Digital Brief: DMA agreement, Privacy Shield in principle, DSA pitches

The Digital Brief is EURACTIV's weekly tech newsletter.

Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here


“Today’s agreement is the beginning of a new era for tech regulation worldwide. The Digital Markets Act puts an end to the ever-increasing dominance of big tech companies.”

Andreas Schwab, the leading negotiator for the European Parliament on the Digital Markets Act (DMA)


Story of the week: As expected, EU institutions have reached a final agreement on the DMA, setting in stone the new rules intended to curb the power of Big Tech. As anticipated by EURACTIV, MEPs managed to get their way in requesting stricter obligations for the gatekeepers, in exchange for giving member states what they wanted in terms of enforcement and governance, traditional pain points for governments.

Lawmakers obtained the interoperability of messaging services, which the gatekeeper will have to provide within three months from the receipt of a request. Within two years from the designation, gatekeepers will need to ensure interoperability for encrypted messages, photos, voice messages and attachments. End-to-end encrypted calls, video calls and group chats are to follow within four years. The interoperability of social media was a red line for the Presidency, but MEPs obtained that the Commission will look into it in the next review. Moreover, the basic functionalities are a minimum that could be extended in the future.

The ban on targeted advertising for minors was officially moved to the DSA, as publicly acknowledged by French state secretary Cedric O. Choice screens were also included for virtual assistants and web browsers provided by the same gatekeeper that provides the operating system. On sideloading, the security measures were taken from the Council’s position.

The Parliament scored major victories also in terms of scope. The thresholds were raised to €7.5 billion in annual turnover and €75 billion in market capitalisation. Virtual assistants and web browsers were also included in the list of core platform services. In terms of systematic non-compliance, the definition was set to three infringements in eight years, and the provisions on a temporary ban on killer acquisitions were added. No minimum fine was set, but the maximum was raised to 20% in the case of repeated breaches of the same obligation. A question that remains to be seen is the text on the possibility for gatekeepers to rebut their designation, which was limited upon request from the Parliament.

The application of fair, reasonable and non-discriminatory conditions (FRAND) was extended from app stores to social media and search engines. However, as revealed by EURACTIV yesterday, the publishers managed to insert a last-minute amendment to obtain an extension of FRAND to the remuneration of online content and a dispute resolution mechanism with the support of the French Presidency. Asked by EURACTIV about it, Cedric O made a parallel with the telecom networks, where if someone has the monopoly of the infrastructure they are obliged to give access to others. MEPs were not happy about it, but the amendment was included eventually.

The original timeline of six months for entering into force and six months for the compliance was maintained. The veto power of the Commission on national probes, a red line for countries like Germany, was removed. “This is all about implementation now,” said Cristina Caffarra, a senior consultant for Charles River Associates, noting that the DMA “comes out of the total utter failure of enforcement.” While the Commission could blame past antitrust failures on regulatory inadequacy, it is now bound to keep up with the huge expectations raised by the DMA. Asked at a press conference which sort of arrangement the EU executive envisaged, Vestager said that was “internal kitchen details” still in the making. Two more technical meetings are scheduled for next week to iron out the text. Read more.


Don’t miss: US President Joe Biden and European Commission President Ursula von der Leyen announced in a joint press conference that they reached a political agreement on international data transfers. The announcement is expected to provide a political boost for reaching a final agreement – however, this might still be months away. While publicly welcoming the agreement, industry stakeholders that have been vocally calling for the EU and the US to bridge their differences are left to wonder if anything has even changed. The possibility that negotiations eventually break down has been made impossible now, but the political announcement might just put more pressure on the technical level – who knows with what results. Meanwhile, Max Schrems readies to fight anything short of a change to the US security laws in court and accuses Washington of using the Ukrainian crisis to push its agenda. However, an expert noted that the mood around privacy might have changed in the US, with more and more states passing their own data protection laws and similar legislation coming from China and India. Read more.


Also this week

  • The French Presidency is seeking a partial new mandate ahead of the DSA trilogue next Thursday
  • The European Commission pitched a crisis management mechanism and supervisory fee in the DSA
  • The AIDA special committee adopted its final report
  • The EU’s Court of Justice ruled that member states can apply private copying levy to cloud services

Before we start: London has been working on several laws and initiatives with potentially profound implications for its data protection regime. We discuss how these different pieces might come together and impact the EU’s data adequacy decision with Robert Bateman, head of content at GRC World Forums, and Wayne Cleghorn, CEO and Practice Director at Privacy Solved.

The UK’s post-Brexit data policy

London has been working on several laws and initiatives with potentially profound implications for its data protection regime. We discuss how these different pieces might come together and impact the EU’s data adequacy decision with Robert Bateman, head of content …

Artificial Intelligence

AIDA test bench. The parliamentary committee AIDA, established in 2020 to analyse the societal impacts of AI, has concluded with the publication of its own-initiative report. The AIDA report, adopted with a vast majority, emphasises the importance of the EU’s role in setting global standards for AI and contains the committee’s Roadmap for AI, a series of policy recommendations for the next decade covering areas including sustainability, cybersecurity and research. It also outlines the potential systemic risks of AI, including its deployment by law enforcement and the military. The exercise provided a testing bed for the upcoming AI Act as most of the main actors were involved, with some cross over with the upcoming regulation. Read more. 

Speaking of AI and the military. A drone that identifies targets using AI has apparently been deployed in Ukraine by Russian forces. The weapon, which crashes into its targets, detonating the explosive device it carries, does not appear to be widely used in the conflict, but its appearance has reignited discussion about the incorporation of these kinds of autonomous technologies into warfare. A UN report last year indicated that technology that decides who to attack of its own accord may have already been deployed in the Libyan civil war; despite uncertainties around the actual capabilities of existing weaponry in this regard, concerns remain about what developments the future could hold.


