Cybersecurity in the EU: Milestones, Challenges, and the Road Ahead

/in , ,

The past year has brought several significant developments at EU level both in the Cybercrime and Cybersecurity field.

The adoption of the European Commission’s flagship project, the e-Evidence Regulation, in the summer of 2023, was a significant milestone given the ongoing discussions on the topic since 2017. For the first time, law enforcement authorities will now be able to directly address service providers established on the territory of a different Member State. The focus will now be on the technical implementation of the Regulation in the Member States, where new challenges will be posed by the EU-wide harmonisation of the national technical platforms for the secure exchange of data between law enforcement authorities and service providers via a decentralised IT-system.

Another central topic is the importance of encryption. The initial proposal on the Regulation to combat child sexual abuse stipulated detection measures that would have significantly undermined the use of end-to-end encryption in communication services. This provoked a huge wave of criticism showing that secure communications are also important to the broader public. This response ultimately led the European Parliament to explicitly exclude end-to-end encrypted communications from the scope of the Regulation.

At EU Member State level, the implementation of the NIS-2-Directive is still ongoing and will require substantial efforts by the affected companies, especially those that have not been subject to any cybersecurity requirements until now. On the other hand, providers of electronic communication networks and services are already under a sector-specific security regime as part of the European Electronic Communication Code. It will therefore be important that the national implementation of the NIS-2-Directive take into account the already existing security concepts in this sector and only stipulate additional measures where these would in fact lead to a higher level of security.

A political agreement on the Cyber Resilience Act has been reached, which harmonises cybersecurity standards for products and software with digital components and will also assist providers under the NIS-2-Directive to ensure supply chain security. Finally, it must be noted that the enormous frequency of new legal acts in the field of cybersecurity in recent years poses major challenges for the companies affected by them, as their internal processes must constantly be adapted, and it is often hard to find the necessary skilled workers to implement new requirements. With this in mind, along with the new mandate coming up this year, the focus of the upcoming European Commission should be on the smooth implementation of these legal acts rather than on new proposals.

Andreas Gruber
Former Chair of the EuroISPA Cybercrime & Cybersecurity Committee

Navigating the future: regulatory streamlining of electronic communications in the European Union

/in , ,

Over the next five years, the European Union (EU) is poised to witness a transformative era in the development of electronic communications networks. This period is anticipated to be marked by a concerted effort to modernise the existing infrastructure and reduce barriers to the construction of advanced VHCN networks. The so-called GIA legislation is trying to focus on harmonisation across Member States and reduce bureaucratic procedures. The question we must ask is “Will that be enough?”.

Any harmonisation effort should primarily target regulatory framework, aiming to streamline and simplify the procedures for network development. This will involve revising existing regulations and possibly introducing new ones to address the evolving landscape of electronic communications. The goal is to eliminate unnecessary bureaucratic hurdles that currently impede progress and innovation. By doing so, the EU intends to foster an environment conducive to investment, innovation, and rapid deployment of advanced networks like 5G and beyond.

A significant part of this harmonisation will be the standardisation of technologies and protocols. This will ensure interoperability of networks and services across the EU, enhancing the user experience and promoting a more connected European digital market. It’s not just about enhancing speed and bandwidth; it’s also about ensuring reliability, resilience, and security of these networks, especially in the wake of increased cyber threats.

Alongside these developments, there will be a strong emphasis on the formulation of clear and fair rules for data privacy in the digital space, especially data retention. The EU recognises the need for law enforcement agencies to access certain types of data for security purposes. However, this need must be balanced against the fundamental rights of individuals, particularly their right to privacy and data protection. This framework will aim to provide clarity and certainty for both law enforcement agencies, telecommunication service providers and providers of information society services, as well as protect the privacy rights of EU citizens. The future of electronic communications network development in the EU will be characterised by a drive towards harmonisation to reduce barriers for building new infrastructure and a focus on setting clear, human rights-centred rules for data protection in the digital space. These efforts will be critical to ensure that the EU remains at the forefront of digital innovation while safeguarding the rights and freedoms of its citizens.

Jaromir Novak
Partner for Regulatory Affairs, CZ.NIC

EuroISPA publishes Position Paper on Data Retention

/in , ,

Data retention frameworks refer to the regulation of what data should be stored or archived, where that should happen, and for exactly how long. The obligation of data storage stems from the possibility of law enforcement authorities to request such data to Electronics Communications Services Providers at any time.

