Tag Archive for: EU

Draft regulation on payment services: effective fight against bank fraud requires the continuous cooperation of all parties

As part of the negotiations on the Commission’s proposal for a regulation on payment services, the liability of electronic communications operators and more generally of technical intermediaries, including digital platforms, in the context of bank fraud has been raised in different fora. This is triggered by an increase in fraudulent practices based on impersonation to deceive bank customers using electronic means of communication. For example, one of the growing vectors of bank fraud concerns the theft of telephone numbers (number spoofing). By fraudulently using a number assigned to a bank or payment service provider (bank advisor number or credit card opposition centre), the fraudster lowers the customer’s level of distrust and deceives them to obtain confidential information (access codes, bank card number, etc.).

Electronic communications operators, notably faced with the misunderstanding of fraud victims, are already incentivised to fight such practices and ensure trust in the use of telephone numbers. Several national initiatives, whether voluntary or imposed by law, have been launched in this regard. For example, in France, the Naegelen law, adopted in July 2020 to combat illegal cold calling, requires operators to ensure the authenticity of numbers from the numbering plan established by the national regulatory authority when they are used as caller ID for calls and messages received by their end-user customers.

Despite these efforts, which must continue, fraudsters remain innovators by nature, which means that fraud is rapidly evolving to circumvent any technical obstacles put in place.

This is why attempts to shift the legal and financial liability of such bank fraud cases away from payment service providers to technical intermediaries would not bring any additional result in the effective fight against these fraudulent practices. On the contrary, this would certainly lower the incentive for payment service providers to secure their services through state-of-the-art technologies and endanger the very principles governing the functioning of electronic communications services: electronic communications operators do not have visibility or control over the contents of communications on their networks, hence cannot be held liable for reprehensible acts committed using their networks. Overall, this would conflict with provisions of existing EU law applying to electronic communication operators (such as European Electronic Communications Code or ePrivacy and net neutrality) and platforms (such as the Digital Services Act).

But this does not imply that nothing can be done: cooperation at EU level among all parties involved in the fight against bank fraud (including operators, digital service providers, payment service providers, banks, customers’ associations, telecom regulators, and banking supervisors) could be strengthened and structured to identify and qualify trends in bank frauds, promote best practices in technical remediation, seek interoperability in telephone number authentication systems, and better inform customers for them to make better decisions when using payment services.

Remedying new forms of bank fraud requires a collective effort from the digital and the banking sector – the EU should not miss the opportunity to make it happen. It should ensure the Payment Services Regulation remains proportionate and incentivise efficient cooperation between the banking sector and the electronic communications sector, while duly considering the roles of each player in the value chain and without transfer of liability. 

Romain Bonenfant

EuroISPA Board Member
Managing Director, Fédération Française des Télécoms

Joint Industry Request to Extend Deadline for Trustworthy General-Purpose AI Consultation

Alongside 10 other trade associations, EuroISPA urged the European Commission and its AI Office to extend the deadline for responses to the consultation on trustworthy general-purpose AI (GPAI).

The effective implementation of AI Act rules on GPAI is vital for the future of the European AI and the ISPs ecosystem. However, the original six-week deadline, especially during the summer recess, restricts stakeholders’ ability to offer comprehensive feedback.

After the publication of this letter, the European Commission accepted to extend the consultation period until the 18th of September 2024.

For the future of the Internet, EU policy needs to focus on digital infrastructure

With the EU progressively increasing its focus on digital policymaking, it is ever more crucial that digital infrastructure be kept at the core of decisions that impact the Internet. The true advancement of digital policies incorporates all actors along the value chain of Internet service provision and has the potential to create an innovative digital sphere in the interest of EU citizens. Policies must be adapted to the reality of an ecosystem that is composed of many kinds of actors, taking into account differences in resources and precedent, particularly if we want to see even implementation across the entire sector. Indeed, what we need in order to create a sustainable EU digital policy life-cycle is clarity regarding implementation and coherence with existing legislation, and avoidance of legislative overlap.

The EU is seen as a driving force of innovation globally; but in order to truly enable an innovative, free, and fair Internet, the EU must consider all the actors within the sphere of Internet service provision. By considering all players and creating a level-playing field, the EU can create a cohesive internal market and enable increased sharing of knowledge and best practice. For the EU to maintain its status as a key actor at the global level of Internet services provision, it must nurture a competitive digital market at the infrastructure and service level. The EU has the chance to play a leading role in the development of emerging technologies, including AI, quantum technology, blockchains, and virtual worlds, and to build legislation which allows players of all sizes to participate – and it must take that chance to be at the forefront change.

