The U.S. administration explained that it was considering a new rule that could restrict or ban Chinese drones in the United States because of national security concerns.

In an advisory, the Department of Commerce made explicit that the involvement of perceived foreign adversaries, most notably China and Russia, in the design, development, manufacture and supply of drones could pose an undue or unacceptable risk to U.S. national security.

China and Russia have shown their willingness to compromise U.S. infrastructure and security. through cyber spying, according to the Department of Commerce, which also warned that governments could take advantage of their laws and political situations to co-opt private entities for national interests.

Beyond the use of drones by drone hobbyists, the devices are also used in a variety of U.S. industries: helping farmers monitor crops and spray for pests, inspecting pipelines for the chemical industry, testing bridges and construction sites, and assisting firefighters and other emergency services.

But drones have evolved over the past decade to include cameras, receivers and sophisticated artificial intelligence abilities, feeling concerns that they could become a useful tool for an adversarial government.

China-based companies account for at least 75 percent of the U.S. drone market, a domain that offers ample opportunities for exploitation, according to the Department of Commerce. Russia accounts for a relatively small share of global drone sales but announced its intention to invest heavily in developing the domestic market.

The US Department of Commerce explained that drones could be used to damage physical infrastructure in a collision, deliver an explosive payload, or gather information about critical infrastructure, including building designs. Moreover, with critical infrastructure in the United States increasingly dependent on drones, any effort to remotely disable them would pose a risk to national security.

The Department added that in the past, China-based drone companies had pushed updates to their devices to create no-fly restrictions that disabled them in company-defined conflict zones.

The advisory said the Department of Commerce was also considering whether there were measures that could mitigate risks and allow the sale of Chinese drones to continue, such as with certain design or cybersecurity software requirements.

The proposed rule is part of a larger effort by the administration to examine and eliminate vulnerabilities in high-tech products and communications infrastructures that could involve the collection of large amounts of data on Americans.

In September, the administration decided to ban Chinese-developed software for Internet-connected cars in the United States. The initiative was intended to prevent Chinese intelligence agencies from monitoring the movements of Americans or using vehicle electronics as a way to learn about the U.S. power grid or other infrastructures.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The European Council has adopted conclusions aimed at stepping up efforts to tackle terrorism and violent extremism. Together with the Council’s conclusions, they demonstrate the European Union’s determination to cooperate with partner countries and to protect EU citizens.

The conclusions highlight how the terrorist and violent extremist threat has become increasingly diverse and fragmented. The Council underlines the deteriorating security situation in Africa and how the current crisis in the Middle East is fuelling radicalisation around the world. The Council also confirmed the EU’s unwavering commitment to combating terrorism in Iraq and Syria.

Faced with this evolving threat, the Council stresses that strengthening external-internal connections is key. Terrorism and violent extremism must be addressed through a coherent approach that integrates the EU’s common foreign and security policy and actions into the field of justice and home affairs.

The Council also reaffirms that the only sustainable response to terrorism and violent extremism is one based on democracy, the rule of law, transparency, accountability, and gender sensitivity.

The Council’s conclusions underline the need to further invest in counter-terrorism cooperation between the EU and third countries through dialogues and capacity building projects. The conclusions further underline the need to exploit the full potential of the EU’s network of security and counter-terrorism experts, in particular to support EU counter-terrorism policy development and action.

To further enhance the effectiveness and coordination of EU efforts against terrorism, the Council calls for Team Europe initiatives that bring together the expertise and resources of the Union and Member States.

• Counter-terrorism: the Council adopts conclusions on future priorities for the fight against terrorism (12 December 2024)

• The EU response to terrorism (background information)

• Terrorism: the Council adopts conclusions aimed at promoting further action to protect Europeans (press release, 9 June 2022)

_____

Aquest apunt en català / Esta entrada en español / Post en français

To strengthen EU solidarity and capabilities to detect, prepare for and respond to cybersecurity threats and incidents, the Council has adopted two new regulations that are part of the so-called cybersecurity legislative package, namely the Cyber Solidarity Act and the amendment to the Cybersecurity Act (CSA).