In light of the current discussions within the High-Level Group on access to data for effective law enforcement, EuroISPA has published this Position Paper on Data Retention. This paper is a testament to EuroISPA’s collective dedication to identifying the practical, operational and economic consequences and challenges of data retention at both the national and cross-border level.

Allowing law enforcement authorities to prevent and prosecute serious crimes needs while safeguarding the fundamental rights of users and electronic communications services providers is not an easy task, as shown by several rulings of the Court of Justice of the EU. EuroISPA has put together a list of imperative requirements to provide guidance on how to achieve the right balance between the interests and obligations of all parties involved.

EuroISPA, a pan-European association which represents over 3,300 Internet Services Providers (ISPs), works to advocate for the needs both of the wider industry and of users. This position paper is one example of how the association’s members work together to draft recommendations for EU policy makers that can be implemented by the industry in order to tackle the issue at hand.

Read the paper

EuroISPA General Meeting in London: a recap

/in , , , ,

London, March 14-15, 2024

EuroISPA travelled to London on March 14-15 for the first General Meeting on 2024, gathering Council and Forum members, Board Officers and Secretariat, kindly hosted by our member LINX.

On the agenda were topics such as the future of GDPR, the state of the CSAM discussions, our work on piracy of live content, implementation at national level of the DSA, e-Evidence and NIS 2, as well as fruitful exchanges on AI and copyright or the new Commission’s White Paper “How to master Europe’s digital infrastructure needs?“.

Participants also had the chance to discuss the state of our growing membership base, our ongoing work for the European elections, positions on different topics, the new Committees structure, and more.

Most notably, the members unanimously endorsed EuroISPA’s first Position Paper on Artificial Intelligence, that marks the first step and sets the tone of EuroISPA’s increasing work on Artificial Intelligence. You can read the paper here.

The General Meeting also brough about some internal changes in the way of working of the Association. EuroISPA’s Committees, the hub of our policy work, have been undergoing some restructuring and the new configuration of the Committees and the appointment of new Committee Chairs was approved by the Members in London:

  • The Online Content Committee covers topics such as online content moderation, DSA, CSAM, and piracy of live content. The Committee Chair is Alex de Joode (AMS-IX)
  • The Data Economy Committee deals with issues such as data protection, emerging tech, AI, and copyright. The Committee Chair is Oliver Süme (eco)
  • The Cybersecurity & Infrastructure Committee covers from infrastructure to connectivity, including a potential Digital Networks Act and cooperation with law enforcement, for example on e-evidence. The Committee Chair is Paul Guinard (FFTélécoms).

Read more about the work of our Committees here.

Finally, we had the pleasure of welcoming three guest speakers:

  • Professor Vanessa Franssen from the University of Liege to exchange on our work on data retention and the collaboration between service providers and law enforcement authorities in the context of the High Level Group on Law Enforcement Access.
  • Owen Bennett from Ofcom, the UK’s Communications Regulator, on the Online safety Act and Ofcom’s regulatory approach and alignment with the EU’s Digital Services Act.
  • Christopher Oldknow from our Industry Forum member Amazon on copyright, covering key milestones and relevant trends.
Vanessa Franssen
Vanessa Franssen
Vanessa Franssen
Chris Oldknow
Chris Oldknow
Chris Oldknow

EuroISPA publishes Position Paper on Artificial Intelligence

/in , ,

In the wake of the approval of the Artificial Intelligence Act (EU AI Act) by the European Parliament, EuroISPA publishes its Position Paper on Artificial Intelligence. This paper is a testament to EuroISPA’s collective dedication to shaping a future where AI serves as a force for good, and highlights principles that should be considered for current and future regulatory frameworks on AI, including by the European Union.

EuroISPA, a pan-European association which represents over 3,300 Internet Services Providers (ISPs), works to advocate for the needs both of the wider industry and of users. This position paper is one example of how the association’s members work together to draft recommendations for EU policy makers that can be implemented by the industry in order to tackle the issue at hand. This paper reflects our commitment to establishing a harmonised and globally accepted framework that encourages innovation, upholds ethical standards, and mitigates potential risks associated with AI deployment.

Read the paper

What does Artificial Intelligence mean for the Internet Industry, now and in the future?

/in , ,

Today, the European Parliament is holding the final vote on the Artificial Intelligence Act (AI Act), which proposes groundbreaking regulations for the use of artificial intelligence in the EU. In this context, EuroISPA Vice-President Lars Steffen illustrates how Artificial Intelligence will fundamentally change the landscape of the Internet industry

Artificial Intelligence (AI) is fundamentally changing the landscape of the Internet industry, ushering in a new era of efficiency, personalisation and innovation. In recent years, AI has become a cornerstone of many Internet-based services, influencing everything from search algorithms to customer service interactions. Its impact is not only transformative, but also indicative of the future trajectory of the Internet industry.

