{"id":108123,"date":"2025-04-01T17:26:17","date_gmt":"2025-04-01T21:26:17","guid":{"rendered":"https:\/\/cdt.org\/?post_type=insight&p=108123"},"modified":"2025-04-03T05:11:11","modified_gmt":"2025-04-03T09:11:11","slug":"eu-tech-policy-brief-april-2025","status":"publish","type":"insight","link":"https:\/\/cdt.org\/insights\/eu-tech-policy-brief-april-2025\/","title":{"rendered":"EU Tech Policy Brief: April 2025"},"content":{"rendered":"\n

Welcome back to the Centre for Democracy & Technology Europe\u2018s Tech Policy Brief! This edition covers the most pressing technology and internet policy issues under debate in Europe and gives CDT\u2019s perspective on the impact to digital rights. To sign up for CDT Europe\u2019s AI newsletter, <\/em>please visit our website<\/em><\/a>. Do not hesitate to contact <\/em>our team<\/em><\/a> in Brussels.<\/em><\/p>\n\n\n\n

\ud83d\udc41\ufe0f Security, Surveillance & Human Rights<\/strong><\/p>\n\n\n\n

Citizen Lab Unveils Surveillance Abuses in Europe and Beyond                                       <\/strong><\/p>\n\n\n\n

\u200bThe recent Citizen Lab report<\/a> regarding deployment of Paragon spyware in EU Member States, particularly Italy and allegedly in Cyprus and Denmark, highlights a concerning trend of surveillance targeting journalists, government opponents, and human rights defenders. Invasive monitoring of journalist Francesco Cancellato, members of the NGO Mediterranea Saving Humans, and human rights activist Yambio raises serious concerns about press freedom, fundamental rights, and the broader implications for democracy and rule of law in the EU. <\/p>\n\n\n\n

The Italian government\u2019s denial that it authorised surveillance, while reports indicate otherwise, indicates a lack of transparency and accountability. Reportedly, the Undersecretary to the Presidency of the Council of Ministers admitted<\/a> that Italian intelligence services used Paragon spyware against Mediterranean activists, citing national security justifications. This admission highlights the urgent need for transparent oversight mechanisms and robust legal frameworks to prevent misuse of surveillance technologies. <\/p>\n\n\n

\n
\"Graphic
Graphic for Citizen Lab report, which reads, “Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Options”. Graphic has a yellow background, and a grayscale hand reaching through great message bubbles.<\/em><\/figcaption><\/figure><\/div>\n\n\n

Lack of decisive action at the European level in response to these findings is alarming. Efforts to initiate a plenary debate within the European Parliament have stalled<\/a> due to insufficient political support, reflecting a broader pattern of inaction that threatens civic space and fundamental rights across the EU. This inertia is particularly concerning given parallel developments in France<\/a>, Germany<\/a>, and Austria<\/a>, where legislative measures are being considered to legalise use of surveillance technologies. In light of the European Parliament\u2019s PEGA Committee findings on Pegasus and equivalent spyware, it is imperative that EU institutions and Member States establish clear, rights-respecting policies governing the use of surveillance tools. Normalisation of intrusive surveillance without adequate safeguards poses a direct challenge to democratic principles and the protection of human rights within the EU.<\/p>\n\n\n\n

Recommended read: <\/em><\/strong>Amnesty International, Serbia: Technical Briefing: Journalists targeted with Pegasus spyware<\/a><\/p>\n\n\n\n

 \ud83d\udcac Online Expression & Civic Space<\/strong><\/p>\n\n\n\n

DSA Civil Society Coordination Group Publishes Analysis on DSA Risk Assessment Reports<\/strong><\/p>\n\n\n\n

Key elements of the Digital Services Act\u2019s (DSA) due diligence obligations for Very Large Online Platforms and Search Engines (VLOPs\/VLOSEs) are the provisions on risk assessment and mitigation. Last November, VLOPs and VLOSEs published their first risk assessment reports, which the DSA Civil Society Coordination Group, convened and coordinated by CDT Europe, took the opportunity to jointly assess. We identified both promising practices to adopt and critical gaps to address<\/a> in order to improve future iterations of these reports and ensure meaningful DSA compliance.<\/p>\n\n\n\n

Our analysis zooms in on key topics like online protection of minors, media pluralism, electoral integrity, and online gender-based violence. Importantly, we found that platforms have overwhelmingly focused on identifying and mitigating user-generated risks, as a result focusing less on risks stemming from the design of their services. In addition, platforms do not provide sufficient metrics and data to assess the effectiveness of the mitigation measures they employ. In our analysis, we describe what data and metrics future reports could reasonably include to achieve more meaningful transparency. <\/p>\n\n\n