The new regulation sets out the EU’s capabilities to make Europe more resilient to cyber threats, while strengthening cooperation mechanisms. Among other things, it establishes a cybersecurity alert system, a pan-European infrastructure made up of national and cross-border cyber hubs across the EU.

These hubs are entities in charge of sharing information and detecting and acting on cyber threats. Cyber hubs will use state-of-the-art technology, such as artificial intelligence (AI) and advanced data analytics, to detect and share timely alerts on cross-border cyber threats and incidents. They will strengthen the existing European framework and, in turn, the relevant authorities and entities will be able to provide a more efficient and effective response to major incidents.

The new regulation also provides for the creation of a cybersecurity emergency mechanism to increase preparedness and improve incident response capabilities in the EU. Support will be given to:

• Preparedness actions, such as testing entities in highly critical sectors (healthcare, transport, energy, etc.) to detect potential vulnerabilities based on common risk scenarios and methodologies.
• A new EU cybersecurity reserve consisting of private sector incident response services ready to intervene at the request of a Member State or EU institutions, bodies and agencies, as well as third-country partners in the event of a major or large-scale cybersecurity incident.
• Technical mutual assistance.

Lastly, the new law sets up an evaluation and review mechanism to assess, among others, the effectiveness of actions under the cyber emergency mechanism and the use of the cybersecurity reserve, as well as the contribution of these regulations in strengthening the competitive position of companies, industry and services.

This specific amendment aims to improve the EU’s cyber resilience by enabling the future adoption of European certification schemes for so-called ‘managed security services’. The new regulation recognises the growing importance of managed security services in preventing, detecting, responding to and recovering from cybersecurity incidents. These services may consist, for example, of incident management, penetration testing, security audits and consulting related to technical support.

Pending the results of the CSA assessment, this specific amendment will make it possible to establish European certification schemes for these managed security services. It will help to increase their quality and comparability, promote the emergence of trusted cybersecurity service providers and avoid fragmentation of the internal market, as some Member States have already initiated the adoption of national certification schemes for managed security services.

_____

Aquest apunt en català / Esta entrada en español / Post en français

In order to support clean, safe and modern maritime transport in the European Union, the Council has adopted four new regulatory acts of the so-called maritime safety package, namely those amending the relevant directives on:

– accident investigation in the maritime transport sector

– pollution from ships

– compliance with flag state requirements

– port state control

The revised package strikes a careful balance between, on the one hand, the need to ensure a high quality of shipment and, on the other hand, the need to safeguard the competitiveness of the European maritime sector,while maintaining reasonable costs for operators and administrations in the Member States.

In a general sense, it will equip the Union with modern tools to support clean transport, aligning EU rules with international standards while improving implementation and enforcement through an enhanced cooperation framework between European and national authorities.

The revised directive on accident investigation in the maritime sector:

• enhances the protection of fishing vessels, their crews and the environment, with fishing vessels less than 15 metres in length now included within the scope of the directive, which means that accidents involving fatalities and loss of vessels will be investigated in a harmonised way.

• clarifies definitions and legal provisions for accident investigation bodies in the Member States to investigate all accidents that need to be investigated in a timely and harmonised way.

• improves the ability of accident investigation agencies to conduct accident investigations and report accidents in a timely, expert and independent manner.

• updates various definitions and references to EU legislation and regulations to ensure clarity and consistency.

• enables accident investigation bodies to carry out accident investigations in a harmonised way throughout the EU, making existing rules clearer and more consistent with international rules.

• strengthens the provisions on the independence of accident investigation bodies and the confidentiality of their findings and reduces unnecessary administrative burdens.

The revised directive incorporates international standards into EU legislation, ensuring that those responsible for illegal discharges of pollutants are subject to dissuasive, effective and proportionate sanctions to improve maritime safety and better protect the marine environment from pollution from ships.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The Council has adopted conclusions on a report by the European Court of Auditors (ECA) with the objective of strengthening the Union’s ambitions in the field of artificial intelligence (AI), specifically by improving governance and ensuring greater and more focused investment in advancing this area.

The Council agrees with the conclusions of the ECT, in that the EU must:

• Increase investments in AI.
• Facilitate access to digital infrastructure as a globally competitive actor with a global impact.
• Assume leadership in the development and deployment of AI.
• Foster talent and create an ecosystem of excellence and trust.

