EU Payments Services Regulation: EuroISPA’s opinion

EuroISPA’s position on the EU Payments Package

In 2023, the European Commission put forward proposals to bring payments and the wider financial sector into the digital age, including through a proposal for a Payment Services Regulation (PSR).

EuroISPA finds the European Parliament’s position on the PSR worrying, and most notably the contents of Article 59 of the proposed Regulation on the liability of Electronic Communications Operators in the occurrence of impersonation fraud. 

In the context of the discussions on the file currently entering the Council of the EU arena, we are now sharing our opinion concerning Article 59, advocating for the removal of the article altogether, for the strengthened cooperation between all players involved, as well as for the empowerment of consumers to make knowledgeable and safe decisions to better combat fraud.

“How to master Europe’s digital infrastructure needs?” – EuroISPA’s feedback to the European Commission’s White Paper

The European Commission’s White Paper “How to master Europe’s digital infrastructure needs?” analyses the multiple challenges Europe currently faces in the rollout of future connectivity networks. It presents possible scenarios going forward to address those challenges, attract investment, foster innovation, increase security and achieve a true Digital Single Market.

EuroISPA responded to the European Commission’s public consultation on the White Paper in the name of European Internet Services Providers (ISPs).

Here is a summary of our feedback:

  • EuroISPA welcomes the fact that the Commission highlights the critical importance of ISPs for the future of the EU and draws some meaningful scenarios in order to promote connectivity and simplify and harmonise regulations, which is needed to overcome the challenges ahead.
  • However, EuroISPA finds that many proposals require more clarification from the European Commission and need to take account of national specificities / efficient frameworks.
  • EuroISPA also commends the willingness of the EC to address the sustainability and security of networks, which are essential to ensuring a resilient and sustainable Europe.

EuroISPA General Meeting in Rome: a recap

Rome, June 27-28, 2024

Last week, the EuroISPA community travelled to Rome for the second General Meeting of the year, gathering Council and Forum members, Board Officers and Secretariat, kindly hosted by our Italian member AIIP.

This General Meeting came at a turning point in Europe’s political landscape, with the European elections results still fresh, the start of the Hungarian Presidency, and an entire EU agenda still to shape. This is precisely what our members discussed together in the two-day meeting in Rome. The agenda included:

📌 A nice welcome and overview of the work and priorities of AIIP, representing ISPs in Italy

📌 Analysis of the EU Elections results, what they mean for EuroISPA members, and our upcoming engagement efforts

📌 Approval of EuroISPA’s feedback to the European Commission’s White Paper on Digital Infrastructure. You can read our submission here.

📌 Exchange on several EuroISPA statements on topics such as sustainability, GDPR, AI, data retention, CSAM and payments.

Finally, we had the pleasure of welcoming several guest speakers:

  • Vinicio Peluffo, Member of the Italian Chamber of Deputies for the Democratic Party, on how Italy is preparing for challenges stemming from AI
  • Kristian Bartholin, Secretary to the Council of Europe’s Committee on AI, on the expectations on AI governance at a global level after the Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law
  • Giuseppe Bianchi, Professor of Telecommunications at the University of Rome Tor Vergata, the role of infrastructure in enhancing the competitiveness of the EU and its Member States
  • Andrea Margheri, Deputy Head of Division, Industrial, technological, research and training programs at the Italian Cybersecurity Agency, on the interplay between AI and cybersecurity and the opportunities and challenges

The next EuroISPA General Meeting will be held in Brussels in September – stay tuned!

For the future of the Internet, EU policy needs to focus on digital infrastructure

With the EU progressively increasing its focus on digital policymaking, it is ever more crucial that digital infrastructure be kept at the core of decisions that impact the Internet. The true advancement of digital policies incorporates all actors along the value chain of Internet service provision and has the potential to create an innovative digital sphere in the interest of EU citizens. Policies must be adapted to the reality of an ecosystem that is composed of many kinds of actors, taking into account differences in resources and precedent, particularly if we want to see even implementation across the entire sector. Indeed, what we need in order to create a sustainable EU digital policy life-cycle is clarity regarding implementation and coherence with existing legislation, and avoidance of legislative overlap.

The EU is seen as a driving force of innovation globally; but in order to truly enable an innovative, free, and fair Internet, the EU must consider all the actors within the sphere of Internet service provision. By considering all players and creating a level-playing field, the EU can create a cohesive internal market and enable increased sharing of knowledge and best practice. For the EU to maintain its status as a key actor at the global level of Internet services provision, it must nurture a competitive digital market at the infrastructure and service level. The EU has the chance to play a leading role in the development of emerging technologies, including AI, quantum technology, blockchains, and virtual worlds, and to build legislation which allows players of all sizes to participate – and it must take that chance to be at the forefront change.

