Tag Archive for: EU

EuroISPA Position Paper on the CSAM Regulation

As trilogue negotiations on the CSAM Regulation continue, EuroISPA considers that the final framework should fully reflect the overall aim of protecting children online while preserving the security and privacy safeguards that already apply across the digital ecosystem. It should also enable effective and consistent application of the legal and technical framework already in place, addressing genuine gaps without duplicating existing legislation. Our members, from hosting providers to CDN operators, access providers, and VPN services, already run detection and reporting systems and act as trusted flaggers under the Digital Services Act, and the Regulation should build on that engagement rather than override it.

Before introducing new obligations, the Commission and co-legislators should ensure that the technical and legal conditions for compliance are firmly established, starting with a permanent legal basis for voluntary detection rather than one based on temporary derogations. Any new obligations should remain proportionate, targeted, and technologically neutral, and grounded in evidence of a genuine gap rather than assumption.

The Commission should first assess whether the objectives can be achieved through closer alignment with existing instruments, such as the DSA, NIS2, and the e-Evidence Regulation, rather than through additional, overlapping requirements. Coherence with this existing framework, not the creation of a parallel one, should guide the Regulation’s final shape.

Our key positions:

  • Ensure the Regulation does not weaken, circumvent, or disable encryption even on a voluntary basis.
  • Include a permanent legal basis for voluntary detection directly in the Regulation, rather than relying on the temporary ePrivacy derogation.
  • Adopt a cascade approach so only the provider with direct control over the content is obligated to act.
  • Remove provisions that duplicate or conflict with the DSA, the e-Evidence Regulation, the Cybersecurity Act, NIS2, and the GDPR.
  • Align user notification and transparency requirements with the DSA instead of creating separate obligations.
  • Streamline risk assessment and categorisation using the DSA’s staggered, proportionate approach.
  • Strengthen and adequately resource national reporting hotlines and the INHOPE network.
  • Ensure judicial oversight for competent authorities and keep any list of approved technologies voluntary.
  • Avoid regulating data retention separately from the Commission’s ongoing data retention initiative.
  • Treat age assurance as an optional mitigation measure, not a mandatory obligation.
  • Align provider liability with the DSA and protect good-faith voluntary detection efforts from penalty.
  • Conduct a renewed impact assessment given how substantially the text has changed since 2022.

We invite you to read our full position paper below.

EuroISPA published its position paper on the Digital Omnibus Package

EuroISPA welcomes the European Commission’s objective to simplify the EU digital regulatory framework. A coherent simplification agenda is essential to strengthen Europe’s competitiveness, increase legal certainty for businesses, and ensure that the EU digital acquis remains fit for the next decade.


While the proposed measures represent a constructive step, EuroISPA would like to draw attention to the need for further efforts to address overlapping obligations, fragmentation across legal instruments, and inconsistencies in implementation. Simplification should therefore go beyond adjustments to individual provisions and focus on improving coherence across the broader digital regulatory framework.


Among our key recommendations:
• Greater coherence between the GDPR and the ePrivacy framework
• Reducing unnecessary consent fatigue while maintaining strong privacy protections
• Clearer rules on pseudonymisation and scientific research
• A harmonised EU reporting framework for cybersecurity incidents
• An effective ENISA Single Entry Point that simplifies reporting through aligned definitions, thresholds and timelines across EU cybersecurity legislation

EuroISPA looks forward to engaging with EU policymakers to ensure the Digital Omnibus delivers meaningful simplification for Europe’s digital ecosystem while maintaining coherence across the digital regulatory landscape.

INSIGHT: The Future of Connectivity: A Joint Vision from eco and EuroISPA 

Europe stands at a pivotal moment in its digital transformation. Connectivity is no longer a convenience – it is the backbone of economic growth, innovation, and societal resilience. As eco – Association of the Internet Industry and EuroISPA, we share a common mission: to ensure that Europe’s digital infrastructure is secure, sustainable, and future-ready. This article outlines our joint vision for the next era of connectivity, addressing technological, regulatory, and societal challenges. 

