leyen had stated in a keynote speech at the Davos World Economic Forum that Europe should become “green” and “digital”[16]. Neither state control of the Internet (as in China) nor pure market control (as in the USA) was desired in Europe. European digital policy should combine economic efficiency and innovation with European values and individual fundamental rights. The European data strategy should enable Europe to become the most attractive, most secure and most dynamic “data-agile economy” in the world. Von der Leyen placed particular emphasis on the “new data wave” of “non-personal data” that will be generated in the economy and administration in the 2020s. She pointed out that up to now, 85 percent of this data were not processed further. Those data were hidden treasures and untapped opportunities for business and society. The innovative and comprehensive use of that growing resource of “non-personal data”, combined with the rights to the protection of “personal data” enshrined in the EU General Data Protection Regulation were characteristic of the European path to digitisation.

High Level Internet Governance Working Group (HLIG), Brussels, 28 January 2020

On 28 January 2020, the EU High-Level Group on Internet Governance (HLIG) held a meeting in Brussels[17].

The HLIG was established in 2003 between the two phases of the UN World Summit on the Information Society (WSIS). It is an institution of the EU Member States but has no decision-making powers. Its task is to ensure that the EU speaks "with one voice" in international negotiations on Internet Governance. The HLIG meets three to four times a year in closed sessions. For some years now, the HLIG meetings have been preceded by a “multistakeholder segment” with representatives from the private sector, civil society and the technical community. These consultations serve to find common ground with regard to current conferences and processes. No decisions are taken.

At the meeting in Brussels on 28 January 2020, there was a report on the IGF in Berlin (November 2019) and an outlook for the IGF in Katowice (November 2020), an outlook for EURODIG in Trieste (June 2020), a report by the German government on the implementation of the UN High Level Report (recommendation5A/B), a report by ICANN in preparation for the meeting in Cancún (March 2020), a report by DG Connect on the plans of the new EU Commission to develop a European digital strategy.

ENISA: Warnings related to the Corona crisis, cybersecurity skills and artificial intelligence, Athens, March 2020

Under its new Executive Director Juhan Lepassaar, the European Union Agency for Cybersecurity (ENISA) has upgraded its activities. Mr. Lepassaar is a citizen of Estonia. Until 2019 he was Head of Cabinet for the Vice President of the EU Commission, Andrus Ansip. Before, Lepassaar was EU advisor to the Estonian Prime Minister. On 16 October 2019, he had replaced Prof. Dr. Udo Helmbrecht, who had been Director of ENISA for ten years[18].

On 24 March 2020, in the context of the Corona crisis, ENISA published a document with tips for better cyber security when working from home. It contains eleven recommendations for employers[19] and ten recommendations for employees[20]. These include keeping multiple communication channels open, not using private devices to work from the home office, using secure and preferably multi-level authentication methods, using encryption techniques and refraining from exchanging sensitive data. The document also contains warnings with regard to phishing attacks[21].

On 26 March 2020. ENISA published a White Paper on “Cybersecurity Skills Development in the EU[22]. The report provides an overview of the status of the European education system for the qualification of cyber security experts. It examines the reasons why there is a shortage of such experts in Europe and makes suggestions on how to overcome this shortage, e.g. by linking higher education more closely to the labour market. The recommendations are based on four country studies (Australia, USA, France and Great Britain). To this end, ENISA has developed a new interactive database (Cybersecurity Higher Education Database) with information on study opportunities in the EU and the associated countries Norway, Iceland and Switzerland[23].

A new field of action for ENISA is artificial intelligence. According to ENISA, artificial intelligence can be abused for criminal purposes, at the same time it can be a powerful tool to strengthen cyber security and to defend against attacks. A new group of experts shall help ENISA to find out which mechanisms and instruments are useful and necessary to enable ENISA to better perform its tasks. On 24 March 2020, ENISA published a “Call for Expression of Interest” to become a member of the group of experts. Applications are accepted until 15 April 2020. The expert group is planned to be constituted after the summer break at the latest.

Brazil-EU Cyber Security Dialogue, Brussels, 20 February 2020

On 20 February 2020, the second EU-Brazil cyber security consultations were held in Brussels[24]. The bilateral “Brazil-EU Cyber Dialogue” had started in 2017 with a first meeting in Brasilia. The long break is due to the change of government in Brazil. Being a member of BRICS, Brazil is a strategic partner of the EU in the “global south”, especially in the ongoing cyber security negotiations at the United Nations. In addition to that the 6th UN-GGE is chaired by a Brazilian diplomat, Ambassador Guilherme de Aguiar Patriota. In previously controversial issues, such as the drafting of a new instrument of international law or priority for the implementation of existing standards and support for the multistakeholder model, a rapprochement could be achieved in the consultations.

