In the current mandate, we have acted to ensure that our society seizes the opportunities offered by digital technology, minimises associated risks for citizens, and invests strategically to build our competitiveness and resilience.
Technology
The EU is today home to three of the most powerful computers in the world. This technological leadership goes hand in hand with our climate ambitions. For example, LUMI’s supercomputer in Northern Finland uses 100% hydropower, and its waste heat is used to heat hundreds of households.
Thanks to the European Chips Act, we are turning the EU into a world leader in semiconductors. We are supporting scale-up and innovation and boosting manufacturing. The Act has already triggered investment plans worth over €115 billion, contributing to our goal of doubling the EU’s share in the semiconductors global market to 20% by 2030.
Europe has been investing more than ever in digital. Under the NextGenerationEU, the target of using 20% of funds in digital-related measures has been exceeded. Thanks to these investments, almost 18 million households in the EU received high-speed Internet, and 247 million users benefit from new or improved public digital services.
AI & data
Even before services like ChatGPT became a mass phenomenon, we anticipated the impact of Artificial Intelligence in our lives. With the AI Act, the EU has become the first jurisdiction in the world to put up risk-based guardrails to ensure that the use of AI remains safe and human centred, while also boosting innovation in trustworthy AI. By working closely with like-minded partners, the AI Act also aims to become an international reference point.
The AI revolution will be driven by data. To unleash it, our Data Acts open up data sharing by users of all types of connected devices for innovative uses, require contestable and fair data processing services, and establish standards for trusted data intermediaries and data spaces. At the same time, our Cyber Resilience Act keeps data safe, by setting high cybsersecurity standards for all connected devices sold in the EU.
During the COVID-19 pandemic, the Commission set up the EU Digital COVID certificate – a secure means of handling sensitive health data, issued 2.2 billion times and connecting 78 countries and territories, it allowed Europeans to travel safely and freely within the EU and is now a WHO standard.
Platforms
The pandemic also underscored the need to mitigate harmful content online and exposed our dependencies on digital giants. The Digital Services Act imposes greater accountability on the biggest platforms to remove illegal content and tackle risks to children and elections. The Digital Markets Act prevents gatekeeper platforms from using their economic power solely in their own interests, to exclude innovative online businesses.
Key policies and achievements
- Empowering users online and setting a global benchmark with the Digital Services Act and the Digital Markets Act
- Harnessing the opportunities of Artificial Intelligence through the world’s first regulatory framework
- Giving Europeans a safe and secure digital identity
- Tapping the economic potential of data in a secure way
- Increasing our independence in semiconductors with the European Chips Act
- Improving Europeans’ digital skills and the access of new technologies by business to realise our Digital Decade
- Bolstering our cybersecurity and resilience to cyber threats
The Digital Services Act (DSA) sets out a new standard for the accountability of online platforms regarding illegal content, disinformation and other societal risks. It empowers and protects users by requiring online platforms to tackle illegal content and to increase accountability and transparency.
The core function of the Digital Services Act is that what is illegal offline, should be illegal online.
The Digital Services Act’s general obligations apply to all online platforms since 17 February 2024.
Obligations include publishing user numbers and transparency reports; having clear terms and conditions of use and enforcing them proportionately; taking down illegal content; providing statements of reasons and means to seek redress in case of content moderation; and a profiling ban for advertisement directed at minors or based on sensitive personal data.
Very Large Online Platforms or Search Engines reaching more than 45 million users monthly are subject to more stringent rules. This is the case for 25 designated services. These stronger provisions include:
- allowing users to opt out from profiling for the content they see
- publishing repositories of all ads on their interface, including who promoted them
- stopping targeted advertisement based on sensitive personal data, and towards children
- giving researchers access to data.
Such designated services also need to provide annual risk assessments to examine how their services might pose a risk to fundamental rights, civic discourse, and public health, amongst others; and they will need to adopt reasonable and effective mitigation measures to the identified systemic risks. The risk assessments and the mitigation plans are subject to independent audit and oversight.