One of the most noticeable changes brought about by AI is the improvement of the user experience. From content recommendations on streaming platforms to personalised search results, AI algorithms are analysing vast amounts of user data to tailor online experiences. Not only does this keep users engaged, but it also fosters a sense of connectedness as the Internet becomes more attuned to individual preferences. This is why European copyright law must continue to be adapted to the digital age, and why excessive liability of ISPs for AI-generated content must be avoided.

AI also plays a key role in cybersecurity within the Internet industry. As online threats become more sophisticated, AI-powered systems have become particularly adept at detecting and preventing cyberattacks. Machine learning algorithms can analyse patterns and anomalies in real time, providing robust defences to protect sensitive data and ensure the integrity of online platforms.

Looking ahead, the Internet industry will see even more profound changes driven by AI. The emergence of advanced natural language processing and understanding is likely to revolutionise human-computer interactions. Conversational AI, chatbots and virtual assistants will become more sophisticated, enabling seamless communication between users and online platforms. In addition, AI-driven automation will continue to streamline various aspects of the Internet industry. From content creation and curation to logistics and supply chain management, automation will optimise efficiency and reduce costs. This will not only benefit businesses, but also contribute to a faster and more responsive Internet ecosystem.

However, these advances come with certain challenges, such as ethical concerns around data privacy and the potential for job displacement. Striking a balance between innovation and the responsible use of AI will be crucial for the sustainable growth of the Internet industry. AI is a global technology with a wide range of applications, some of which are not yet foreseeable, which means that clear assessments of the opportunities and risks in certain application areas are not always possible. In this respect, the ex-ante regulation of use cases cannot address the complexity of AI and its applications and risks weakening Europe’s capacity for innovation.

It is clear that the symbiotic relationship between AI and the Internet industry is reshaping the digital landscape. Challenges remain, but the future holds the promise of an Internet ecosystem that is smarter, more responsive and more attuned to the needs of its users. Embracing these changes with a thoughtful and balanced approach will be key to realising the full potential of AI in shaping the future of the European Internet industry.

Lars Steffen
EuroISPA Vice-President
Head of International, Digital Infrastructures and Resilience at eco – Association of the Internet Industry

EuroISPA Annual Policy Report 2023 – Brussels Outlook 2024

/in , ,

EuroISPA is delighted to present to you its Annual Policy Report 2023 – Brussels Outlook 2024, which contains an overview of the Association’s main activities of 2023, a presentation of what’s ahead in 2024, and dedicated insights on its policy focus areas.

In 2023, EuroISPA and its committees were busy bringing their work forward on a number of key policy areas for European ISPs, and contributed to shaping the debate around policy files in the fields of online content, data economy, cybersecutiy and infrastructure.

But other than EuroISPA’s work in the past year, this report will dive into our recommendations for an innovative and fair European Internet ecosystem with our Manifesto for the 2024 European Elections, and will give an outlook on what the EU policy landscape holds in the coming months.

Our officers, committee chairs and members give insights into current topics of relevance for ISPs such as combating online piracy, the impact of Artificial Intelligence, cybersecurity in the EU, the future of connectivity, the EuroISPA community, and much more.

Once again, EuroISPA is happy to have worked alongside our members with the goal of contributing to the development of the sector to ensure its safety and sustainability.

We hope that you enjoy reading our Annual Policy Report 2023 – Brussels Outlook 2024!

Read the full report

A Week of Collaboration and Insights: EuroISPA’s Recent Activities

/in , ,

Brussels, February 1st-2nd, 2024

EuroISPA’s office has been buzzing with activity over the past week. From internal meetings to engaging discussions with members and industry stakeholders, the association has been actively shaping its strategy and addressing crucial issues in the dynamic landscape of the EU Internet industry.

EuroISPA Industry Forum Meeting

For the first time in 2024, EuroISPA held its Industry Forum meeting, where representatives from our Forum companies gathered to provide advisory insights to the Council Members. The agenda delved into pressing policy matters, focusing on the upcoming legislative cycle and plans leading up to the EU elections. The collaborative atmosphere fostered discussions that will play a pivotal role in shaping the work of the association for 2024.