Furthermore, the Council emphasizes that the environmental impact of AI systems, high-performance computing and potential solutions to increase energy efficiency, as well as ensuring a reliable hardware supply chain, are important factors that should also be considered in AI policies.

The Council also agrees with the ECT that close cooperation and collaboration with Member States and international organizations, with the aim of maximising the impact of investments at EU and national levels by exploiting synergies, is a key element in ensuring the Union’s global leadership in AI and its positioning as a benchmark for AI governance.

In this regard, the Council encourages the Commission to intensify the regular exchange of information with the Council and its relevant preparatory bodies in order to support the EU’s strategic engagement in international forums and cooperation with partners.

Finally, understanding that AI can drive European competitiveness if the results of R&D projects are commercialised or exploited directly or indirectly, the Council agrees with the ECT on the need for measurable performance indicators and targets. However, the Council adds that these indicators should be carefully designed without creating obstacles to the general objective of the projects, so that they do not impose additional burdens on beneficiaries, Member States, and the entities responsible for their implementation.

_____

Aquest apunt en català / Esta entrada en español / Post en français

This month, the Council has adopted new cybersecurity requirements for products with digital elements, aiming to ensure that products such as connected home cameras, refrigerators, televisions, and toys are safe before being placed on the EU market, in accordance with the so-called Cyber Resilience Act.

The aim of the new regulation is to fill the gaps, clarify the links and make the existing cybersecurity legislative framework more coherent, ensuring that products with digital components, for example Internet of Things (IoT) products, are made secure along the supply chain and throughout their lifecycle.

The regulation introduces EU-wide cybersecurity requirements for the design, development, production and making available on the market of hardware and software products, in order to avoid overlapping requirements arising from different laws in the Member States of the Union. For instance, software and hardware products will carry the CE marking to indicate compliance with the regulation’s requirements. The letters ‘CE’ are found on many products sold on the single market with regard to the European Economic Area (EEA). This means that products sold in the EEA have been assessed to meet safety, health, and environmental protection requirements.

The regulation will be applicable to all products that have direct or indirect connections to other devices or networks. There are some exceptions for products that already have established cybersecurity requirements in existing EU standards, such as medical devices, aviation products, or cars.

Finally, the regulation will allow consumers to consider cybersecurity when choosing and using products with digital elements, facilitating the identification of hardware and software products with appropriate cybersecurity features.

Following its approval, the legislative act will be signed by the presidents of the Council and of the European Parliament and published in the Official Journal of the EU in the coming weeks. The new regulation will enter into force twenty days after its publication and will be applicable 36 months after its entry into force, with certain provisions to be applied in a previous phase.

First announced by the President of the Commission in her State of the Union address in September 2021, the Cyber Resilience Regulation was mentioned in the Council conclusions of 23 May 2022 on the development of the European Union’s cyber posture, which called upon the Commission to submit its proposal by the end of 2022.

On 15 September 2022, the Commission presented a proposal for a cyber resilience regulation, which will complement the current EU cybersecurity framework: the directive on the security of network and information systems (NIS Directive), the directive on measures for a high level of cybersecurity across the Union (NIS2 Directive) and the EU’s cybersecurity act. Following interinstitutional negotiations, a provisional agreement was reached between the co-legislators on 30 November 2023.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The Council has adopted a directive to update the Union’s civil liability law. The new liability rules take into account that nowadays many products have digital features and that the economy is becoming increasingly circular.

Due to technological developments, new circular economy business models, and increasingly global supply chains, the EU has decided to improve its liability regulation. The update also addresses the difficulty that injured individuals face when gathering evidence to demonstrate their liability, especially when it comes to new technologies.

The new product liability rules not only benefit consumers but also encourage the deployment and adoption of new technologies, providing legal clarity and a level playing field for producers.

Main elements

• Digital Economy: The new law expands the definition of a product to include digital manufacturing files and software. Online platforms can also be considered liable for a defective product sold on their platform, just as any other economic operator, if they act in that capacity.

• Circular Economy: When a product is repaired and updated outside of the original manufacturer’s control, the company or person that has modified the product should be held responsible.

