The world’s leading digital media and regulatory policy journal

Regulatory implementation, impact and enforcement: European report

Regulators and policymakers gathered in Brussels on 12 and 13 March for the IIC’s annual Europe Forum. On the agenda were the Digital Markets Act and Digital Services Act, and the impact of GDPR four years after its introduction. RUSSELL SEEKINS offers a flavour of the debate

Regulatory challenges

The Forum began with a discussion about challenges for European regulators, especially the evolution into a digital regulator while continuing to be a traditional telecommunications regulator. This shift is highlighted by the recent discussions in various cities about a white paper from the European Commission which critiqued the European telecom model and suggested changes such as symmetric network obligations and accelerated transition to full fibre connectivity by 2030.1 The white paper also proposes a more centralised spectrum policy and hints at a potential reduction in market competition by suggesting that having two networks might be sufficient. This approach, it was suggested, could lead to less competition, higher tariffs and service degradation, especially impacting smaller market players. This is important when considered against the backdrop of significant upcoming investment and the need for enhanced connectivity across Europe.

Infrastructure and investment

The next discussion revolved around the challenges and future direction for Europe’s telecommunications sector. There was agreement on the need for investment, scale and harmonised spectrum management to enhance connectivity and digital competitiveness. The white paper from the European Commission was praised for recognising these issues, suggesting a shift towards cross-border consolidation, addressing extractive spectrum auctions and fostering a level playing field. However, concerns were raised about the clarity and implications of proposed deregulatory scenarios in fixed access, as well as the potential impact on competition and network investment. It was suggested that a holistic approach, involving all players in the internet value chain, is necessary for Europe’s digital transformation.

Implementing the DSA and DMA

The next part of the Forum considered the implementation of the Digital Services Act (DSA) and the Digital Markets Act (DMA). One contributor discussed France’s transition from national laws to the DSA framework, highlighting the importance of EU-level regulation to prevent fragmentation and strengthen the position of European players. The DSA is seen as flexible and designed to evolve with the digital industry. The discussion also touched on the role of national regulators as coordinators or enablers within the DSA framework and the importance of educating and engaging with various stakeholders about the DSA’s implementation.

A representative from the EDPB highlighted the positive impact of the GDPR on data protection awareness and compliance in Europe

A representative from DG CONNECT discussed the DMA’s enforcement, emphasising the Commission’s ongoing assessment of gatekeeper compliance and the potential for regulatory dialogue to ensure effective measures. A panellist from a network operator introduced the concept of ‘malicious compliance’, in which legislative compliance was pursued without sufficient flexibility. He noted that some compliance measures might be technically compliant but don’t fully embrace the intended spirit or objectives of the legislation. The panel acknowledged the complexity of balancing different trade-offs, such as ensuring user choice and competition while maintaining security and privacy. Some contributors raised concerns about the potential unintended consequences of compliance efforts and the importance of allowing space for European businesses in the digital market.

GDPR four years on

The next session focused on the General Data Protection Regulation (GDPR) four years after its implementation, particularly regarding enforcement and the role of the European Data Protection Board (EDPB). A representative from the EDPB highlighted the positive impact of the GDPR on data protection awareness and compliance in Europe. It has strengthened individual rights and harmonised enforcement powers across EU member states, she said. She went on to discuss the operational challenges of GDPR enforcement, especially the need for cooperation and information sharing among national data protection authorities (DPAs) in cross-border cases. She noted that while the GDPR has detailed cooperation rules, practical issues have arisen, particularly with the timing and consistency of enforcement actions across different national jurisdictions.

A proposal from the European Commission aims to address these issues by laying down additional procedural rules related to GDPR enforcement. This proposal seeks to harmonise aspects of the procedure, such as admissibility criteria for complaints and the rights of parties involved, and improve the efficiency of the one-stop-shop mechanism. The speaker also touched on the complexities of having national authorities with varying competencies and the potential for a centralised enforcement model similar to that for EU competition law. However, she emphasised the current system’s benefits, allowing for local enforcement with the possibility of escalating disputes to the EDPB.

Protecting children online

The debate opened with an acknowledgment of the longstanding access of children to online services and the varying degrees of success in addressing safety concerns through existing laws. The panel, comprising representatives from the EU Commission, a European regulator, a technology platform and an advocacy group, examined the implementation and enforcement of recent legislation such as the Digital Services Act and the UK’s Online Safety Act, focusing on protecting minors online.

