In a first round of structured dialogue with the European Parliament, Commissioners Margrethe Vestager and Thierry Breton presented the broad outlines of their plans for the digital era on Monday 27 and Tuesday 28 January. They discussed 5G, artificial intelligence, data strategy, the digital services act and cybersecurity.
5G Network Security Toolkit. This is the first digital initiative of the von der Leyen Commission (see EUROPE 12409/9, 12345/1, 12300/5, 12222/23).
Speaking to MEPs, Internal Market Commissioner Thierry Breton said the communication, which he is due to present on 29 January, would not ban any particular player. “It is not a question of being discriminatory, but of setting strict, demanding rules. We will welcome any operator in Europe who wants to apply them on this particular network deployment, given their criticality”, said the former CEO of France Telecoms. And to underline the importance for each country, each operator, to have several suppliers in order to have the capacity to mitigate risks.
On Tuesday, the United Kingdom made public its decision to allow Huawei on its territory on a limited basis. To the great displeasure of the Americans, the Chinese equipment manufacturer will be able to operate on British territory for non-strategic infrastructures but will be excluded from the core network and certain sensitive geographical areas.
Artificial intelligence and data strategy. The Commission also intends to present a European strategy on artificial intelligence (AI) on 19 February.
“I put all my weight behind a data strategy, because you can’t have one without the other”, said Commissioner Breton before the Industry Committee. “Without going into too much detail, the subject is to focus upstream on the nature of the data that feeds an algorithm”, he suggested.
According to a December paper leaked to the press, the Commission is moving towards mandatory risk-based criteria for high-risk applications, targeted amendments to EU safety and liability legislation and new governance provisions (see EUROPE 12406/8). The paper raises two other scenarios considered less appropriate: voluntary labelling for ethical intelligence and specific obligations for the use of artificial intelligence by public administration, potentially with a temporary moratorium on the use of facial recognition technologies.
In her intervention before the Committee on Legal Affairs, Vice-President for Digital Agenda and EU Competition Commissioner Margrethe Vestager confirmed these rumours. She stated that the public sector “must be exemplary” in terms of non-discrimination, transparency and competence. “The public sphere, which finances services of public interest, must meet higher standards of transparency and accountability”, she added.
On the issue of facial recognition, Ms Vestager said that facial recognition, like biometric data, is a sensitive technology that may require different approaches to ensure that it is used “in a justified and appropriate manner”.
In response to the emerging controversy over a possible moratorium on facial recognition, with Stéphane Séjourné (Renew Europe, France) speaking in favour and Axel Voss (EPP, Germany) against, Ms Vestager said that no decision had yet been taken. “We have not finalised the white paper on artificial intelligence, but our approach to sensitive technologies is cautious. We are hoping for a broad discussion”, she continued, noting that there are areas where these technologies could be useful.
Asked by German MEP Sergey Lagodinsky (Greens/EFA) about the criteria to be used for high-risk applications, the Commissioner said it depended on the application, the sectors or whether humans were involved. “How can you distinguish that? We don’t have an answer yet”, she admitted.
Mr Breton did suggest that health should be considered a high-risk area. The leaked document also refers to transport and the judicial police.
Digital Services Act. This is THE real initiative expected in 2020 in the digital sector and which will address in particular the roles of platforms (see EUROPE 12364/3).
But in this regard, Vice-President Vestager remained relatively evasive, indicating that the Commission’s teams had so far focused on AI and data.
Does the Commission intend to review the principle of limited liability of platforms, asked Tiemo Wölken (S&D, Germany)? “I don't know yet. We’re not there yet, it’s too early”, Ms Vestager said.
Cybersecurity. According to the draft work programme for 2020 and as confirmed by Mr Breton in the European Parliament, the Commission should review the Network Security Directive (NIS), applicable since 9 May 2018.
“By 2025, 80% of data will be stored across the European continent and no longer just in data centres or in the cloud. It is this change that will change the paradigm by increasing the surface area of attack. And that requires a review of the NIS directive”.
The Directive (2016/1148) in question provides for reinforced obligations for operators of so-called essential services (see EUROPE 11347/8). (Original version in French by Sophie Petitjean)