Mehr zum Thema
Q1/2020EU
  1. [1] Shaping Europe's digital future: Commission presents strategies for data and Artificial Intelligence, Brussels, 19 February 2020, „The President of the Commission, Ursula von der Leyen, said: “Today we are presenting our ambition to shape Europe's digital future. It covers everything from cybersecurity to critical infrastructures, digital education to skills, democracy to media. I want that digital Europe reflects the best of Europe – open, fair, diverse, democratic, and confident.” Executive Vice-President for A Europe Fit for the Digital Age, Margrethe Vestager, said: “We want every citizen, every employee, every business to stand a fair chance to reap the benefits of digitalisation. Whether that means driving more safely or polluting less thanks to connected cars; or even saving lives with AI-driven medical imagery that allows doctors to detect diseases earlier than ever before.” Commissioner for Internal Market,Thierry Breton, said: “Our society is generating a huge wave of industrial and public data, which will transform the way we produce, consume and live. I want European businesses and our many SMEs to access this data and create value for Europeans – including by developing Artificial Intelligence applications. Europe has everything it takes to lead the ‘big data' race, and preserve its technological sovereignty, industrial leadership and economic competitiveness to the benefit of European consumers.”in: https://ec.europa.eu/commission/presscorner/detail/en/ip_20_273
  2. [2] Communication: Shaping Europe’s digital future, Brussels, 19 February 2020, Chapter 1: Technology that Works for People: „Key actions: 1. White Paper on Artificial Intelligence setting out options for a legislative framework for trustworthy AI (adopted together with this Communication), with a follow-up on safety, liability, fundamental rights and data (Q4 2020); 2. Building and deploying cutting-edge joint digital capacities in the areas of AI, cyber, superand quantum computing, quantum communication and blockchain. European Strategies on Quantum and blockchain (Q2 2020) as well as a revised EuroHPC Regulation on supercomputing; 3. Accelerating investments in Europe’s Gigabit connectivity, through a revision of the Broadband Cost Reduction Directive12, an updated Action Plan on 5G and 6G, a new Radio Spectrum Policy Programme (2021). 5G corridors for connected and automated mobility, including railway corridors, will be rolled out (2021-2030) (2021-2023); 4. A European cybersecurity strategy, including the establishment of a joint Cybersecurity Unit, a Review of the Security of Network and Information Systems (NIS) Directive13 and giving a push to the single market for cybersecurity; 5. A Digital Education Action Plan to boost digital literacy and competences at all levels of education (Q2 2020); 6. A reinforced Skills Agenda to strengthen digital skills throughout society and a reinforced Youth Guarantee to put a strong focus on digital skills in early career transitions (Q2 2020), 7. Initiative to improve labour conditions of platform workers (2021); 8. A reinforced EU governments interoperability strategy to ensure coordination and common standards for secure and borderless public sector data flows and services. (2021), in: https://ec.europa.eu/info/files/communication-shaping-europes-digital-future_en
  3. [3] Communication: Shaping Europe’s digital future, Brussels, 19 February 2020, Chapter 2: A Fair and Competetive Economy: „Key actions: 1.A European Data Strategy to make Europe a global leader in the data-agile economy (February 2020), announcing a legislative framework for data governance (Q4 2020) and a possible Data Act (2021), 2. Ongoing evaluation and review of the fitness of EU competition rules for the digital age (2020-2023), and launch of a sector inquiry (2020), 3. The Commission will further explore, in the context of the Digital Services Act package, ex ante rules to ensure that markets characterised by large platforms with significant network effects acting as gatekeepers, remain fair and contestable for innovators, businesses, and new market entrants. (Q4 2020), 4. Propose an Industrial Strategy Package putting forward a range of actions to facilitate the transformation towards clean, circular, digital and globally competitive EU industries, including SMEs and the reinforcement of single market rules, 5. Create a framework to enable convenient, competitive and secure Digital Finance, including legislative proposals on crypto assets, and on digital operational and cyber resilience in the financial sector and a strategy towards an integrated EU payments market that supports pan-European digital payment services and solutions (Q3 2020); 6. Communication on Business Taxation for the 21st century, taking into account the progress made in the context of the Organisation for Economic Cooperation and Development (OECD) to address the tax challenges arising from the digitisation of the Economy; 7. Delivering a new Consumer Agenda, which will empower consumers to make informed choices and play an active role in the digital transformation (Q4 2020).“ in: https://ec.europa.eu/info/files/communication-shaping-europes-digital-future_en