Meanwhile, we must not forget that a safer Internet is crucial for the integrity of EU democracy. Ensuring technology neutrality and encompassing every actor within the Internet ecosystem allows for effective policy-making that creates a safer and freer Internet for all EU citizens. 

Elina Ussa
President of EuroISPA

Read EuroISPA’s Manifesto for the 2024 European Elections here.

Joint industry call for protecting encryption in the Child Sexual Abuse Regulation

Together with other industry associations, EuroISPA is calling on EU Member States to preserve the integrity of end-to-end encryption in the Child Sexual Abuse Regulation, and to protect both safety and privacy in the Council position.

Some worrying suggestions have been put on the negotiating table last week which are highly problematic for the privacy of users and the security of the Internet. In our joint statement, we point at other avenues for improvement, including voluntary detection and prevention.

Collaborative Strategies in Combating Online Piracy

In May 2023, the European Commission released a recommendation on combating online piracy of sports and other live events. The recommendation underlines rapid action against unauthorised streams and fosters collaboration across the Internet industry. In October, a conference co-hosted by the Commission and EUIPO spotlighted the fight against online piracy, at which Worldstream was invited due to our established measures.

In line with the recommendation, Worldstream has developed its own proactive Notice and Take Down tool. This tool empowers rightsholders to quickly block IP addresses used to distribute infringing content during live events, effectively disrupting online piracy as it happens. This tool is part of a broader strategy to foster industry-wide efforts, aligning with the Commission’s plan.

However, the challenge is not just about implementing tools: real progress in combating online piracy requires industry-wide cooperation. The current efforts often feel fragmented, with each party handling issues in isolation. From intermediaries to rightsholders, everyone has a crucial role, and only through sharing knowledge and resources can we collectively stay ahead of piracy. Creating working groups or direct communication channels might be the key to consolidating our efforts. By sharing insights, processes, and challenges, we can transform individual actions into a cohesive, industry-wide strategy against online piracy.

Wouter Van Zwieten
Chief Legal Operations Officer, Worldstream

Charting the Connectivity Landscape: challenges, investments, and the EU’s vision for a digital future

In 2023, the challenges for the connectivity sector in Europe were dramatically highlighted. The European Commission initiated an exploratory consultation, underlining the crucial need to review the existing regulatory framework to attract more investment in infrastructure in response to the profound changes in practices and to the development of innovative technologies, which are affecting the financial balance of the ecosystem.

Very high-capacity networks capable of processing massive amounts of data are needed for the EU to remain competitive, but electronic communications operators today face growing economic pressure. Digital markets are constantly changing, and the need for investment to keep pace with these developments is exploding. For example, incoming mobile traffic in France increased 18-fold between 2012 and 2021 and is expected to further increase 6-fold by 2030. Faced with an expected deficit of nearly 200 billion euros in investments to achieve the connectivity objectives of the Digital Decade by 2030, the industry must be supported by the European Union through a proactive and ambitious policy plan, spreading the investment effort across the entire value chain to ensure the resilience of an essential infrastructure at the heart of our economy.

The Digital Network Act is expected in 2024, as announced by Internal Market Commissioner Breton, who rightly reminded that cutting-edge telecommunications infrastructure is a fundamental pillar for growth, innovation and job creation. Among the priorities there is the need to adapt the regulatory framework to reduce costs and facilitate the rapid deployment of very high-capacity networks. The Gigabit Infrastructure Act proposed by the Commission in February 2023 was a promising start, but its ambition needs to be confirmed in the ongoing negotiations.

Finally, the green transition is affecting all sectors, including connectivity. Telecom operators seek to reach sustainability goals, but the success of these initiatives requires a global commitment towards a more optimised use of networks from the digital sector as a whole.

With the upcoming EU elections, 2024 will be a crucial year to make the connectivity aspirations of the European Union a reality. The announced “connectivity package” could be an essential instrument to overcome the challenges and secure the future of the sector, ensuring the sustainability of our infrastructures for the benefit of European citizens and businesses.

Romain Bonenfant
EuroISPA Board Member
Managing Director, Fédération Française des Télécoms

Cybersecurity in the EU: Milestones, Challenges, and the Road Ahead

The past year has brought several significant developments at EU level both in the Cybercrime and Cybersecurity field.

The adoption of the European Commission’s flagship project, the e-Evidence Regulation, in the summer of 2023, was a significant milestone given the ongoing discussions on the topic since 2017. For the first time, law enforcement authorities will now be able to directly address service providers established on the territory of a different Member State. The focus will now be on the technical implementation of the Regulation in the Member States, where new challenges will be posed by the EU-wide harmonisation of the national technical platforms for the secure exchange of data between law enforcement authorities and service providers via a decentralised IT-system.