From Copper to Fiber: Building the Foundation 

The transition from copper-based networks to fiber-optic infrastructure is essential for Europe’s competitiveness. Fiber offers unmatched bandwidth, ultra-low latency, and resilience – capabilities that copper cannot deliver in an era of cloud computing, IoT, and real-time applications. Accelerating fiber deployment, particularly in rural and underserved regions, is critical to closing the digital divide. Both eco and EuroISPA advocate for investment-friendly policies and streamlined permitting processes to make this transition a reality. 

6G: The Intelligent Network of Tomorrow 

While 5G rollout continues, 6G research is already shaping the next frontier. Expected by 2030, 6G will deliver terabit-per-second speeds, sub-millisecond latency, and AI-driven network orchestration. It will enable holographic communication, digital twins, and immersive extended reality, transforming sectors from healthcare to manufacturing. To achieve this, Europe must invest in terahertz spectrum, edge computing, and global standards, ensuring interoperability and security.

Quantum Networking: Reinventing Security 

Cybersecurity is a cornerstone of trust in the digital age. Quantum networking, through technologies like Quantum Key Distribution (QKD), will make data interception virtually impossible. This is vital for protecting critical infrastructures systems. Europe must lead in quantum research and pilot projects to safeguard digital sovereignty. 

Satellites: Bridging the Last Mile 

 

Fiber and terrestrial networks will dominate urban connectivity, but satellite Internet – especially Low Earth Orbit (LEO) constellations – will play a key role in connecting remote regions. Integrating satellite solutions into Europe’s connectivity strategy ensures inclusivity and resilience, supporting economic development and social cohesion 

The Backbone: Data Centers, IXPs, and DNS  

  • Behind every digital service lies a robust infrastructure: 
  • Data Centers: The engines of the digital economy. Scaling sustainably with energy-efficient technologies and renewable energy is non-negotiable. 
  • IXPs: Internet Exchange Points reduce latency and strengthen resilience. Expanding Europe’s IXP ecosystem enhances performance and digital sovereignty. 
  • DNS: A stable and secure Domain Name System is fundamental. Implementing DNSSEC and redundancy measures is essential to prevent outages and attacks. 

Sustainability and Security: Our Shared Priorities 

Both eco and EuroISPA champion green digital infrastructure, aligning with EU climate goals. Energy efficiency, heat reuse, and renewable integration are critical for data centers and networks. At the same time, cybersecurity must evolve with zero-trust architectures, AI-driven threat detection, and strong encryption standards. 

Encryption: A Non-Negotiable for Trust 

EuroISPA has consistently defended end-to-end encryption as a cornerstone of privacy and security. Proposals to weaken encryption under initiatives like ProtectEU or e-Evidence risk undermining trust and exposing users to cyber threats. Our joint position is clear: encryption must remain robust and uncompromised. Any legislative approach should balance law enforcement needs with fundamental rights and technological realities. 

Policy and Collaboration: The Road Ahead 

The future of connectivity requires coordinated action. Policymakers must create frameworks that encourage investment, innovation, and sustainability without imposing disproportionate burdens. Industry associations like eco and EuroISPA play a vital role in shaping balanced regulations, from the Digital Networks Act to cybersecurity standards. Public-private partnerships will be the cornerstone of Europe’s digital success. 

Conclusion: A Connected, Secure, and Sustainable Europe 

Connectivity is not just about speed – it is about enabling opportunity, resilience, and trust. From fiber to 6G, from satellites to quantum networks, and from data centers to DNS, every component matters. Together, eco and EuroISPA are committed to driving this transformation and ensuring that Europe remains a global leader in digital innovation. 

Lars Steffen

Vice-President of EuroISPA

Head of International, Digital Infrastructures & Resilience of eco – Association of the Internet Industry

2026: What’s ahead

EU Digital Agenda for 2026: from strategy to action 

The time for action has arrived. Over the last months, the European Commission has defined broad policy guidelines for the current mandature (2024-2029): simplification, competitiveness, and innovation. The European executive has learned from the Mario Draghi and Enrico Letta reports – a welcome shift toward pragmatism for Internet Service Providers.  

