Tag Archive for: EU

EuroISPA Response to the Digital Networks Act Call for Evidence

/in ,

EuroISPA contributed to the European Commission’s consultation on the upcoming Digital Networks Act (DNA) and emphasises the importance of a transparent, inclusive and proportionate approach to reforming the EU’s electronic communications framework.

EuroISPA’s key messages:

  • Defining limits to harmonise access regulation and network transition: Harmonised access products must remain optional and copper switch-off plans must reflect national readiness and diversity.
  • Advancing harmonisation and simplification: Simplification must lower administrative burdens without compromising national flexibility or increasing regulatory overlap.
  • Enabling technology-neutral connectivity framework: A level playing field for fibre, wireless and satellite is essential to closing the digital divide.
  • Aligning environmental legislations with existing EU frameworks: Environmental rules should align with existing horizontal ESG frameworks, avoiding telecom-specific duplication.
  • Distinguishing consumer protection from enterprise services: Enterprise and public sector services should be exempt from consumer protection rules due to their bespoke nature.
  • Ensuring proportional and non-redundant governance structures: Knowledge sharing is welcome, but expanded EU-level powers must respect the principle of subsidiarity.
  • Focusing on demand-side gaps and digital skills: Efforts should address adoption barriers and digital skills rather than expanding costly Universal Service Obligations.
  • Maintaining a consistent commitment to net neutrality: Net neutrality must remain a cornerstone of the open internet and be upheld without reinterpretation or compromise.

Read the full response to the European Commission here.

The future of digital infrastructure: what’s next after the European Commission’s White Paper

/in , ,

With the publication of its White Paper on digital infrastructure in 2024, the European Commission has finally launched a long-overdue debate on the future of the telecom regulatory framework. EuroISPA has taken an active role in these discussions, committed to shaping an ambitious vision for the sector. Engaging with policymakers to highlight the essential role of Internet Service Providers (ISPs) in fostering innovation, resilience, and the twin transition, we reaffirm our dedication to keeping telecom networks at the heart of Europe’s economic and technological leadership. 

As we move towards 2030, unlocking the necessary investments to achieve the Digital Decade connectivity targets remains a top priority. To this end, Europe must establish a regulatory framework that incentivises investment, notably through a comprehensive Digital Networks Act, ensuring a robust, sustainable, and competitive telecom ecosystem for the future. 

Achieving true internal market integration will largely depend on harmonising and streamlining regulations across multiple areas, including infrastructure investment, spectrum management, and taxation. This also requires assessing the relevance of existing sectoral rules alongside broader horizontal frameworks. The regulation of our sector must adopt a more coordinated approach and foster investment-friendly conditions while preserving effective national frameworks and ensuring fair competition. 

Prioritising network sustainability is also crucial to supporting the green transition of our economy. The telecom industry plays a key role in driving sustainability gains across sectors and reducing its own environmental footprint by replacing legacy technology with more energy-efficient infrastructure. The inclusion of connectivity networks in the EU Taxonomy for sustainable finance is a positive step toward securing funding for greener networks. Additionally, engaging with equipment suppliers and digital service providers across the entire value chain will be essential to adopting the most efficient technologies, achieving net-zero emissions, and ensuring optimal network efficiency. 

Looking ahead to 2025, we believe the Digital Networks Act must serve as a cornerstone for turning these priorities into concrete action. By simplifying regulation, securing investment, and strengthening network sustainability and security, Europe can build digital infrastructures that are both competitive and future-proof. EuroISPA and its members remain committed to working alongside European stakeholders and institutions to ensure these vital reforms become a reality. 

Romain Bonenfant

EuroISPA Board Member

Managing Director of FFTélécoms – Fédération Française des Télécoms

EuroISPA Letter to the European Commission on e-Evidence

/in ,

In this letter to the European Commission, EuroISPA shares some key concerns, open questions and requests for clarification on the implementation of the e-Evidence Regulation and Directive, in anticipation of the upcoming implementing acts and the operationalisation of the decentralised IT system.