\n
\"Graphic
Graphic with a blue background, with logo for the DSA Civil Society Coordination Group featuring members’ logos. In black text, graphic reads, “Initial Analysis on the First Round of Risk Assessments Reports under the EU Digital Services Act”.<\/em><\/figcaption><\/figure><\/div>\n\n\n

CDT Europe\u2019s David Klotsonis,<\/a> lead author of the analysis, commented, \u201cAs the first attempt at DSA Risk Assessments, we didn\u2019t expect perfection \u2014 but we did expect substance. Instead, these reports fall short as transparency tools, offering little new data on mitigation effectiveness or meaningful engagement with experts and affected communities. This is a chance for platforms to prove they take user safety seriously. To meet the DSA\u2019s promise, they must provide real transparency and make civil society a key part of the risk assessment process. We are committed to providing constructive feedback and to fostering an ongoing dialogue.\u201d<\/p>\n\n\n\n

Recommended read<\/em><\/strong>: Tech Policy Press, A New Framework for Understanding Algorithmic Feeds and How to Fix Them<\/a> <\/p>\n\n\n\n

\u2696\ufe0f Equity and Data<\/strong><\/p>\n\n\n\n

Code of Practice on General-Purpose AI Final Draft Falls Short<\/strong><\/p>\n\n\n\n

Following CDT Europe\u2019s initial reaction<\/a> to the release of the third Draft Code of Practice on General-Purpose AI<\/a> (GPAI), we published a full analysis<\/a> highlighting key concerns. One major issue is the Code\u2019s narrow interpretation of the AI Act, which excludes fundamental rights risks from the list of selected risks that GPAI model providers must assess. Instead, assessing these risks is left as an option, and is only required if such risks are created by a model\u2019s high-impact capabilities.<\/p>\n\n\n\n

This approach stands in contrast to the growing international consensus, including the 2025 International AI Safety Report<\/a>, which acknowledges the fundamental rights risks posed by GPAI. The Code also argues that existing legislation can better address these risks, but we push back on this claim. Laws like the General Data Protection Regulation, the Digital Services Act, and the Digital Markets Act lack the necessary tools to fully tackle these challenges.<\/p>\n\n\n\n

Moreover, by making it optional to assess fundamental rights risks, the Code weakens some of its more promising provisions, such as requirements for external risk assessments and clear definitions of unacceptable risk tiers. <\/p>\n\n\n\n

In response to these concerns, we joined a coalition of civil society organisations in calling for a revised draft<\/a> that explicitly includes fundamental rights risks in its risk taxonomy.<\/p>\n\n\n\n

Global AI Standards Hub Summit <\/strong><\/p>\n\n\n\n

At the inaugural global AI Standards Hub Summit, <\/a>co-organised by the Alan Turing Institute, CDT Europe\u2019s Laura Lazaro Cabrera spoke at a session exploring the role of fundamental rights in the development of international AI standards. Laura highlighted the importance of integrating sociotechnical expertise and meaningfully involving civil society actors to strengthen AI standards from a fundamental rights perspective. Laura emphasised the need to create dedicated spaces for civil society to participate in standards processes, tailored to the diversity of their contributions and resource limitations.  <\/p>\n\n\n

\n
\"Image
Image featuring Programme Director for Equity and Data Laura Lazaro Cabrera speaking at a panel with three other panelists on the role of fundamental rights in standardisation, at the Global AI Standard Hub Summit<\/em><\/figcaption><\/figure><\/div>\n\n\n

Recommended read<\/em><\/strong>: Tech Policy Press, Human Rights are Universal, Not Optional: Don\u2019t Undermine the EU AI Act with a Faulty Code of Practice<\/a><\/p>\n\n\n\n

\ud83c\udd95 Job Opportunities in Brussels: Join Our EU Team<\/strong><\/p>\n\n\n\n

We’re looking for two motivated individuals to join our Brussels office and support our mission to promote human rights in the digital age. <\/p>\n\n\n\n

The Operations & Finance Officer will play a key role in keeping our EU office running smoothly\u2014managing budgets, coordinating logistics, and ensuring strong operational foundations for our advocacy work. <\/p>\n\n\n\n

We’re also seeking an EU Advocacy Intern to support our policy and advocacy efforts, with hands-on experience in research, event planning, and stakeholder engagement. <\/p>\n\n\n\n

Apply before 23 April 2025 by sending your cover letter and CV to hr@cdt.org<\/a>. For more information, visit our website<\/a>. <\/p>\n\n\n\n

\ud83d\uddde\ufe0f In the Press<\/strong><\/p>\n\n\n\n