In 2026, the Commission will translate these priorities into concrete proposals. Its work program directly impacts EuroISPA members across connectivity, data protection, cybersecurity, AI and platform regulation – making active engagement essential.  

KEY LEGISLATIVE PRIORITIES

The future Digital Networks Act is one of the major priorities for EuroISPA members. As Europe recasts its Electronic Communications Code, the stakes could not be higher: ensuring sustainable investment models while meeting connectivity demands for decades ahead. We expect the Commission to deliver a framework that balances regulatory certainty with technological evolution, incentivizing investment in digital infrastructures.  

EuroISPA welcomed the October 2025 Digital Omnibus Package. Aligning e-Privacy with GDPR is critical – reducing administrative burdens while clarifying legal obligations. Ensuring AI Act implementation is innovation-friendly similarly heads in the right direction. For our members, simplification here means tangible operational relief.  

On the revision of the Cybersecurity Act, EuroISPA supports a targeted revision of the Regulation.  

On the Digital Fairness Act: while we support strong consumer protection, creating new legislation risks regulatory fragmentation. Existing frameworks can achieve these goals more efficiently.  

On online piracy of sports and other live events, following its evaluation of the 2023 Recommendation, the Commission has concluded that this non-binding instrument is insufficient to tackle this illegal phenomenon. It is likely that a new legislative initiative is being considered to harmonise cooperation tools and EuroISPA will carefully follow how the issue may evolve, ensuring any framework respects technical feasibility and fundamental rights.

COOPERATION BETWEEN INTERNET SERVICE PROVIDERS AND JUDICIAL AUTHORITIES   

EuroISPA remains committed to ongoing discussions on the CSAM regulation which is at the final stage of negotiations. It welcomes the Council’s general approach adopted under the Danish Presidency, which excluded detection obligations from the scope of the future regulation.   

The August 2026 e-evidence regulation implementation presents significant operational challenges, particularly the decentralized IT system. EuroISPA will facilitate dialogue between members and the Commission to ensure workable compliance pathways.  

On metadata retention, we await the early 2026 impact assessment. Any legislative initiative must avoid imposing requirements that compromise EU competitiveness, digital sovereignty, or cybersecurity – outcomes that benefit neither security nor innovation.  

Finally, encryption remains paramount. As the Commission launches its expert group, EuroISPA’s co-signed global statement underscores our position: encryption is foundational to digital trust and economic security. Proposals weakening encryption to facilitate law enforcement access would fundamentally undermine these objectives – a tradeoff Europe cannot afford.  

EuroISPA’s strength lies in our diverse membership – representing the full value chain from infrastructure providers to content platforms. Our established relationships with European institutions (Commission, Parliament, Council) and agencies (EUIPO, BEREC) position us to effectively advocate for balanced, evidence-based policies. As 2026’s legislative agenda unfolds, our collective voice will be essential in shaping Europe’s digital future. 

Romain Bonenfant

President of EuroISPA

Managing Director of FFTélécoms – Fédération Française des Télécoms

EuroISPA signs MoU with RIPE NCC

Brussels, 28 November 2025 – EuroISPA, the pan European association of Internet Service Provider Associations, last week signed a Memorandum of Understanding with RIPE NCC, The Regional Internet Registry for Europe, Middle East, and Central Asia. The agreement aims to enhance collaboration to support Internet stability in Europe.

“This agreement represents another step in EuroISPA’s efforts to contribute to a reliable future for European Digital Users,” said EuroISPA President Romain Bonenfant.

The agreement, signed at the RIPE 91 Meeting in Bucharest by Hans Petter Holen, RIPE NCC Managing Director and CEO, and Alex de Joode, EuroISPA Board Member, and later, at the EuroISPA General Meeting, by Romain Bonenfant, EuroISPA President, focuses on developing technical insights and educational materials on how the Internet functions, promoting best practices and technical standards, and encouraging evidence-based policymaking in line with a multistakeholder approach to Internet governance.