Cloud included. Member states can apply the private copying levy to cloud storage services, the EU’s Court of Justice (CJEU) ruled on Thursday, with the caveat that the balance between the remuneration for authors and fair participation for users must be respected. The levy, introduced by the Copyright Directive, grants authors, artists and publishers compensation for the free use of their works. The court’s ruling and the details of the obligation, a lawyer told EURACTIV, will likely open the doors for many complex disputes between cloud providers and creators. Read more.


EU role model. The Commission on Monday proposed a Cybersecurity Regulation and Information Security Regulation to set up common standards for EU institutions, bodies, offices and agencies. The Cybersecurity Regulation will establish a framework for risk management and create an inter-institutional Cybersecurity Board to strengthen resilience and responsiveness. On the information security side, a minimum set of standards to be followed by all EU bodies will be launched to provide the environment for a more secure exchange of information between them. Bart Groothuis, the MEP leading on NIS2, has long been calling for such an initiative, since the revised directive will not cover international institutions like the EU. “All EU institutions have been attacked by nation-states and others, so it’s not a minute too early to bolster EU’s cyber defence posture,” said Groothuis, calling for nothing short than a military-grade security posture.

Digital skills

Skills/gender gap. Industry stakeholders have emphasised the need to rethink education in order to tackle gender and skills gaps in digital industries. Reassessing the way in which STEM and ICT subjects are taught in schools, and ensuring that teachers are equipped with the knowledge to help students, will be essential to encouraging more girls to pursue the subjects and achieving the EU’s digital skills targets. Read more.

Cyber skills. Microsoft is expanding its cybersecurity skills campaign to cover 23 more countries, after a national programme was launched in the US in October last year. The additional countries have been identified as facing an elevated risk of cyberthreats as well as having significant gaps in their defences. With cyberthreats on the increase, the new programme will work to train more cybersecurity professionals with a particular focus on recruiting traditionally excluded groups, including women, into the workforce.

Digital Services Act (DSA)

New mandate. The French Presidency is seeking a revised mandate from the EU Council for the first three chapters of the DSA, in preparation for the third political trilogue. According to internal documents seen by EURACTIV, France is looking to obtain the mandate the day before the high-level meeting on Thursday. However, several EU countries seem concerned that the Presidency may be seeking to implement last-minute changes that are not supported by the wider group, and called for sticking to the general approach to the legislation. Read more.

Crisis management & supervisory fee. The Commission pitched a number of proposals on a crisis management mechanism and supervisory fee for very large online platforms (VLOPs) to member states this week. On crisis management, the EU executive suggests the addition of crisis response triggers to complement existing anticipatory and voluntary crisis features, a move that empowers the EU executive to mandate VLOPs to undertake risk assessments and act to mitigate any threats identified. For the supervisory fees proposal, the Commission explained they will come up with a methodology to estimate the costs and that the charged fees could only be used to cover the supervisory tasks. Read more. 

Industrial strategy

Yes Minister, No Minister. The division of responsibility for digital issues is just one of the issues dividing contenders in the upcoming French elections. Some, such as socialist Anne Hidalgo and right-wing Valérie Pécresse are pushing for a simplified structure via the creation of an autonomous digital ministry to ease the handling of what has become a cross-sectoral subject. Others, however, such as radical-left wing candidate Jean-Luc Mélenchon, argue that designating a whole ministry to tackle digital issues alone is not a priority. Read more.


No longer welcome. News agency Reuters has removed Russian news agency TASS from its business-to-business marketplace following criticism over how the state-owned media has been covering the war in Ukraine. The agency has been accused of spreading propaganda and false claims about the conflict and in an internal memo to staff this week, Reuters’ interim CEO said that making its content available on Reuters was not aligned with the agency’s trust principles.Read more. 

Euronews banned. Russia has banned news outlet Euronews from broadcasting in the country over its coverage of the war in Ukraine. Euronews, the website of which is also now blocked in Russia, rejects the government’s allegations that it is spreading “fake news” about the conflict and calling on citizens to protest and condemned the restrictions that have been placed on freedom of speech in the country since the invasion last month. It has also called for Russia to uphold Article 19 of the UN’s Universal Declaration of Human Rights by unblocking its platform and allowing people to “receive and impart information and ideas through any media”.


Extremist Meta. A court in Moscow ruled that Meta was guilty of “extremist activity”, but allowed WhatsApp to continue operating in Russia. The company’s other platforms, Facebook and Instagram, have already been banned in the country; the former in response to the restriction of access to Russian state media accounts and the latter in response to a policy change which allowed for users in some countries to call for violence against Russian soldiers. Given the exemption of WhatsApp from the retaliation, the implications of this week’s ruling were not immediately clear and while Meta has pushed back against the conclusion, whether it will appeal the decision remains to be seen. Read more.

Research & Innovation

Support for Ukraine’s researchers. The Commission has launched an online portal collating information on jobs, funding and other key resources for researchers based in and fleeing from Ukraine. The portal is the latest to be added to the EURAXESS network, which brings together information from EU member states and countries affiliated with Horizon Europe. The move comes as part of broader efforts to support Ukrainian researchers impacted by the war and follows the Commission’s decision earlier this month to suspend research cooperation with Russian institutions and halt the funding of existing projects. Read more.


What else we’re reading this week:

Inside Ukraine’s online defence: the battle against Moscow’s cyberattacks (FT)

DIY Volunteers Are Repairing Ukraine’s Destroyed Internet Infrastructure (Vice)

Former TikTok content moderators file lawsuit over ‘psychological trauma’ (TechCrunch)


[Edited by Nathalie Weatherald]

Subscribe to our newsletters