  4. [4] Communication: Shaping Europe’s digital future, Brussels, 19 February 2020, Chapter 3: An Oüpen, Democratic and Sustainable Society: „Key Actions: 1. New and revised rules to deepen the Internal Market for Digital Services, by increasing and harmonising the responsibilities of online platforms and information service providers and reinforce the oversight over platforms’ content policies in the EU. (Q4 2020, as part of the Digital Services Act package); 2. Revision of eIDAS Regulation to improve ist effectiveness, extend its benefits to the private sector and promote trusted digital identities for all Europeans (Q4 2020); 3. Media and audiovisual Action Plan to support digital transformation and competitiveness of the audiovisual and media sector, to stimulate access to quality content and media pluralism (Q4 2020); 4. European Democracy Action Plan to improve the resilience of our democratic systems, support media pluralism and address the threats of external intervention in European elections (Q4 2020); 5. Destination Earth, initiative to develop a high precision digital model of Earth (a “Digital Twin of the Earth”) that would improve Europe’s environmental prediction and crisis management capabilities (Timing: from 2021); 6. A circular electronics initiative, mobilising existing and new instruments in line with the policy framework for sustainable products of the forthcoming circular economy action plan, to ensure that devices are designed for durability, maintenance, dismantling, reuse and recycling and including a right to repair or upgrade to extend the lifecycle of electronic devices and to avoid premature obsolescence (2021); 7. Initiatives to achieve climate-neutral, highly energyefficient and sustainable data centres by no later than 2030 and transparency measures for telecoms operators on their environmental footprint; 8. The promotion of electronic health records based on a common European exchange format to give European citizens secure access to and exchange of health data across the EU . A European health data space to improve safe and secure accessibility of health data allowing for targeted and faster research, diagnosis and treatment ( from 2022).in: https://ec.europa.eu/info/files/communication-shaping-europes-digital-future_en
  5. [5] Communication: Shaping Europe’s digital future, Brussels, 19 February 2020, chapter 3: An Open, Democratic and Sustainable Society. Chapter 4: The International Dimension- Europe as a Global Player: “Key Actions: 1. A Global Digital Cooperation Strategy (2021); 2. A White Paper on an instrument on foreign subsidies (Q2 2020); 3. A Digital for Development Hub that will build and consolidate a whole-of-EU approach promoting EU values and mobilising EU member states and EU industry, Civil Society Organisations (CSOs), financial institutions, expertise and technologies in digitisation; 4. A strategy for standardisation, which will allow for the deployment of interoperable technologies respecting Europe’s rules, and promote Europe’s approach and interests on the global stage (Q3 2020); Mapping of opportunities and action plan to promote the European approach in bilateral relations and multilateral fora (Q2 2020”), in: https://ec.europa.eu/info/files/communication-shaping-europes-digital-future_en
  6. [6] See: COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS: A European strategy for data, Brussels, 19 February 2020: In: https://ec.europa.eu/info/files/communication-european-strategy-data_en
  7. [7] See: Ibidem „5A: Key actions: 1. Propose a legislative framework for the governance of common European data spaces, Q4 2020, 2. Adopt an implementing act on high-value data-sets, Q1 2021, 3. Propose, as appropriate, a Data Act, 2021, 4. Analysis of the importance of data in the digital economy (e.g. through the Observatory of the Online Platform Economy), and review of the existing policy framework in the context of the Digital Services Act package (Q4 2020)., in: https://ec.europa.eu/info/files/communication-european-strategy-data_en
  8. [8] See: Ibidem: „5B:Key Actions: 1. Invest in a High Impact project on European data spaces, encompassing data sharing architectures (including standards for data sharing, best practices, tools) and governance mechanisms, as well as the European federation of energy-efficient and trustworthy cloud infrastructures and related services, with a view to facilitating combined investments of €4-6 billion, of which the Commission could aim at investing €2 billion. First implementation phase foreseen for 2022; 2. Sign Memoranda of Understanding with Member States on cloud federation, Q3 2020; - Launch a European cloud services marketplace, integrating the full stack of cloud service offering, Q4 2022; 3. Create an EU (self-)regulatory cloud rulebook, Q2 2022.“, in: https://ec.europa.eu/info/files/communication-european-strategy-data_en
  9. [9] See: Ibidem: „5C: The updated Digital Education Action Plan will reinforce better access to and use of data as one of its key priorities, in order to make education and training institutions fit for the digital age and equip them with the capabilities needed for making better decisions and improving skills and competences. The forthcoming European SME strategy will define measures to build capacity for SMEs and start-ups. Data is an important asset in this context, since starting or scaling a company based on data is not very capital intensive. SMEs and start-ups often require legal and regulatory advice to fully capture the many opportunities ahead from data-based business models“.In: https://ec.europa.eu/info/files/communication-european-strategy-data_en