  • Clarify legal scope and applicability: EuroISPA calls for clear guidance on how the Regulation and Directive apply to service providers operating only within one Member State, especially to ensure legal certainty for smaller companies.
  • Ensure technical security and process integrity: Mandatory end-to-end encryption (E2EE), verified authentication of issuing authorities and provider-specific input fields are essential to safeguard data and streamline operations.
  • Define realistic implementation timelines: EuroISPA stresses the need for a clear roadmap, adequate lead times and technical support to avoid delays and operational disruptions during the transition to the decentralised IT system.
  • Provide fair and transparent cost reimbursement: The framework should cover both initial and ongoing compliance costs, with harmonised, accessible mechanisms for service providers to recover expenses and enforce payment.
  • Anticipate and manage request volumes: The Commission should publish request volume forecasts and engage continuously with ISPs to prepare for potential surges in legal data access requests.
  • Uphold fundamental rights: Strong safeguards, data minimisation, procedural clarity and full transparency must be upheld throughout implementation, especially to prevent over-reliance on emergency measures.

Read the full letter to the European Commission here.

EuroISPA’s contribution on Data Retention

/in ,

EuroISPA contributed to the Call for Evidence of the European Commission on Data Retention.

Read more here

The e-Evidence Regulation and its fundamental changes for cross border interaction between agencies and service providers

/in , ,

Criminal investigations nowadays rely heavily on digital evidence, which is often stored by service providers in other EU member states. To access such evidence, law enforcement agencies currently need to request legal assistance from the authorities in the service provider’s member state. While this is an established process, it can lead to delays and potential loss of evidence.

Regulation (EU) 2023/1543 (“e-Evidence Regulation”) aims to change this. Once in effect, authorities in EU member states will be able to issue production orders for certain data and preservation orders directly to service providers in other EU member states, without requiring their own national authority to act as an intermediary. Service providers will be legally required to produce or secure the requested data, facing significant administrative penalties if they fail to comply. However, for certain categories of data, the authorities in the service provider’s member state may object to the order, but only based on specific grounds for refusal.

The e-Evidence Regulation applies to a wide range of service providers, including electronic communication services, IP and domain name services, and various other information society services. Since the regulation does not exempt small service providers, all companies, regardless of size, must comply and establish the necessary procedures to receive, process, and respond to orders.

To facilitate secure communication between authorities and service providers, the European Commission is currently developing a decentralised IT system. This system is being designed in close collaboration with industry experts, including EuroISPA, to ensure that service providers’ expertise is considered.

The regulation will take effect on August 8, 2026. Before then, member states must designate their competent authorities, and the European Commission must adopt implementation acts for the decentralised IT system. However, several open questions remain, particularly concerning the regulation’s scope, the specific obligations of service providers, and the interaction between the decentralised IT system and similar national systems. Addressing these issues is essential to ensure the smooth implementation of e-Evidence.

Stefan Ebenberger

Secretary General of ISPA Austria

Telecom operators must not become content police

/in , ,

Telecommunications companies are the backbone of the Internet, akin to road maintenance operators tasked with ensuring smooth and functional infrastructure. Just as road operators are not expected to monitor vehicles for illegal goods, telecom operators should not be burdened with policing Internet content. Their role would shift drastically from facilitators to enforcers if tasked with such responsibilities.

Intermediaries Are Not Responsible for Data Content

Under the EU’s Digital Services Act (DSA), intermediaries like telecom companies are not liable for content transmitted or stored by their users under certain conditions. The DSA also prohibits general monitoring obligations. However, recent EU legislative initiatives have started imposing new responsibilities on intermediaries, stretching the limits of this limited liability.

For instance, under Article 17 of the DSM Directive, online content-sharing service providers might be held accountable for copyright infringements. Other regulations increasingly require telecom operators to block or monitor online content, such as those addressing terrorist content or child sexual abuse. Even seemingly unrelated laws, onto the operators, like those governing payment services, propose shifting liabilities, such as financial losses from spoofing.

Protecting Communications Secrecy

Commission proposals like the CSAM Regulation suggest requiring all communication services to inspect users’ messages, undermining encryption. Scanning messages before encryption negates its purpose, much like obliging postal workers to read letters before sealing them. The European Court of Human Rights ruled in Podchasov v. Russia (2024) that weakening encryption violates human rights. Yet, Europol and Member States’ police chiefs recently called for breaking encryption for investigations.

