Today was the day. The European Commission presented its digital policy package. Below a recap, with some personal observations.
The first meta-component is an overarching strategy for the digital society
, which has three objectives: tech should work for people; fair and competitive economy; open, democratic and sustainable society. Here the most relevant positioning element is that digital and green go hand in hand
: technology should enable the green transition (and hopefully without generating too many negative externalities…).
Two other important documents were released today: The White Paper on AI and the European Data Strategy.
The White paper
outlines a double approach. The first is creating an ecosystem of excellence
: this is to be based on (public and private) fundings to R&D, talents attraction and retention, upskilling of SMEs staff - Digital Innovation Hubs (DIH) are meant to be key here.
The second is creating an ecosystem of trust, which basically translates into a risk-based approach, where the regulation is heavier if risks are higher. High-risk sectors include healthcare, transport, energy, and “parts of the public sector”. The importance of a mechanism to control conformity assessment is underlined, but not substantiated. 4 key guidelines are given:
a) AI should be trained with data that respect EU rules, and data be available to public authorities;
b) Service providers should provide info to users about the functioning and presence of AI;
c) AI should be technically robust and accurate;
d) There should always be a proper level of human oversight.
Notes: this version of the white paper is definitely watered down compared to the one leaked
last month. It insists on guidelines more than on precise rules, leaving the responsibility to existing regulation. Breaches to fundamental rights are to be addressed by national authorities first.
The regulatory option on the public sector (which included facial recognition), disappeared. Instead, the EC is launching a debate on the circumstances that justify its use in public spaces.
For what concerns the EU data strategy
, Thierry Breton acknowledged that the EU has lost the battle of personal data, but stated that it is perfectly positioned for the next: the industrial, B2B data one. This confidence relies on the EU large industrial base, combined with IoT, 5G and edge computing. There are two main pillars:
1. Regulatory framework, a data act to unlock unused data, generating a data single market. It goes by regulating data access, data sharing, use, reuse, anonymisation…
2. Infrastructure and platforms: most data will be created and processed locally. This requires robustness, latency, security… The main idea here is an Industrial cloud platforms alliance, expecting to mobilise up to 2B€ for it. This will be followed by sector-specific actions. Basically vertical EU data spaces: mobility, health, cities, industry… with related governance rules.
Notes: data sovereignty is at the core of the EU ambition. A EU cloud is easier said than done, which is why a federation of clouds is proposed. But even that can be tricky: attempts to build national ones failed ( CloudWatt
, the French sovereign cloud, was shut down on the 1st of February) in face of the competition from big tech. Always in the Hexagone, the controversies around the “Health Data Hub”
(a centralised health data repository that soon will be open to business) anticipate some of the potential conflicts: storage, public awareness, care centered on control.