• Disclosure of evidence: the right to compensation has been facilitated by ensuring that an injured person seeking compensation before a national court can request access to the relevant evidence held by the manufacturer in order to prove their claim.

• Products purchased from manufacturers outside the EU: According to the new rules, to ensure that consumers are compensated for damages caused by a product manufactured outside the Union, the company importing the product or the EU-based representative of the foreign manufacturer can be considered responsible for the damages.

• Burden of proof: If the injured consumer encounters excessive difficulties in proving the product’s defects or the causal relationship between those defects and the damage, the court may decide that the claimant is only required to demonstrate the probability that the product is defective or that its defects are a probable cause of the damage.

The Directive shall enter into force on the day following its publication in the Official Journal of the European Union. Member States have two years to transpose the directive into their national legislation.

The EU product liability regime was established in 1985. Their objective was to compensate individuals who had suffered physical injuries or property damage as a result of a defective product, merely by proving that a product was defective and that the defect caused the injury or damage.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The Council has approved a groundbreaking regulation aimed at harmonising rules on artificial intelligence. The flagship legislation follows a risk-based approach, meaning that the greater the risk of causing harm to society, the stricter the rules.

The law is the first of its kind in the world and may set a global standard for AI regulation. It aims to encourage the development and adoption of secure and reliable AI systems in the EU single market by both public and private actors.

At the same time, it seeks to guarantee respect for the fundamental rights of EU citizens and to stimulate investment and innovation in artificial intelligence in Europe. The AI regulation only applies to areas within EU legislation and provides exemptions, such as systems used exclusively for military and defence as well as for research purposes.

The adoption of the AI regulation is an important milestone for the European Union. This landmark regulation addresses a global technological challenge that also creates opportunities for our societies and economies. With the AI act, Europe emphasises the importance of trust, transparency and accountability when dealing with new technologies and, at the same time, ensures that this technology, in turn, can thrive quickly and drive European innovation.

The new regulations classify different types of artificial intelligence according to risk. AI systems that present only limited risk would be subject to very light transparency obligations, while high-risk AI systems would be authorised, but subject to a set of requirements and obligations to access the EU market. AI systems such as, for example, cognitive behavioural manipulation and social scoring, will be banned in the EU because their risk is considered unacceptable. The regulation also prohibits the use of AI for predictive policing based on profiling and systems that use biometric data to categorize people according to specific categories such as race, religion or sexual orientation.

In order to ensure the correct execution of the regulations, several governing bodies have been established:

– An AI office in the Commission to enforce common standards across the EU.

– A scientific panel of independent experts to support implementation activities.

– An AI Board with representatives from the member states to advise and assist the Commission and the member states in the consistent and effective implementation of the AI Law.

– An advisory forum for stakeholders to provide technical expertise to the IA Board and the Commission.

Before some public service providers implement a high-risk AI system, it will be necessary to assess the impact on fundamental rights. The regulation also provides for greater transparency regarding the development and use of high-risk AI systems. High-risk AI systems, as well as certain users of a high-risk AI system that are public entities will have to be registered in the EU database for such systems, and users of an emotion recognition body will have to inform individuals when they are exposed to this system.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The Council has given its final approval to a new Schengen Borders Code, the EU’s rule book dealing with the management of internal and external borders, as well as rules governing border control and people crossing the external borders of the European Union. The reform is essential to make the Schengen area more resilient to current and future crises at its external borders. It also ensures that people living and travelling in the Union can fully enjoy the benefits of travel without crossing internal borders.

The regulation introduces the possibility of adopting measures at Union level restricting the access of third-country nationals to the EU in the event of a large-scale public health emergency. It also puts in place a transfer procedure that will help to deal with the secondary movement of migrants (from one Member State to another) and offers solutions to situations of instrumentalisation of migration.

Travelling in the Schengen area without border controls is considered one of the EU’s major achievements. With the latest vote, member states have been given tools to maintain border-free travel within the Schengen area, while securing external borders, addressing irregular migration and public health risks.

In the event of a large-scale public health emergency, the new rules grant the possibility, following a Council decision, to establish harmonised temporary travel restrictions at the EU’s external border. During the COVID-19 pandemic, the EU was only able to issue non-binding recommendations regarding travel restrictions to Member States.