These proposals often lack technical understanding, expecting telecom companies to assess the legality of all communications—an impossible and intrusive task. Content regulation should target platforms or sources, not infrastructure providers.

Legislation that weakens communication secrecy threatens human rights, risking a surveillance state akin to China. Good intentions cannot justify such erosion of freedoms.

Asko Metsola

Former legal advisor of FiCom

Piracy Shield: A flawed approach in the fight against online piracy

/in , ,

ISPs understand the need to protect copyright and fight piracy. However, it is critical that the administrative, legal and technical systems deployed to achieve this shared goal are proportionate, efficient, non-discriminatory and not harmful to the proper functioning of the Internet network.

Italy was one of the first EU Member States to be equipped with a filtering platform, called “Piracy Shield”, whose primary objective is to tackle online piracy related to live broadcast sporting events. It was introduced by Law No. 93 of 2023, amended by the so-called Omnibus Decree (DL no. 113 of 9 August 2024) and completed by two AGCOM resolutions that better detail its functioning.

In a nutshell, Piracy Shield is an asynchronous platform designed to allow copyright holders (so-called flaggers) to quickly report domains or IP addresses hosting pirated content. Upon receiving the report on the portal, AGCOM can order Italian ISPs to block access to the sites involved within a maximum of 30 minutes.

Leaving aside the fact that this sort of “mega-firewall” is easily bypassed by means of VPN or by switching from a private DNS to a public DNS, and that it entails considerable costs for ISPs, it goes without saying that, from the very beginning, its functioning has revealed many limitations and criticalities, which have been exacerbated by the recent change in the law:

• there is a high risk of affecting lawful resources, since AGCOM can order the blocking of IP addresses that are predominantly (and not uniquely, as originally intended) used for unlawful activities;

• filtering obligations are potentially unlimited, after the legislator intervened to remove the filtering limits on IP/FQDN addresses agreed between the NRA and the operators during the technical tables;

• ISPs are found to perform filtering and tasks that collide with individual freedoms. This is contrary to European legislation that qualifies fundamental ISPs services as mere-conduit and therefore exempt them from liability. On the contrary, in Italy criminal liability has been expressly established for ISPs;

• marked asymmetry between the blocking procedures that must be carried out in a timely manner and total uncertainty as to the timing for unblocking: Uncertainty that disproportionately affects small operators or foreign providers who – not always being aware of the EU Member State’s regulatory framework – have difficulty enforcing their rights.

While we are witnessing initiatives that aim at combating piracy, it is useful to remember that any system activated at national level has strong impacts outside the borders, as content and resources located in third countries are filtered. In addition, a massive multiplication of asynchronous platforms would pose threats and create vulnerabilities to the proper functioning of the Internet, as intervening with potentially unlimited filtering creates high collateral damage even greater than the social benefit of combating piracy.

There are better tools to fight piracy, including criminal Law, cooperation between States, and digital solutions that downgrade the quality of the signal broadcast via illegal streaming websites or IPtv. European ISPs are ready to play their part in the battle against piracy, but the solution certainly does not lie in filtering and blocking IP addresses.

Dalia Coffetti

EuroISPA Board Member and Head of Regulatory and EU Affairs of AIIP – Association of Italian Internet Providers

EuroISPA on Internet governance

/in , ,

Rising geopolitical tensions threaten the open and global Internet on several levels. We see global fragmentation and threats to the physical infrastructure, global fragmentation at the regulatory level, and increasing cybersecurity threats from bad actors, including states.

At the same time, overly restrictive regulations or centralised control mechanisms could stifle innovation and exclude smaller operators, which also face challenges when it comes to combatting advanced threats such as nation-state actors, ransomware, and distributed denial-of-service (DDoS) attacks.

EuroISPA strongly supports the EU’s commitment to the multi-stakeholder model of Internet governance, which has been instrumental in maintaining an open, free and secure Internet. The EU can strengthen the multistakeholder model through strong participation in and compliance with the processes of the relevant organisations, such as IGF, ICANN, IETF, etc. Future EU legislation should always be assessed in the light of extraterritoriality and its impact on the global competitiveness of the European IT industry.

At the same time, we invite the EU to encourage diversity in operators by cutting red tape and streamline cybersecurity compliance requirements, ensuring they are proportionate to the size and resources of the operators, without compromising security standards. In fact, developing and adhering to open, universally adopted standards would ensure that security measures are interoperable, scalable, and accessible to operators of all sizes.

