EuroISPA Monthly Report – March 2025

SUMMARY 

March and early April have seen significant movement in the EU’s push for digital sovereignty, as tensions with the U.S. escalate over trade and tech policy. The EU is ramping up efforts to reduce its reliance on American tech giants, with proposals for a digital services tax to fund a European “sovereignty fund” aimed at building alternatives to U.S. platforms. The Commission is also exploring consolidating data legislation to simplify regulations and foster innovation. Meanwhile, calls for investing in European cloud infrastructure, AI, and semiconductor production are gaining traction, reflecting a broader strategy to strengthen Europe’s digital autonomy. As you will read further in this edition, these developments signal an intensifying debate and growing momentum for reshaping EU digital policy in the face of shifting global dynamics. 

ONLINE CONTENT 

Commission reassures about the ongoing data collection on the Recommendation on combating online piracy of sports and other live events  

During a meeting at the European Parliament, Sabina Tsakova, Deputy Head of the Copyright Unit in DG CNECT, provided insights regarding the monitoring of the 2023 Recommendation on combating online piracy of sports and other live events, whose assessment is expected by 17 November 2025. 

The Commission is looking at how unauthorised retransmission has evolved, what is the volume within the Member States, whether there a prompt treatment of notices by the different market players, the use of dynamic injunctions and the availability and awareness raising of the legal offer.  

There will be a second data collection exercise in the next months that will cover the beginning of 2025. The dedicated network of national authorities under the EUIPO Observatory will also convene a third meeting at the end of April.  

Representatives of EuroISPA Board will attend in person the EUIPO Conference in Alicante on 30 April. 

Latest reports under DSA Code of Conduct on Disinformation were released 

The latest reports from the signatories of the Code of Conduct on Disinformation have been published at the end of March. These detail the signatories’ actions taken under the code to combat the spread of disinformation online and their responses to ongoing crises such as the war in Ukraine and the Hamas-Israel conflict, as well as the measures they took to ensure the integrity of elections, including in the context of the Romanian presidential elections. The Code of Conduct will serve as a relevant benchmark for determining DSA compliance under Article 35 from 1 July 2025, following the entry into effect of its conversion in the DSA.  

The Commission promises not to duplicate the DSA in the DFA to protect minors  

Maria-Myrto Kanellopoulou, Head of Unit in DG JUST, assured the European Parliament at the beginning of April that the future Digital Fairness Act (DFA) will extend its rules for the protection of minors to other online services, since platforms are already tackled by the DSA. Besides protection of minors, the Commission is also considering new rules on influencer marketing. Prabhat Agarwal, the Head of Unit at DG CNECT responsible for implementing the DSA, emphasized the importance of upcoming “soft law,” particularly the guidelines on the protection of minors expected by the summer. 

The steering group dedicated to the future Digital Fairness Act is expected to be formalised in the coming weeks, while the public consultation is due to be launched at the end of May, around the annual consumer summit scheduled for 20 May. The proposal is expected in mid-2026. 

CSAM Proposal Shifts Further Toward Voluntary Detection 

EU governments are reviewing a revised draft of the CSAM regulation that reinforces a voluntary-only approach to detection, dropping the controversial mandatory scanning obligations. The updated text, dated April 4, clarifies that providers like WhatsApp and Signal are not required to scan for child sexual abuse material (CSAM), with detection possible only if done voluntarily. It also safeguards end-to-end encryption, stating the regulation cannot be used to weaken or bypass it. The new draft removes risk categorization requirements to cut administrative burden and streamlines enforcement by relying on existing national rules. It retains the Commission’s review clause to assess the feasibility of mandatory detection after three years, including an evaluation of detection technologies and false positive risks. The updated compromise marks a continued stalemate in Council, despite the European Parliament having finalised its position back in 2023. 