Executive Board Meeting

In the afternoon, the EuroISPA Executive Board met to set the tone for 2024. Officers and the Secretariat discussed the engagement strategy for the EU elections, outlined focus topics, addressed membership trends, and laid the groundwork for the organisation’s initiatives in the coming months.

Meeting on Piracy of Live Content with European Commission and EUIPO

The following day, EuroISPA hosted a meeting with the European Union Intellectual Property Office (EUIPO) and the European Commission on the topic of piracy of live content. Members and representatives from other industry organisations, with whom EuroISPA regularly collaborates, also participated to the comprehensive discussion. The meeting saw the European Commission presenting the proposed Recommendation on piracy of live content and focused on the published KPIs, the data collection templates and the next steps of the monitoring exercise of the Recommendation. EuroISPA is a leading stakeholder on the matter, and the meeting marked a step forward in the longstanding collaboration with the Commission and the EUIPO, which it actively provides with the technical input from its Members.

ISPA Belgium’s New Year event

To round off the week, EuroISPA Executive Board Officers attended ISPA Belgium‘s New Year event. This provided an excellent opportunity to connect with Belgian figures actively involved in digital policy. The evening included a panel discussion on telecommunications and digital policy in the EU, with a focus on the role of Belgium. The exchange of ideas and insights during this event contributed to consolidate EuroISPA’s relationship with our member ISPA Belgium and to provide a broader understanding of regional challenges and opportunities, especially in light of the ongoing Belgian Presidency of the EU Council.

EuroISPA is committed to collaboration and informed policymaking. As we continue to navigate the ever-evolving landscape of the EU Internet industry, these engagements serve as a testament to its dedication to fostering a thriving digital ecosystem in Europe.

EuroISPA is committed to collaboration and informed policymaking. As we continue to navigate the ever-evolving landscape of the EU Internet industry, these engagements serve as a testament to its dedication to fostering a thriving digital ecosystem in Europe.
Meeting on Piracy of Live Content
Meeting on Piracy of Live Content
Meeting on Piracy of Live Content
EuroISPA President Elina Ussa
EuroISPA’s Manifesto for the 2024 European elections
EuroISPA’s Manifesto for the 2024 European elections
EuroISPA’s Manifesto for the 2024 European elections
EuroISPA Executive Board meeting
EuroISPA Executive Board meeting
EuroISPA Executive Board meeting
ISPA BE New Year Event
ISPA BE New Year Event
ISPA BE New Year Event
ISPA BE New Year Event
ISPA BE New Year Event
ISPA BE New Year Event
EuroISPA Industry Forum meeting
EuroISPA Industry Forum meeting
EuroISPA Industry Forum meeting

EuroISPA and other tech trade associations and NGOs jointly call on policymakers for a swift adoption of the ePrivacy derogation extension

/in , ,

Brussels, 23 January 2024EuroISPA, together with CCIA Europe and DOT Europe, coordinated the discussions among a coalition of more than 50 tech trade associations and organisations defending children rights on the proposal laying down rules to prevent and combat child sexual abuse.

All signatories share the same goal, which is to create and maintain a safe online environment for children, to detect and remove child sexual abuse (CSA) content online, and to ensure the investigation of offenders, in a manner that is compatible with privacy and human rights.

EuroISPA is particularly proud to see our members CZ.NIC, FiCom, ISPA Austria and ISPA Belgium as individual signatories of the statement, underlining the great commitment of European Internet Services Providers (ISPs) to eradicating online child sexual abuse.

Together, we have agreed to jointly call for a swift adoption of the ePrivacy derogation extension. Below are the main points of our joint call:

  • In the absence of an agreement on the CSA Regulation and the soon-approaching sunset clause of the temporary ePrivacy Derogation, there is a high risk of a legal gap which would prevent interpersonal communications service providers from carrying out selected detection, reporting and removal work against child sexual abuse online.
  • Proactive work against CSA has proven to be effective over the past decade. We therefore ask the European Parliament to support the Commission and the Council on this initiative and call on co-legislators to swiftly adopt the extension of the temporary ePrivacy derogation.
  • We note however that this extension should only be considered as a transitory solution, as the core focus is to agree on a long-term framework, and promptly adopt the CSA Regulation. 

All signatories remain committed to working towards legislation which stands the test of time and that is in the best interest of children.