Meanwhile, we must not forget that a safer Internet is crucial for the integrity of EU democracy. Ensuring technology neutrality and encompassing every actor within the Internet ecosystem allows for effective policy-making that creates a safer and freer Internet for all EU citizens. 

Elina Ussa
President of EuroISPA

Read EuroISPA’s Manifesto for the 2024 European Elections here.

Collaborative Strategies in Combating Online Piracy

In May 2023, the European Commission released a recommendation on combating online piracy of sports and other live events. The recommendation underlines rapid action against unauthorised streams and fosters collaboration across the Internet industry. In October, a conference co-hosted by the Commission and EUIPO spotlighted the fight against online piracy, at which Worldstream was invited due to our established measures.

In line with the recommendation, Worldstream has developed its own proactive Notice and Take Down tool. This tool empowers rightsholders to quickly block IP addresses used to distribute infringing content during live events, effectively disrupting online piracy as it happens. This tool is part of a broader strategy to foster industry-wide efforts, aligning with the Commission’s plan.

However, the challenge is not just about implementing tools: real progress in combating online piracy requires industry-wide cooperation. The current efforts often feel fragmented, with each party handling issues in isolation. From intermediaries to rightsholders, everyone has a crucial role, and only through sharing knowledge and resources can we collectively stay ahead of piracy. Creating working groups or direct communication channels might be the key to consolidating our efforts. By sharing insights, processes, and challenges, we can transform individual actions into a cohesive, industry-wide strategy against online piracy.

Wouter Van Zwieten
Chief Legal Operations Officer, Worldstream

Charting the Connectivity Landscape: challenges, investments, and the EU’s vision for a digital future

In 2023, the challenges for the connectivity sector in Europe were dramatically highlighted. The European Commission initiated an exploratory consultation, underlining the crucial need to review the existing regulatory framework to attract more investment in infrastructure in response to the profound changes in practices and to the development of innovative technologies, which are affecting the financial balance of the ecosystem.

Very high-capacity networks capable of processing massive amounts of data are needed for the EU to remain competitive, but electronic communications operators today face growing economic pressure. Digital markets are constantly changing, and the need for investment to keep pace with these developments is exploding. For example, incoming mobile traffic in France increased 18-fold between 2012 and 2021 and is expected to further increase 6-fold by 2030. Faced with an expected deficit of nearly 200 billion euros in investments to achieve the connectivity objectives of the Digital Decade by 2030, the industry must be supported by the European Union through a proactive and ambitious policy plan, spreading the investment effort across the entire value chain to ensure the resilience of an essential infrastructure at the heart of our economy.

The Digital Network Act is expected in 2024, as announced by Internal Market Commissioner Breton, who rightly reminded that cutting-edge telecommunications infrastructure is a fundamental pillar for growth, innovation and job creation. Among the priorities there is the need to adapt the regulatory framework to reduce costs and facilitate the rapid deployment of very high-capacity networks. The Gigabit Infrastructure Act proposed by the Commission in February 2023 was a promising start, but its ambition needs to be confirmed in the ongoing negotiations.

Finally, the green transition is affecting all sectors, including connectivity. Telecom operators seek to reach sustainability goals, but the success of these initiatives requires a global commitment towards a more optimised use of networks from the digital sector as a whole.

With the upcoming EU elections, 2024 will be a crucial year to make the connectivity aspirations of the European Union a reality. The announced “connectivity package” could be an essential instrument to overcome the challenges and secure the future of the sector, ensuring the sustainability of our infrastructures for the benefit of European citizens and businesses.

Romain Bonenfant
EuroISPA Board Member
Managing Director, Fédération Française des Télécoms

Cybersecurity in the EU: Milestones, Challenges, and the Road Ahead

The past year has brought several significant developments at EU level both in the Cybercrime and Cybersecurity field.

The adoption of the European Commission’s flagship project, the e-Evidence Regulation, in the summer of 2023, was a significant milestone given the ongoing discussions on the topic since 2017. For the first time, law enforcement authorities will now be able to directly address service providers established on the territory of a different Member State. The focus will now be on the technical implementation of the Regulation in the Member States, where new challenges will be posed by the EU-wide harmonisation of the national technical platforms for the secure exchange of data between law enforcement authorities and service providers via a decentralised IT-system.