Another central topic is the importance of encryption. The initial proposal on the Regulation to combat child sexual abuse stipulated detection measures that would have significantly undermined the use of end-to-end encryption in communication services. This provoked a huge wave of criticism showing that secure communications are also important to the broader public. This response ultimately led the European Parliament to explicitly exclude end-to-end encrypted communications from the scope of the Regulation.

At EU Member State level, the implementation of the NIS-2-Directive is still ongoing and will require substantial efforts by the affected companies, especially those that have not been subject to any cybersecurity requirements until now. On the other hand, providers of electronic communication networks and services are already under a sector-specific security regime as part of the European Electronic Communication Code. It will therefore be important that the national implementation of the NIS-2-Directive take into account the already existing security concepts in this sector and only stipulate additional measures where these would in fact lead to a higher level of security.

A political agreement on the Cyber Resilience Act has been reached, which harmonises cybersecurity standards for products and software with digital components and will also assist providers under the NIS-2-Directive to ensure supply chain security. Finally, it must be noted that the enormous frequency of new legal acts in the field of cybersecurity in recent years poses major challenges for the companies affected by them, as their internal processes must constantly be adapted, and it is often hard to find the necessary skilled workers to implement new requirements. With this in mind, along with the new mandate coming up this year, the focus of the upcoming European Commission should be on the smooth implementation of these legal acts rather than on new proposals.

Andreas Gruber
Former Chair of the EuroISPA Cybercrime & Cybersecurity Committee

Navigating the future: regulatory streamlining of electronic communications in the European Union

Over the next five years, the European Union (EU) is poised to witness a transformative era in the development of electronic communications networks. This period is anticipated to be marked by a concerted effort to modernise the existing infrastructure and reduce barriers to the construction of advanced VHCN networks. The so-called GIA legislation is trying to focus on harmonisation across Member States and reduce bureaucratic procedures. The question we must ask is “Will that be enough?”.

Any harmonisation effort should primarily target regulatory framework, aiming to streamline and simplify the procedures for network development. This will involve revising existing regulations and possibly introducing new ones to address the evolving landscape of electronic communications. The goal is to eliminate unnecessary bureaucratic hurdles that currently impede progress and innovation. By doing so, the EU intends to foster an environment conducive to investment, innovation, and rapid deployment of advanced networks like 5G and beyond.

A significant part of this harmonisation will be the standardisation of technologies and protocols. This will ensure interoperability of networks and services across the EU, enhancing the user experience and promoting a more connected European digital market. It’s not just about enhancing speed and bandwidth; it’s also about ensuring reliability, resilience, and security of these networks, especially in the wake of increased cyber threats.

Alongside these developments, there will be a strong emphasis on the formulation of clear and fair rules for data privacy in the digital space, especially data retention. The EU recognises the need for law enforcement agencies to access certain types of data for security purposes. However, this need must be balanced against the fundamental rights of individuals, particularly their right to privacy and data protection. This framework will aim to provide clarity and certainty for both law enforcement agencies, telecommunication service providers and providers of information society services, as well as protect the privacy rights of EU citizens. The future of electronic communications network development in the EU will be characterised by a drive towards harmonisation to reduce barriers for building new infrastructure and a focus on setting clear, human rights-centred rules for data protection in the digital space. These efforts will be critical to ensure that the EU remains at the forefront of digital innovation while safeguarding the rights and freedoms of its citizens.

Jaromir Novak
Partner for Regulatory Affairs, CZ.NIC

EuroISPA publishes Position Paper on Data Retention

Data retention frameworks refer to the regulation of what data should be stored or archived, where that should happen, and for exactly how long. The obligation of data storage stems from the possibility of law enforcement authorities to request such data to Electronics Communications Services Providers at any time.

In light of the current discussions within the High-Level Group on access to data for effective law enforcement, EuroISPA has published this Position Paper on Data Retention. This paper is a testament to EuroISPA’s collective dedication to identifying the practical, operational and economic consequences and challenges of data retention at both the national and cross-border level.

Allowing law enforcement authorities to prevent and prosecute serious crimes needs while safeguarding the fundamental rights of users and electronic communications services providers is not an easy task, as shown by several rulings of the Court of Justice of the EU. EuroISPA has put together a list of imperative requirements to provide guidance on how to achieve the right balance between the interests and obligations of all parties involved.

EuroISPA, a pan-European association which represents over 3,300 Internet Services Providers (ISPs), works to advocate for the needs both of the wider industry and of users. This position paper is one example of how the association’s members work together to draft recommendations for EU policy makers that can be implemented by the industry in order to tackle the issue at hand.