The Digital Services Act is showing its impact: big platforms have taken steps to better protect minors, offering choices regarding their recommender systems, and labelling and providing access to ads. The first test case for the Digital Services Act was the illegal and harmful content disseminated in the context of Hamas’s terrorist attacks on Israel, where the Commission opened formal proceedings against X. Since then, the Commission has started formal proceedings against TikTok, AliExpress, and Meta. In August 2024, the Commission closed its first proceeding under the DSA following TikTok’s commitment to permanently withdraw its Lite Rewards programme from the EU.
With the Digital Markets Act (DMA), the EU has set a global milestone to regulate the economic power of digital “gatekeepers”. These are some of the largest digital global companies that take a particularly important place in the internal market because of their size and their role as gateways for business users to reach their customers.
The Digital Markets Act will create an opportunity for businesses to challenge gatekeepers by ensuring fair, open, and contestable digital markets. The new rules:
- increase legal certainty for businesses and platforms
- empower SMEs and start-ups
- ensure consumers benefit from quality services and more transparency.
For example:
- gatekeepers can no longer engage in self-preferencing on their platforms
- users can delete preinstalled software from their devices and can download apps from alternative app stores
- businesses can get free access to ad data and can agree contracts outside of a gatekeeper platform
- developers can use alternative payment or identification systems.
- Alphabet (Google’s parent company), Amazon, Apple, ByteDance (TikTok’s parent company), Meta and MicrosoftIn September 2023, the Commission designated six gatekeepers under the Digital Markets Act, accounting together for a total of 23 core platform services.
Since March 2024, the six designated gatekeepers need to ensure full compliance with the obligations of the DMA. The Commission has already opened investigations for non-compliance against Alphabet, Apple, and Meta. In May 2024, the Commission also designated Booking (parent company of Booking.com) as a gatekeeper.
Harnessing the opportunities of Artificial Intelligence through the world’s first regulatory framework
The potential benefits of Artificial Intelligence (AI) for our societies are manifold, from improved medical care to better education. Harnessing these opportunities was a key Commission objective – long before services such as ChatGPT became a mass phenomenon.
The Commission put forward the Artificial Intelligence Act designed to ensure that AI systems used in the EU are safe, transparent, ethical, unbiased and under human control. Innovation-friendly and human-centric, it regulates AI where necessary to address risks to health, safety and fundamental rights and ensures a level playing field for innovation, without additional burden for most use cases.
With our innovation-friendly AI Act, which entered into force in August 2024, the EU is contributing to the development of global guardrails for trustworthy AI. In 2023, the Commission supported the agreement by G7 leaders on International Guiding Principles and a voluntary Code of Conduct for Advanced AI systems.
We have set a goal of investing more than €1 billion per year in AI research and innovation, with the objective to attract more investment in AI per year over this decade. That goal was largely surpassed in 2022, when more than €3 billion of EU funding were mobilised.
To develop AI models, access to supercomputers is crucial: this reduces training time for algorithms from months or years, to just weeks. The EU currently has three world-class supercomputers (based in Finland, Italy, and Spain) and we are granting access for European AI start-ups, SMEs and the broader AI community.
In May 2024 the Commission unveiled the AI Office, established within the Commission. The AI Office will play a key role in the implementation of the AI Act, especially in relation to general-purpose AI models. It will also work to foster research and innovation in trustworthy AI and position the EU as a leader in international discussions. The AI Office has already started work with stakeholders to prepare a General-Purpose AI Code of Practice.
Giving Europeans a safe and secure digital identity
The Digital Identity Wallet will allow all Europeans to have a secure digital identity that protects personal data and works in all Member States from the end of 2026. The wallet will offer a user-friendly public alternative to online identification, fully respect the choice of the user to share or not personal data and offer the highest degree of security. Very Large Online Platforms designated under the Digital Services Act will need to accept it to authenticate users.
Tapping the economic potential of data in a secure way
Data is the building block for many new products and services. Access to an ever-growing quantity of data and the ability to use it are essential for economic growth, competitiveness, innovation, and job creation.