EuroISPA Board Member Alex de Joode affirmed that, “The value of bringing together the resources including knowledge, talents, and practices that EuroISPA and RIPE NCC have been developing over many years is essential to ensure Internet stability in Europe. EuroISPA and RIPE NCC are two of the most important organisations in this area, and such a collaboration can only bring good things for Europe’s Digital Future.”

About EuroISPA

Established in 1997, EuroISPA is the world’s largest association of Internet Services Providers Associations, representing over 3,300 Internet Service Providers (ISPs) across the EU and EFTA countries. EuroISPA is recognised as the voice of the EU ISP industry, reflecting the views of ISPs of all sizes from across its member base.

Download the Press Release here

EuroISPA signs Global Statement on the Role of Encryption in Securing Trust and Enabling the Digital Economy

Last Monday, EuroISPA, along with over 60 other organisations, endorsed a Global Statement a Global Statement on the Role of Encryption in Securing Trust and Enabling the Digital Economy.

We believe that strong encryption is essential to the global digital economy. Encryption safeguards user privacy, protects sensitive data, and enables trust, which are foundations of commerce, communication, and innovation.

Any effort to undermine encryption, whether through backdoors, key escrow systems, or technical mandates, undermines that trust. Weakening encryption introduces systemic vulnerabilities that criminals and hostile actors can exploit.

We call on governments around the globe to advance policies that protect encryption as a vital enabler of digital trust and economic prosperity. Policymakers should strengthen, not weaken, the tools that protect our shared digital infrastructure

EuroISPA appointed new Board at General Meeting

Brussels, 18 November 2025 – EuroISPA, the pan-European association of Internet Service Provider Associations, appointed its new Board, including the Association’s President, Vice-President, and Treasurer, during its latest General Meeting in Brussels.

The new Board leadership includes Romain Bonenfant of Fédération Française des Télécoms as President, Lars Steffen of eco as Vice-President, and Dalia Coffetti of AIIP as Treasurer, alongside Stefan Ebenberger from ISPA Austria and Alex de Joode from AMS-IX as Board members. The Board is responsible for coordinating the activities and budget of the Association.

Romain Bonenfant spoke on his appointment as President of EuroISPA: “I am honored to take on the role of President after several years of active involvement on EuroISPA’s Board. We will stay true to our mission to represent Internet Service Providers by providing our technical expertise to EU institutions and stakeholders, and supporting our members through shared knowledge and best practices. Our strength lies in collaboration; Internet Service Providers need a strong, informed and united voice in Europe.”.

Lars Steffen highlighted EuroISPA’s role in uniting ISPs across Europe, noting that collaboration enables common approaches and clear positions to shape balanced frameworks. Newly appointed Treasurer Dalia Coffetti added that she looks forward to supporting EuroISPA’s priorities and working with the Board to ensure their efforts deliver meaningful impact.

About EuroISPA

Established in 1997, EuroISPA is the world’s largest association of Internet Services Providers Associations, representing over 3,300 Internet Service Providers (ISPs) across the EU and EFTA countries. EuroISPA is recognised as the voice of the EU ISP industry, reflecting the views of ISPs of all sizes from across its member base.

Download the Press Release here

EuroISPA Response to the Public Consultation on the Digital Fairness Act

EuroISPA shares the European Commission’s objective to protect and empower consumers. Nevertheless, we emphasise that the EU already has the world’s most comprehensive consumer protection framework, strengthened by recent major legislative updates, including the Omnibus Directive, DSA, DMA, Data Act, and AI Act.

Should the Commission remain committed to proposing a DFA, such an initiative should fully reflect the overall aim of ensuring a simple, competitive, and innovation-friendly legal framework, which benefits both consumers and businesses. It should also enable effective and consistent enforcement of existing laws, addressing specific gaps without duplicating existing legislation. Hence, before considering any new rules, the Commission should conduct comprehensive impact assessments of existing legislation and its implementation.