Read our joint statement

Signatories: 5Rights Foundation, Agarrados à Net, ARSIS – Association for the Social Support of Youth, Asociația Eliberare, Association Novi Put, Brave Movement, Canadian Centre for Child Protection, Center for Missing and Exploited Children (Centar za nestalu i zlostavljanu decu), COFACE – Families Europe, Computer & Communications Industry Association (CCIA Europe), CZ.NIC (Czech Internet Association), Defence for Children International Nederland – ECPAT Nederland, Developers Alliance, Digital Poland Association (Związek Cyfrowa Polska), DOT Europe, ECPAT Albania, ECPAT Austria, ECPAT Belgium, ECPAT France, ECPAT International, ECPAT Luxembourg, ECPAT Norway, ECPAT Sweden, Eurochild, EuroISPA (European Internet Services Providers Association), FAPMI-ECPAT Spain (Federación de Asociaciones para la Prevención del Maltrato Infantil), FICE Croatia, FiCom (Finnish Federation for Communications and Teleinformatics), Fundacja Dajemy Dzieciom Siłę (Empowering Children Foundation), GSMA, Hintalovon Child Rights Foundation – ECPAT Hungary, “Hope for Children” – CRC Policy Center, IAC – Instituto de Apoio à Criança, ICMEC – International Centre for Missing & Exploited Children Singapore, Internet Watch Foundation (IWF), ISPA Austria (Internet Service Providers Austria), ISPA Belgium, ITI – The Information Technology Industry Council, Marie Collins Foundation, Missing Children Europe, Miúdos Seguros Na Net, Network for Children’s Rights (NCR) (Δίκτυο για τα Δικαιώματα του Παιδιού), Pomoc Deci, Safe Online, Save the Children Europe, Stiftung Digitale Chancen, Stop Sexting, Suojellaan Lapsia, Protect Children ry, Terre des Hommes Netherlands, The Pancyprian Coordinating Committee for the Protection and Welfare of Children, The Smile of the Child, Video Games Europe and WeProtect Global Alliance

EuroISPA General Meeting: 2023 wrap-up and 2024 outlook

/in ,

Brussels, November 30th-December 1st, 2023

As 2023 comes to an end and we approach 2024, our members gathered in Brussels for the last General Meeting of the year.

The participants came together to reflect on a successful year for the Association and to assess the results of the hard work. Here is a recap of the Association’s output in 2023:

  • More than 20 meetings held with policymakers, law enforcement bodies, and other sessions: we held multiple meetings and workshops with the European Commission, the Council, the European Parliament, EuroJUST, Europol, EUIPO and many more on the topics of piracy, e-evidence, Data Retention, CSAM, DSA and more.
  • More than 10 policy positions published, among papers, letters, recommendations, consultations and joint industry statements on CSAM, e-evidence, piracy, CRA, AI, Data retention, and more.

The biggest milestone of 2023 has been the publication of the EuroISPA Manifesto for the 2024 European elections, which will continue to be the centre of the Association’s policy work and engagement efforts in 2024.

Read our Manifesto here

EuroISPA’s Committees had the chance to present the work done in 2023 and kick-off the discussions for the 2024 focus areas. In particular, members actively engaged in an exchange of views on the role that EuroISPA can take in the debate on Artificial Intelligence, becoming more and more prominent in the EU digital policy environment.

Together, they agreed that EuroISPA will aim to establish a harmonised and globally accepted framework for AI deployment that encourages innovation, upholds ethical standards, and mitigates potential risks and the regulatory burden for Internet Service Providers while looking out for excessive liability for AI-Generated content and respecting copyright laws.

This will be the starting point for EuroISPA’s work on AI in 2024, in addition to the policy work done on other longstanding topics such as data, cybersecurity, online content moderation, and more.

Participants to the General Meeting also had the pleasure of hearing several guest interventions:

  • Connectivity Unit of DG CNECT on the Future of Connectivity: Results of the consultations and next steps.
  • Cate Nymann, Head of Policy and Membership affairs at the ALDE Party, offering insights and reflections on the party’s plans ahead of the elections.
  • Karolina Mojzesowicz, Deputy Head of the data Protection Unit at DG JUST, on the upcoming GDPR review.

Finally, the EuroISPA Board elections were held during the General Meeting: EuroISPA Council members elected Lars Steffen from eco Association of the Internet Industry as Vice-President, and Romain Bonenfant from FFTélécoms as Board Member. You can read the full announcement here.

EuroISPA’s new Board Officers
The General Meeting of November 30th and December 1st was the ideal setting to wrap up the work done in 2023 and set the tone for the year ahead, between European elections and ever-changing topics and debates in EU digital policy.

Contact details

EuroISPA

38, Rue de la Loi
1000 Brussels

+32 2 789 6618

[email protected]

General contact information | Privacy policy