DATA ECONOMY 

Commission presents the Continent AI Action Plan and launches two public consultations 

On 9 April, the European Commission presented its ‘AI Continent Action Plan’ aiming at promoting initiatives around five key areas: Computing infrastructure, Data, Development of algorithms and fostering AI adoption, Skills, Regulatory simplification.  

Alongside the release of the strategy, the EC launched two public consultations on the AI Apply Strategy (deadline: 4 June) and the Cloud and AI Development Act (deadline: 4 June). On the latter, the issues to be tackled are, among others, the unfavourable conditions for the private sector to close the available data centre capacity gap in a way that prioritises highly sustainable solutions and the lack of a competitive EU-based offer of cloud computing services at sufficient scale to serve highly critical use cases with particularly high security needs. 

The Commission is considering five possible policy options, among which non-legislative, soft regulation and regulation. The initiative is expected to land in Q4 2025 / Q1 2026. 

Moreover, a Call for expression of interest on AI Gigafactories (deadline: 20 June) was released. 

EU Democracy Shield consultation opens 

The consultation on the Democracy Shield initiative opened on March 31 (deadline: 16 May). The shield will include measures to fight disinformation, foreign interference and to promote integrity of elections, societal resilience and citizens’ participation to democratic processes.  

During an exchange of views with the dedicated committee in the European Parliament, Commissioner McGrath did not exclude that the findings and recommendations present in the Shield (expected in the third quarter of 2025) will lead to a legislative proposal. 

CYBERSECURITY & INFRASTRUCTURE 

Sovereignty Push Reshapes EUCS Debate 

Momentum is building within the EU toward embedding sovereignty considerations into the EU Cybersecurity Certification Scheme for cloud services (EUCS), as political winds shift in favour of limiting reliance on non-European providers. The European Commission’s new internal security strategy hints at supporting “Europe-only” preferences, encouraging critical sectors to weigh not just technical but also strategic risks and dependencies when choosing cloud services — a nod to long-standing calls from France and others to restrict hyperscalers like Amazon, Microsoft, and Google from the most sensitive sectors. 

Meanwhile, the launch of the Commission’s consultation (deadline: 4 June) on the upcoming Cloud and AI Development Act reinforces this trend, directly questioning the influence of third-country tech providers and risks of vendor lock-in. National governments are also pivoting: the Netherlands, historically U.S.-cloud friendly, has now committed to building a sovereign government cloud by 2028, citing the need to safeguard sensitive data and digital continuity amid geopolitical uncertainty. With these developments, pressure mounts on the Commission to break the EUCS deadlock and favour sovereignty-aligned certification requirements. 

EU cable stakeholders urge for subsea infrastructure security 

Telecom operators and subsea cable stakeholders, including Orange, Telefónica, Telenor, Vodafone and more, have called on the EU, UK and NATO to enhance coordination on protecting subsea infrastructure, warning that rising hybrid threats pose significant risks to Europe’s digital resilience, economic stability and defense preparedness. In an open letter, the group endorsed the EU’s Action Plan on Cable Security but stressed the need for stronger public-private cooperation, increased funding, and faster implementation of protective measures. 

Commission announces upcoming International Digital Strategy 

The European Commission has announced an upcoming consultation on the International Digital Strategy with an adoption planned for the Second Quarter of 2025. To be titled “Strengthening the EU’s leadership in Global Digital Affairs”, should be issued on 6 May in the form of a non-legislative initiative. The paper will explain how reinforcing the EU’s security, tech sovereignty, democracy and competitiveness require efforts both in internal markets and with international partners. While the exact scope of the strategy remains unclear, it is expected to cover internet governance and cybersecurity. However, the level of emphasis on internet governance remains uncertain: there are concerns that it may receive limited attention, as questions such as the WSIS+20 review and the IGF mandate have yet to be clarified. 

Commission announces the 5GMEC4EU project driving 5G and edge computing 

Funded under the CEF Digital programme, the 5GMEC4EU is a Coordination and Support Action that will contribute to building a cohesive European 5G ecosystem. The action will integrate Multi-access Edge Computing into 5G Smart Communities and 5G Transport Corridors to ensure service continuity, cross-border seamless connectivity and open standards. 