Only where genuine gaps are demonstrated should evidence-based, targeted, and technologically neutral measures be considered. Even then, the Commission should first assess whether the objectives can be achieved by amending existing instruments—such as the DSA—instead of adopting a new legislative act.

EuroISPA’s specific recommendations address:

  • The relationship between regulators and businesses
  • Dark patterns
  • Addictive design
  • Unfair personalisation practices
  • Harmful practices by social media influencers
  • Issues with digital contracts
  • Simplification measures
  • Horizontal issues (age assurance, fairness by design, burden of proof, definition of consumer). 

GDPR blocks growth opportunities 

The EU’s General Data Protection Regulation (GDPR) promised harmonised rules and a stronger internal market. In reality, interpretations vary between member states, and case law is inconsistent. Companies live in uncertainty about which rules to follow in which country and this undermines the competitiveness of the entire economic area. 

The obligations of the GDPR are in many respects overly detailed and rigid. Contractual requirements, the 72-hour breach notification, and unclear rules on anonymisation and pseudonymisation create extra bureaucracy without real added value for data protection. Supervisory authorities treat guidelines as binding regulations, leaving risk-based thinking aside. 

Excessively strict interpretations also prevent the use of data in healthcare, research, and new digital services. When pseudonymisation cannot be applied flexibly, innovation stalls and international cooperation dries up. For example, telecom operators have enormous opportunities to develop business by using pseudonymised data generated by their networks: mobility patterns could be used in urban planning, service capacity, or tourism development without compromising individual privacy. Current restrictive interpretations, however, make this nearly impossible. 

The situation is made worse by conflicts between the GDPR and ePrivacy rules, as well as by authorities’ low notification threshold, which burdens oversight and wastes resources. In addition, the sanction mechanism is unbalanced: companies may face heavy penalties, while the public sector rarely faces administrative fines, even though authorities handle massive amounts of personal data. This is neither acceptable for citizens’ legal protection nor for equal treatment. 

A correction to the GDPR is essential. We need more consistent interpretations, risk-based regulation, sanctions that also apply to the public sector, and proportionality – so that data protection genuinely works for citizens rather than stalling European companies’ growth and the development of new business models. 

Elina Ussa

President of EuroISPA

and FiCom Managing Director

Promoting Sustainability through Digital Infrastructure

As underscored in EuroISPA‘s Position Paper on Sustainability, the role that digital technologies and infrastructure play in driving environmental responsibility across the economy is crucial. From reducing energy consumption in telecom networks to encouraging investments in sustainable data centres, the paper presents actionable strategies for driving a greener future powered by responsible digitalisation.  

Digitalisation already plays a key role in sustainability, replacing outdated, energy-intensive technologies with more efficient alternatives. For instance, 5G networks consume 80% less energy than 4G, and fiber optic cables use five times less energy than copper. This high-performance connectivity creates opportunities for energy savings across all sectors. 

However, more can be done. EuroISPA advocates for proactive measures, such as phasing out aging 2G and 3G equipment, fostering industry collaboration, and sharing best practices to optimise data distribution. Consistent regulation and increased investment in renewable energy infrastructure are also vital in ensuring that Europe’s digital ecosystem remains both competitive and sustainable. 

Data centres as the backbone of digitalisation, key to decarbonising the EU economy. EuroISPA encourages further investment in EU-based data centres, supported by renewable energy, to enhance both competitiveness and environmental sustainability. 

The digital infrastructure sector holds the key to a greener future, and we at EuroISPA are committed to leading that transition. By promoting energy-efficient technologies and investing in sustainable data centres, we can drive decarbonisation across Europe, ensuring both sustainability and digital resilience. 

By embedding sustainability into every level of the digital supply chain, EuroISPA envisions a future where responsible digitalisation powers a greener, more prosperous Europe. 

Lars Steffen

EuroISPA Vice President

Head of International, Digital Infrastructures & Resilience of eco – Association of the Internet Industry