Another central topic is the importance of encryption. The initial proposal on the Regulation to combat child sexual abuse stipulated detection measures that would have significantly undermined the use of end-to-end encryption in communication services. This provoked a huge wave of criticism showing that secure communications are also important to the broader public. This response ultimately led the European Parliament to explicitly exclude end-to-end encrypted communications from the scope of the Regulation.

At EU Member State level, the implementation of the NIS-2-Directive is still ongoing and will require substantial efforts by the affected companies, especially those that have not been subject to any cybersecurity requirements until now. On the other hand, providers of electronic communication networks and services are already under a sector-specific security regime as part of the European Electronic Communication Code. It will therefore be important that the national implementation of the NIS-2-Directive take into account the already existing security concepts in this sector and only stipulate additional measures where these would in fact lead to a higher level of security.

A political agreement on the Cyber Resilience Act has been reached, which harmonises cybersecurity standards for products and software with digital components and will also assist providers under the NIS-2-Directive to ensure supply chain security. Finally, it must be noted that the enormous frequency of new legal acts in the field of cybersecurity in recent years poses major challenges for the companies affected by them, as their internal processes must constantly be adapted, and it is often hard to find the necessary skilled workers to implement new requirements. With this in mind, along with the new mandate coming up this year, the focus of the upcoming European Commission should be on the smooth implementation of these legal acts rather than on new proposals.

Andreas Gruber
Former Chair of the EuroISPA Cybercrime & Cybersecurity Committee

Navigating the future: regulatory streamlining of electronic communications in the European Union

Over the next five years, the European Union (EU) is poised to witness a transformative era in the development of electronic communications networks. This period is anticipated to be marked by a concerted effort to modernise the existing infrastructure and reduce barriers to the construction of advanced VHCN networks. The so-called GIA legislation is trying to focus on harmonisation across Member States and reduce bureaucratic procedures. The question we must ask is “Will that be enough?”.

Any harmonisation effort should primarily target regulatory framework, aiming to streamline and simplify the procedures for network development. This will involve revising existing regulations and possibly introducing new ones to address the evolving landscape of electronic communications. The goal is to eliminate unnecessary bureaucratic hurdles that currently impede progress and innovation. By doing so, the EU intends to foster an environment conducive to investment, innovation, and rapid deployment of advanced networks like 5G and beyond.

A significant part of this harmonisation will be the standardisation of technologies and protocols. This will ensure interoperability of networks and services across the EU, enhancing the user experience and promoting a more connected European digital market. It’s not just about enhancing speed and bandwidth; it’s also about ensuring reliability, resilience, and security of these networks, especially in the wake of increased cyber threats.

Alongside these developments, there will be a strong emphasis on the formulation of clear and fair rules for data privacy in the digital space, especially data retention. The EU recognises the need for law enforcement agencies to access certain types of data for security purposes. However, this need must be balanced against the fundamental rights of individuals, particularly their right to privacy and data protection. This framework will aim to provide clarity and certainty for both law enforcement agencies, telecommunication service providers and providers of information society services, as well as protect the privacy rights of EU citizens. The future of electronic communications network development in the EU will be characterised by a drive towards harmonisation to reduce barriers for building new infrastructure and a focus on setting clear, human rights-centred rules for data protection in the digital space. These efforts will be critical to ensure that the EU remains at the forefront of digital innovation while safeguarding the rights and freedoms of its citizens.

Jaromir Novak
Partner for Regulatory Affairs, CZ.NIC

EuroISPA launches its new Manifesto for an innovative and fair European Internet ecosystem ahead of the 2024 European elections

We are excited to share EuroISPA’s new Manifesto for the 2024 European elections!

Our Manifesto advocates for putting innovation and fairness in the European Internet ecosystem at the core of the next mandate’s policymaking in the digital sphere.

In this manifesto, the result of the shared knowledge and collaborative effort of our wide and varied membership, we ask EU legislators to commit to the joint implementation of actions towards:

  • A fully functioning internal market
  • A long-term vision on privacy online
  • A harmonised European Strategy for Cybersecurity
  • Legislative Coherence for Digital Infrastructure

By focusing on legislative coherence, data protection, cybersecurity, and digital infrastructure, we believe the EU can enhance its competitiveness, safeguard fundamental rights, and unlock the benefits of new technologies.

Read our full manifesto here: EuroISPA Manifesto for the 2024 European elections