Building collaborative frameworks that provide shared threat intelligence, affordable mitigation tools, and capacity-building support is essential to levelling the playing field and enhancing the overall security and resilience of the Internet.

EuroISPA also believe it is key to take into account emerging technologies risks, such as quantum computing ad switching, artificial intelligence, and the Internet of Things (IoT). Preparing for quantum-resilient cryptography, securing IoT devices, and ensuring ethical AI use must be priorities to prevent vulnerabilities from compromising the integrity of the Internet.

EuroISPA recently submitted its response to the European Commission’s targeted consultation on its stance on Internet
governance.

Draft regulation on payment services: effective fight against bank fraud requires the continuous cooperation of all parties

/in , ,

As part of the negotiations on the Commission’s proposal for a regulation on payment services, the liability of electronic communications operators and more generally of technical intermediaries, including digital platforms, in the context of bank fraud has been raised in different fora. This is triggered by an increase in fraudulent practices based on impersonation to deceive bank customers using electronic means of communication. For example, one of the growing vectors of bank fraud concerns the theft of telephone numbers (number spoofing). By fraudulently using a number assigned to a bank or payment service provider (bank advisor number or credit card opposition centre), the fraudster lowers the customer’s level of distrust and deceives them to obtain confidential information (access codes, bank card number, etc.).

Electronic communications operators, notably faced with the misunderstanding of fraud victims, are already incentivised to fight such practices and ensure trust in the use of telephone numbers. Several national initiatives, whether voluntary or imposed by law, have been launched in this regard. For example, in France, the Naegelen law, adopted in July 2020 to combat illegal cold calling, requires operators to ensure the authenticity of numbers from the numbering plan established by the national regulatory authority when they are used as caller ID for calls and messages received by their end-user customers.

Despite these efforts, which must continue, fraudsters remain innovators by nature, which means that fraud is rapidly evolving to circumvent any technical obstacles put in place.

This is why attempts to shift the legal and financial liability of such bank fraud cases away from payment service providers to technical intermediaries would not bring any additional result in the effective fight against these fraudulent practices. On the contrary, this would certainly lower the incentive for payment service providers to secure their services through state-of-the-art technologies and endanger the very principles governing the functioning of electronic communications services: electronic communications operators do not have visibility or control over the contents of communications on their networks, hence cannot be held liable for reprehensible acts committed using their networks. Overall, this would conflict with provisions of existing EU law applying to electronic communication operators (such as European Electronic Communications Code or ePrivacy and net neutrality) and platforms (such as the Digital Services Act).

But this does not imply that nothing can be done: cooperation at EU level among all parties involved in the fight against bank fraud (including operators, digital service providers, payment service providers, banks, customers’ associations, telecom regulators, and banking supervisors) could be strengthened and structured to identify and qualify trends in bank frauds, promote best practices in technical remediation, seek interoperability in telephone number authentication systems, and better inform customers for them to make better decisions when using payment services.

Remedying new forms of bank fraud requires a collective effort from the digital and the banking sector – the EU should not miss the opportunity to make it happen. It should ensure the Payment Services Regulation remains proportionate and incentivise efficient cooperation between the banking sector and the electronic communications sector, while duly considering the roles of each player in the value chain and without transfer of liability. 

Romain Bonenfant

EuroISPA Board Member
Managing Director, Fédération Française des Télécoms

Joint Industry Request to Extend Deadline for Trustworthy General-Purpose AI Consultation

/in ,

Alongside 10 other trade associations, EuroISPA urged the European Commission and its AI Office to extend the deadline for responses to the consultation on trustworthy general-purpose AI (GPAI).

The effective implementation of AI Act rules on GPAI is vital for the future of the European AI and the ISPs ecosystem. However, the original six-week deadline, especially during the summer recess, restricts stakeholders’ ability to offer comprehensive feedback.

After the publication of this letter, the European Commission accepted to extend the consultation period until the 18th of September 2024.

Read the joint letter

Contact details

EuroISPA

38, Rue de la Loi
1000 Brussels

+32 2 789 6618

[email protected]

General contact information | Privacy policy