  10. [10] See: Ibidem, 5D, in: https://ec.europa.eu/info/files/communication-european-strategy-data_en
  11. [11] See: White Paper on Artificial Intelligence: a European approach to excellence and trust, Brussels, 19 February 2020, in: https://ec.europa.eu/info/files/white-paper-artificial-intelligence-european-approach-excellence-and-trust_en
  12. [12] See: White Paper on Artificial Intelligence: a European approach to excellence and trust, Brussels, 19 February 2020, Abschnitt 5: „Seven key requirements identified in the Guidelines of the High-Level Expert Group: 1. Human agency and oversight, 2. Technical robustness and safety, 3. Privacy and data governance, 4. Transparency, 5. Diversity, non-discrimination and fairness, 6. Societal and environmental wellbeing, and 7. Accountability.“ in: https://ec.europa.eu/info/files/white-paper-artificial-intelligence-european-approach-excellence-and-trust_en
  13. [13] Experts say privately held data available in the European Union should be used better and more, Brussels, 19 February 2020: „The expert group recommends the following: 1. Member States should put in place national governance structures that support B2G data sharing; 2. recognised data steward function should be created and promoted in both the public and private sectors. The European Commission should encourage the creation of a network of such data stewards, as a community of practice in the field; 3. B2G data-sharing collaborations should be organised: a. in testing environments (‘sandboxes’) for pilot testing (‘pilots’) to help assess the potential value of data for new situations in which a product or service could potentially be used (‘use cases’), and b. via public-private partnerships. 4. the European Commission should explore the creation of an EU regulatory framework providing a minimum level of harmonisation for B2G data-sharing processes; 5. in acquiring privately held data for public-interest purposes, preferential conditions may apply in line with the updated B2G data-sharing principles…. The expert group recommends further that 6. all those involved are transparent on the B2G data-sharing collaborations in which they engage, including the data used and the impact of the collaboration; 7. the general public is made aware of the societal benefits of data sharing and is involved in the choice of public-interest challenges to be addressed through such collaborations; 8. the general public is encouraged to share their data for public-interest purposes and, to facilitate this, user-friendly data-donation mechanisms should be created and promoted; 9. the European Commission explores whether to develop ethical guidelines on data use, including for the public interest, and taking into account the Ethics guidelines for trustworthy AI; 10. Member States foster a data-literate public sector, by investing in the training and reskilling of policymakers and public-sector workers.“, in https://ec.europa.eu/digital-single-market/en/news/experts-say-privately-held-data-available-european-union-should-be-used-better-and-more
  14. [14] See: Commission Report on safety and liability implications of AI, the Internet of Things and Robotics, Brussels, 20 February 2020, in: https://ec.europa.eu/info/files/commission-report-safety-and-liability-implications-ai-internet-things-and-robotics_en
  15. [15] See: Secure 5G networks: Questions and Answers on the EU toolbox, Brussels, 29 January 2020, „The objective of the EU toolbox on 5G Cybersecurity is to identify a coordinated European approach based on a common set of measures, aimed at mitigating the main cybersecurity risks of 5G networks that were identified in the EU coordinated risk assessment report. It also intends to provide guidance in the selection and prioritisation of measures that should be part of national and EU risk mitigation plans. The ultimate goal is to create a robust and objective framework of security measures, which will ensure an adequate level of cybersecurity of 5G networks across the EU, through coordinated approaches among Member States. The approach taken is a risk-based one and solely on security grounds. This approach is in full respect of the openness of the EU internal Market as long as the EU security requirements are respected. in: https://ec.europa.eu/commission/presscorner/detail/en/qanda_20_127