D9+ Ministerial Declaration on digital technology and connectivity 

Following the D9+ Ministerial Meeting that took place in Amsterdam on 26-27 March, a leak of the Ministerial draft declaration calls the EU to ‘increase its digital competitiveness and tech sovereignty in an open manner’ through increased private investments and public-private partnerships. The declaration highlights a strategic approach to key technologies like AI, cloud and connectivity, while simplifying EU rules to foster innovation. 

The D9+ group includes the Ministers of the Netherlands, Denmark, Estonia, Ireland, Luxembourg, Poland, Portugal, Slovenia, Spain, the Czech Republic, Sweden, Belgium and Finland, yet the draft doesn’t detail which countries are to sign up to the final declaration. 

Commission opens the Cybersecurity Act consultation  

As mentioned last month, the Commission has now opened the consultation on the Cybersecurity Act. The initiative will revise the Cybersecurity Act, clarify the mandate of the EU Agency for Cybersecurity (ENISA) and improve the European Cybersecurity Certification Framework to achieve better resilience. The initiative also aims to streamline, simplify and supplement EU legislation to make the implementation of the EU cybersecurity framework more user and business friendly and to prioritise measures to support the EU objectives of developing a secure and resilient supply chain, including the EU cybersecurity industrial base. The feedback on the draft regulation is open until 20 June 2025. 

MISCELLANEOUS 

EU-US Trade Tensions: Digital Tax and Sovereign Tech Push 

April marked a significant chapter in the EU-US trade tensions, starting with former President Trump’s announcement of a 20 percent tariff on all EU goods, which was later dialled back to 10 percent after market reactions. In response, the European Commission, led by President Ursula von der Leyen, paused retaliatory measures to allow for negotiations, but tensions remained high. The EU’s countermeasures are expected to target the tech sector, where Europe holds substantial leverage over the U.S. Amid these developments, the French government proposed stricter regulations on U.S. tech firms’ data handling and even floated the idea of taxing digital services, though opposition emerged, particularly from Ireland. 

In parallel, EU efforts to reduce reliance on U.S. technology gained momentum, with proposals for increasing local cloud infrastructure, semiconductor production, and AI development. This includes revisiting the “fair share” concept, which would require major tech providers to contribute to network rollout costs. As part of this push, the EU is also exploring digital taxation options, with discussions around a European Digital Sovereignty Fund that could fund initiatives to reduce dependency on U.S. firms. The Digital Networks Act, currently under discussion, may offer a renewed opportunity for this proposal. Meanwhile, the European Parliament continues to engage in high-level talks in Washington, signalling that despite the tensions, transatlantic cooperation remains ongoing. 

European Socialists present plan on a Gafam tax 

On April 10 the S&D group presented their plan to fight ‘tech oligarchs’. The S&D proposes six actions to ‘protect Europeans online’, which are intended to serve as the basis for an agreement with other pro-European groups. Among these actions, they propose a new tax on digital services, intended to feed the Commission’s own resources, and ultimately a European “tech sovereignty fund.” This fund is to be used to build infrastructure “rooted in European values,” ranging from decentralized social networks to cloud services. This vision appears to be compatible with that of EuroStack, according to MEP Alex Agius Saliba. This tax, which is to resume work abandoned several years ago in Brussels, could apply to both consumer services (advertising and social networks) and business services. “It’s the right political moment” to revisit it, in the face of the Trump administration”, believes Alex Agius Saliba, who also plans to favor European players in public procurement.  

Berlin joins the Digital Sovereignty club  

The Christian Democrats of future Chancellor Friedrich Merz and his Social Democratic coalition partners reached a programmatic agreement on April 9. Its digital component emphasises regulatory simplification and, in a sign of the times, digital sovereignty, a topic that is usually not very popular in Germany, reports Contexte.