The Data Governance Act, in full application since September 2023, lays down requirements to increase trust in data intermediaries and strengthens data-sharing mechanisms. It enables the creation of common European data spaces in key sectors, including health and mobility, that facilitate the pooling and sharing of data in a controlled and secure way.
The Data Act, which will apply from September 2025, creates the processes and structures to facilitate data sharing by companies, individuals, and the public sector. It will boost the EU's data economy by unlocking industrial data and foster a competitive and reliable European cloud market through easier switching and fair contract terms. The new rules could contribute an additional €270 billion to our GDP by 2028 thanks to the tackling of legal, economic and technical challenges that currently lead to data under-utilisation.
Increasing our independence in semiconductors with the European Chips Act
Shortages of semiconductors have highlighted Europe's dependency on a limited number of non-EU suppliers. The European Chips Act, which entered into force in September 2023, strengthens Europe’s competitiveness and resilience by boosting manufacturing, stimulating the European design ecosystem, and supporting scale-up and innovation across the value chain. Through the Chips Act, the European Union aims to double its share in the semiconductors global market to 20% by 2030.
It has already triggered public and private investment plans worth over €115 billion, including:
- Intel announced a mega fab site in Magdeburg, Germany, with an investment of €30 billion. The fab will produce the most advanced chip technologies below two nanometers.
- Intel also announced further €12 billion to expand their fabs in Ireland.
- Infineon will invest €5 billion in Dresden, Germany, to expand production of analog, mixed signal, and power circuits.
Additionally, under State aid rules, the Commission has already approved French and Italian measures supporting the construction of first-of-a-kind microchips manufacturing facilities in Crolles and Catania. The approved aid amounts to almost €3.2 billion, and the overall investment is worth more than €8 billion. More of such projects are in the pipeline.
The Commission also approved an Important Project of Common European Interest to support research, innovation and the first industrial deployment of microelectronics and communication technologies throughout the value chain. The €8.1 billion in public support provided by Member States is expected to unlock an additional €13.7 billion in private investment.
Improving Europeans’ digital skills and the access of new technologies by business to realise our Digital Decade
Under the Digital Decade Policy Programme, we track performance in four areas: citizens' digital skills; take-up of new technologies by businesses like AI, data and cloud; advancing the EU's connectivity, computing and data infrastructures; and making public services and administration available online.
Concrete targets to be achieved by 2030 include: 80% of those aged 16-74 have at least basic digital skills, providing gigabit network to all end users, doubling the number of EU unicorn companies, and ensuring that 100% of Union citizens have access to their electronic health records.
- 80%of those aged 16-74 to have at least basic digital skills
- 100%of Union citizens to have access to their electronic health records
The Commission has also put in place initiatives to support the increase of information and communication technology (ICT) graduates and to provide new skills to individuals employed in digital areas, such as the Cybersecurity Skills Academy and the Digital Skills and Jobs Platform.
Furthermore, there are currently over 200 European Digital Innovation Hubs, covering all EU regions. European Digital Innovation Hubs are one-stop shops supporting companies and public sector organisations to respond to digital challenges and become more competitive. Meanwhile, regarding connectivity infrastructure, 81% of the EU population have access to 5G, and 56% of all households are covered by fibre cables.
Bolstering our cybersecurity and resilience to cyber threats
Cyber-attacks targeting critical infrastructure and aiming to exploit vulnerabilities are proliferating in number and growing in complexity.
The NIS2 Directive expands cybersecurity rules to cover new sectors, such as telecoms providers, postal services, public administration, and healthcare. It improves the resilience and incident response capacities of public and private entities, and the EU as a whole.
The Cyber Resilience Act, agreed in December 2023, improves the level of cybersecurity of digital products. It introduces cybersecurity requirements for all hardware and software available in the European market, from baby monitors, smart watches, and computer games to firewalls and routers.
The EU Cyber Solidarity Act, agreed politically by co-legislators in March 2024, will improve the response to cyber threats across the EU. It includes measures to fortify cooperation within the EU, enhance threat detection and awareness, bolster the preparedness of critical entities, and reinforce crisis management and response capabilities.