A panellist highlighted efforts under the DSA, emphasising risk assessments and the necessity of a culture shift within companies to prioritise child safety. The conversation also touched on the broad scope of the DSA, its risk-based approach and the necessity for ongoing industry adaptation to comply with regulations aimed at enhancing online safety for children.

The UK’s Online Safety Act focuses on illegal and harmful online content affecting children and the importance of age assurance measures to create age-appropriate online environments. A panellist from a large platform shared insights into their company’s comprehensive approach to digital safety, highlighting initiatives such as digital safety websites and enhanced content moderation practices.

Panellists agreed on the need for coordinated efforts in online safety and age assurance across different jurisdictions and sectors. Regulators are working to align guidelines and practices internationally to prevent fragmentation and improve effectiveness. There is a growing consensus on the importance of age assurance for protecting minors online, but challenges remain in developing inclusive and effective verification methods.

Media frameworks in Europe

Lynn Robinson with Giacomo Lasorella of the ERG

This debate covered the evolving media regulation landscape in Europe including recent and upcoming legislation such as the European Media Freedom Act and the UK’s Media Bill. Panellists noted the transition from traditional media consumption to digital platforms and the need for updated regulatory frameworks to address these changes. The Media Freedom Act aims to protect editorial independence and ensure media pluralism, taking a principle-based approach to accommodate national specificities. The Act focuses on protecting media diversity and pluralism, with an emphasis on digital platforms and the challenges they present, including misinformation, especially in the context of upcoming elections.

The UK’s Media Bill meanwhile seeks to modernise the regulatory environment, reflecting the shift in audience habits towards on-demand and streaming services. It offers more flexibility for broadcasters and addresses the challenges of the digital media landscape, aiming to ensure content discoverability and audience engagement in the new media ecosystem. The Bill addresses modernising public service delivery, with emphasis on news, current affairs, childrens content, original UK content and content produced outside London. The Bill aims to ensure public service content is prominently accessible on various platforms, addressing changes in audience behaviour towards digital consumption. It introduces content standards for on-demand services, ensuring they adhere to similar regulations to those applied to traditional broadcasters.

Cybersecurity and resilience

The panel discussion focused on the complexities and challenges of cybersecurity and resilience in the context of recent EU legislative initiatives. The EU’s regulatory approach aims to harmonise cybersecurity practices across member states, but faces challenges such as geopolitical shifts, varying maturity levels in cybersecurity awareness and the financial burden on small and medium-sized enterprises (SMEs). There is a need for clear, consistent and risk-based regulations and for greater harmonisation across the EU. The importance of supporting SMEs in enhancing their cybersecurity capabilities was raised. Additionally, there was a call for the active involvement of executive boards in cybersecurity matters and attention to supply chain vulnerabilities. In the discussion, participants explored challenges and solutions related to the implementation of various EU legislative acts in cybersecurity and resilience, focusing on how to achieve consistent application across member states and industries.

Artificial intelligence in the media

A session focused on the use of AI in the media featured speakers from the law faculty at Leuven University. They discussed a major project on AI recommendations for policymakers. The project aims to merge fragmented European AI landscapes in media, emphasising ethical and trustworthy AI deployment. It addresses AI’s impact on the media, including news, journalism, social media, entertainment and arts, and seeks to develop AI that aligns with European values. Key project outcomes include research on AI applications in the media, policy recommendations and fostering academia-industry collaboration.

The panel also introduced the European AI Media Observatory, a centre for AI media research aiming to foster responsible AI use in the media. The discussion highlighted challenges media organisations face regarding AI integration, such as funding, a shortage of specialised staff and ethical concerns. Recommendations include training programmes, national or European task forces and transparent, ethical AI practices in the media. There is also a need for public data sets and interdisciplinary research, and to balance AI’s technical excellence with trustworthiness. The speakers emphasised the importance of interdisciplinary collaboration to steer technology responsibly, addressing societal, legal and ethical concerns. The session concluded with an open invitation for further engagement and feedback on the ongoing policy recommendations, indicating a proactive approach to shaping AI’s role in the media and society.

The Europe Forum was hosted by the Belgian Institute for Postal Services and Telecommunications and sponsored by Netflix and Frontier Economics.