  16. [16] Keynote speech by President von der Leyen at the World Economic Forum, Davos, 22 January 2020: „Data is a renewable resource as much as sun and wind. Every 18 months we double the amount of data we produce. Industrial and commercial data, 85% of which is never used. This is not sustainable. Within those data, there are hidden treasures and untapped opportunities for business and society. Europe is going to co-create a framework to allow the use of these data. It should consist of a trusted pool of non-personal data that governments, businesses and other stakeholders can contribute to. This pool will be a resource for open innovation, and bring new solutions to the market. And our scientists are already beginning to do this. We are creating a European Open Science Cloud now. It is a trusted space for researchers to store their data and to access data from researchers from all other disciplines. We will create a pool of interlinked information, a ‘web of research data'. Every researcher will be able to better use not only their own data, but also those of others. They will thus come to new insights, new findings and new solutions. This is what we call the European Open Science Cloud and we are the first in the world to do that. It is being developed in Europe for Europe and for European researchers. The idea is that once we have the rules of the game ready, then we will open this up to the broader public sector and to business as well. So that companies can come in, store the data and use the data. And the idea is that it will also open up to international players. … Pooling non-personal data will be one important pillar of our new data strategy. The other pillar is the protection of personal data. For us, the protection of a person's digital identity is the overriding priority. The individual is first and foremost a citizen – with rights and control over their lives. Be it in the physical world or the digital world – these citizens' rights have to be protected. For us, the individual is not just a mere customer or a data point among others. With the General Data Protection Regulation we set the pattern for the world. And we have to set a similar frame for artificial intelligence, too. A frame that allows for progress and research, while protecting the citizens' privacy, autonomy and personal safety. A frame that allows digital businesses to grow in Europe, provided that they comply with it. This framework will also guide international companies who want to do business in the European digital market, see https://ec.europa.eu/commission/presscorner/detail/en/SPEECH_20_102
  17. [17] See: High Level Group on Internet Governance (E02450), CNECT - DG Communications Networks, Content and Technology, Brussels, in: https://ec.europa.eu/transparency/regexpert/index.cfm?do=groupDetail.groupDetail&groupID=2450
  18. [18] ENISA says goodbye to Prof. Dr. Udo Helmbrecht after 10 years in Office, see https://www.enisa.europa.eu/news/enisa-news/enisa-says-goodbye-to-prof-dr-udo-helmbrecht-after-10-years-in-office
  19. [19] Tips for cybersecurity when working from home, ENISA, Athen, 24 March 2020: „1. Ensure that the corporate VPN solution scales and is able to sustain a large number of simultaneous connections; 2. Provide secure video conferencing for corporate clients (both audio/video capabilities). 3. All the corporate business applications must be accessible only via encrypted communication channels (SSL VPN, IPSec VPN), 4. Access to application portals should be safeguarded using multifactor authentication mechanisms, 5. Prevent the direct Internet exposure of remote system access interfaces (e.g. RDP). 6. Mutual authentication is preferred when accessing corporate systems (e.g. client to server and server to client). 7. Provide where possible corporate computers/devices to staff while on teleworking; ensure that these computers/devices have up-to-date security software and security patch levels and that users are regularly reminded to check patch levels. It is advisable that a replacement scheme for failing devices is also in place 8. BYOD (Bring your own device) such as personal laptops or mobile devices must be vetted from the security standpoint using NAC, NAP platforms. (e.g. patch check, configuration check , AV check etc.). 9. Ensure that adequate IT resources are in place to support staff in case of technical issues while teleworking; provide relevant information, e.g. on contact points, to staff. 10. Ensure policies for responding to security incidents and personal data breaches are in place and that staff is appropriately informed of them. 11. Ensure that any processing of staff data by the employer in the context of teleworking (e.g. time keeping) is in compliance with the EU legal framework on data protection.“, in: https://www.enisa.europa.eu/tips-for-cybersecurity-when-working-from-home
  20. [20] Tips for cybersecurity when working from home, ENISA, Athen, 24. März 2020: „1. Use corporate (rather than personal) computers where possible - unless BYOD has been vetted as per relevant point under Section 1 above. As far as possible, do not mix work and leisure activities on the same device and be particularly careful with any mails referencing the corona virus.2. Connect to the internet via secure networks; avoid open/free networks. Most wifi systems at home these days are correctly secured, but some older installations might not be. With an insecure connection, people in the near vicinity can snoop your traffic (more technical people might be able to hijack the connection). That having been said, the risk is not that much higher than when using public 'open networks' except for the fact that presumably people will be in the same place for a long time. The solution is to activate the encryption if it hasn't been done already and/or to adopt a recent implementation. Note that this risk is somewhat mitigated by using a secure connection to the office. 