As well as travel restrictions, the Council can also impose testing, quarantine and self-isolation and other health-related measures for non-EU citizens entering the EU.

To combat the instrumentalisation of migration, the amended Schengen Borders Code will offer Member States the possibility of limiting the number of border-crossing points or reducing their opening hours and will allow for improved border surveillance measures.

The revised Schengen Borders Code clarifies the existing framework for the reintroduction and extension of internal border controls, which is possible when there is a serious threat to public order or internal security. Member States will have to assess the necessity and proportionality of this decision and evaluate whether the objectives pursued cannot be achieved by other means.

In addition, the revised regulation establishes the maximum duration for which these controls may be maintained at internal borders. Internal border controls that have been notified to the Commission, the Member States and the European Parliament before being reintroduced may remain in force for a maximum of two years. In major exceptional situations, internal border controls may be extended for an additional 6 months, renewable once for a total duration of one year.

The possibility of using alternative measures, which normally consist of police checks and cross-border cooperation, should encourage Member States to substantially limit the reintroduction of temporary border controls. These measures must be clearly distinct from systemic controls of people at external borders.

In addition, a new transfer procedure will allow a Member State to transfer third-country nationals arrested in the border area and staying illegally on its territory to the Member State from which they arrived directly. The detention should take place in the context of a bilateral cooperation framework.

_____

Aquest apunt en català / Esta entrada en español / Post en français

The European Council has adopted a historic reform of the European asylum and migration system. This establishes a set of rules that will help manage arrivals of people in an orderly manner, creating efficient and uniform procedures and ensuring fair burden sharing among member states.

The asylum and migration pact must ensure a fairer and stronger migration system. These new rules should make the European asylum system more efficient and increase solidarity between Member States. The European Union will also continue to collaborate closely with third countries to address the root causes of irregular migration. Only by working together can answers to the global challenge of migration be found.

The Council adopted a total of 10 legislative acts reforming the entire European framework for asylum and migration management.

The screening regulation will enable national authorities to refer irregular migrants and asylum seekers to an external border to the appropriate procedure and will ensure that identification, security and vulnerability checks and health assessment are carried out in a uniform manner.

The new rules on the updated Eurodac database will allow for the collection of more accurate and comprehensive data (including biometric data) on various categories of migrants, including applicants for international protection and persons arriving irregularly in the EU. This will help inform policy development and improve control of irregular migration and unauthorised movements.

The asylum procedure regulation streamlines the European asylum procedure and introduces a mandatory border procedure in well-defined cases. The regulation of the border return procedure addresses the return of people whose application in this border procedure is rejected. The regulation on asylum and migration management determines which Member State is responsible for examining applications for international protection and, for the first time, introduces a fair division of responsibilities between Member States. Thanks to the crisis regulation, the EU will be in a better position to deal with asylum applications in exceptional circumstances.

The Qualification Regulation and the Reception Conditions Directive establish uniform rules for the criteria for granting international protection and standards for the reception of asylum seekers. This should also help reduce secondary movements between member states.

An important new feature of the reform is the mandatory border procedure. This procedure will apply to certain categories of asylum seekers (e.g., those from countries with low asylum recognition rates). The aim of the procedure is to carry out a rapid assessment at the EU’s external borders of whether applications are unfounded or inadmissible. Persons subject to the border asylum procedure will not be allowed to enter the territory of the EU.

Another important aspect of the reform of the migration system is the introduction of a solidarity mechanism to ensure a fairer sharing of responsibility. The new rules combine mandatory solidarity to support member states facing a strong influx of migrants with flexibility in terms of the type of contributions. Member State contributions may take the form of relocations, financial contributions or, when agreed with the beneficiary Member State, alternative solidarity measures.

In order to better cope with crisis situations (mass arrivals and instrumentalisation) and force majeure, Member States may derogate from certain rules and request enhanced solidarity from other EU countries. Possible exceptions apply, for example, to the time limits for registering asylum seekers and the duration of the border procedure.

_____

Aquest apunt en català / Esta entrada en español / Post en français