Illustration: Annelise Capossela/Axios
European policymakers are pursuing so many pieces of tech-related legislation with U.S. implications, it's difficult to keep up. Let's break down the top items and where they stand.
Why it matters: The U.S. talks a big game about regulating the tech industry, but Europe actually does it — and aggressively.
- Congress knows this and wants to make moves to lead these discussions on the global stage, but they haven't.
What's happening: As the U.S. continues to struggle toward semblances of tech regulation, the EU is looking to establish economic and digital sovereignty from the U.S.
- Tech groups are worried. “Europe and the U.S. are like-minded allies and we need each other more than ever. We need more collaboration and trade, rather than new barriers and friction," Christian Borggreen, senior vice president and head of CCIA Europe, told Axios.
- "Cutting itself off from world-leading technologies in the name of sovereignty would make Europe less sovereign and less safe."
Let's start with the Digital Markets Act and the Digital Services Act. As Axios has previously reported, these two laws will place new burdens and obligations on large tech platforms around competition and content.
- Per tech industry sources, companies are in the stage of figuring out if they are covered under the laws, and they're starting to come into compliance, with major deadlines happening by June and August.
- Both European and other global companies will fall under DSA compliance, but for the DMA, it's likely to just be U.S. companies and TikTok, tech sources tell Axios.
The AI Act: European regulators are almost done finalizing the AI Act, but some are calling for much stricter guidelines. On Thursday, Mozilla and others urged the EU to strictly regulate "general purpose AI," which includes ChatGPT and DALLE-2, currently not classified as "high risk" under the act.
- “The strength of Europe’s AI Act is its risk-based approach. What we see right now, however, is that certain EU lawmakers are considering all kinds of additions to the act,” Borggreen told Axios.
- “The actual risks or evidence don’t seem to matter much when it comes to general purpose AI, it seems, as some lawmakers want everything regulated as high risk by default.”
The Data Act: This one aims to regulate who can use and access data generated in the EU across all economic sectors, not just tech. It impacts many types of international data transfer and sharing, and some say it runs the risk of clashing with other EU laws.
- The U.S. Chamber of Commerce has called it "misguided" and that it would threaten companies' ability to transfer data out of Europe.
- An agreement on the text could come by June.
EUCS — Cloud Services Scheme: European regulators are setting forth new certifications for the cybersecurity of cloud devices, and tech groups fear it will be rolled out in a way that keeps U.S. cloud providers like Amazon, Microsoft and Google from servicing clients in Europe.
- If the agreement is approved, cloud services providers would have to locate their global headquarters and home offices in the EU and store and process all customer info in the EU.
- "Discriminatory requirements against U.S. cloud vendors would severely restrict competition and customer choice, but also undermine cybersecurity in Europe," said Borggreen.
Meanwhile: Last October, President Biden signed an executive order to implement the long-sought European Union-U.S. Data Privacy Framework, which generally guides data flows between the two continents.
- But it's not fully implemented yet, and European lawmakers are still warning it may not be enough, per Reuters.