3. Avoid the exchange of sensitive corporate information (e.g. via email) through possibly insecure connections. 4. As far as possible use corporate Intranet resources to share working files. On the one hand, this ensures that working files are up-to-date and at the same time, sharing of sensitive information across local devices is avoided. 5. Be particularly careful with any emails referencing the corona virus, as these may be phishing attempts or scams (see below). In case of doubt regarding the legitimacy of an email, contact the institution’s security officer. 6. Data at rest, e.g. local drives, should be encrypted (this will protect against theft / loss of the device). 7. Antivirus / Antimalware must be installed and be fully updated. 8. The system (operating system and applications used, as well as anti-virus system) needs to be up to date. 9. Lock your screen if you work in a shared space (you should really avoid co-working or shared spaces at this moment. Remember, social distancing is extremely important to slow down the spread of the virus). 10. Do not share the virtual meeting URLs on social media or other public channels. (Unauthorized 3rd parties could access private meetings in this way“ in https://www.enisa.europa.eu/tips-for-cybersecurity-when-working-from-home
  21. [21] Tips for cybersecurity when working from home, ENISA, Athens, 24 March 2020: „Phishing scams linked to COVID-19: It is important to step up awareness of digital security during this time as we have already seen an increase in phishing attacks. Attackers are exploiting the situation, so look out for phishing emails and scams. In the current situation, one should be suspicious of any emails asking to check or renew your credentials even if it seems to come from a trusted source. Please try to verify the authenticity of the request through other means, do not click on suspicious links or open any suspicious attachments. Be very suspicious of mails from people you don't know- especially if they ask to connect to links or open files (if in doubt phone your security officer). Mails that create an image of urgency or severe consequences are key candidates for phishing - in these cases always verify via an external channel before complying. Mails sent from people you know, but asking for unusual things are also suspect - verify by phone if possible.“ In: https://www.enisa.europa.eu/tips-for-cybersecurity-when-working-from-home
  22. [22] See: Cybersecurity Skills Development in the EU, in https://www.enisa.europa.eu/publications/the-status-of-cyber-security-education-in-the-european-union
  23. [23] See: Cybersecurity Higher Education Database, in https://www.enisa.europa.eu/topics/cybersecurity-education/education-map
  24. [24] Brazil-EU Cyber Cooperation: Swinging Bridges on the Road to Stability in Cyberspace, in Council of Foreign Relations, Washington, 25 March 2020, „In the past, Brazil and the EU have been divided in their preferred approaches to developing cyber norms. While the EU advocates focusing on the implementation of existing norms and capacity building, and submitted a non-paper on capacity building to the OEWG’s first substantive meeting, Brazil prefers to adopt a legally binding instrument in the medium- to long-term to prevent the militarization of cyberspace. Yet, the OEWG second substantive meeting and Cyber Dialogue in February indicated that Brazil and the EU are equally interested in settling these disagreements. First, both agreed that international law applies to cyberspace and reiterated the importance of complementarity of the OEWG and GGE, separate tracks in the UN, in advancing stability in cyberspace. Second, both sides highlighted that ambitions for the UN negotiations must be limited to clarifying the already agreed upon norms, discussing few if any new ones, and suggesting an institutional setting for future deliberation on them. In this context, Brazil showed flexibility at the February OEWG meeting stating that while in the long-term it prefers a binding instrument, states should now focus on further developing and implementing the agreed-upon non-binding norms. In turn, Brazil’s proposal to protect the public core of the internet and electoral systems in the OEWG report was endorsed by EU members, such as Germany. Third, both sides also made a strong case for involving multiple stakeholders in the development and implementation of norms, ensuring academia, civil society, and the private sector can inform the dialogue. At the OEWG in February, the Brazilian delegate stated that “cybersecurity is an issue that requires a comprehensive, inclusive, and participatory approach, (which is) why (the) OEWG should continue a dialogue with all relevant stakeholders to ensure that its recommendations are realistic, implementable, and effective.” This was echoed by EU member states’ representatives, who expressed regret that only non-governmental institutions with prior UN Economic and Social Council consultative status were allowed to participate in both OEWG meetings, see https://www.cfr.org/blog/brazil-eu-cyber-cooperation-swinging-bridges-road-stability-cyberspace