The European Union has an unusual IT strategy. While the US is prioritizing the development of global technology giants, the EU is aiming to become the industry’s leading regulator.
In 2022, the bloc launched two sweeping sets of tough new rules: the Digital Markets Act (DMA), which aims to strengthen competition in online services, and the Digital Services Act (DSA), which aims to protect people from online harm. Analysts expect regulation to accelerate next year.
“The one thing we can be sure of is that there will be more regulation next year, and better enforcement of it,” said Alan Calder, CEO of GRC International Groupa global provider of IT governance, risk management and compliance solutions.
Buy your tickets for TNW Valencia in March!
The heart of technology comes to the heart of the Mediterranean
To gauge the details, TNW asked IT experts across the bloc what they predict for EU policy in 2023. All expect significant legislative changes, with certain technologies in particular prominent in their forecasts.
Our experts expect significant developments in cybersecurity regulation. Kostas Rossoglou, from Shopify Head of Public Policy and Government Affairs for EMEA and internationally, emphasized the importance of the Digital Operational Resilience Act (DORA).
The recently adopted regulation aims to harmonize the financial sector’s approach to cybersecurity. To comply, organizations will need to review outdated IT systems and may need to invest in new software and possibly invest in new software. This could be costly in the short term, but Rossoglou is optimistic it will pay off. He expects security levels to increase, mitigating attacks, reducing downtime and saving money.
“While it will take a few more years for compliance to become mandatory, it will ultimately put financial organizations in a much stronger position to handle failures, leaks, unauthorized access and data loss,” he said. “Within the highly sensitive information available to the financial industry, this is extremely important.”
“It is never too early to be informed.
Another proposal making its way through the EU is the Cyber Resilience Act. This regulation sets cybersecurity requirements for connected devices, providing consumers with transparency about practices, testing and common functions.
The legislation is currently undergoing a consultation process. Rossoglou advises organizations to closely monitor progress next year.
“It will probably take a year or two to finalize and then organizations will have a 24-month transition period to comply,” he said. “However, it is never too early to be aware of upcoming changes. Regular monitoring for updates ensures that companies are prepared for the changes in time.”
Indeed, these preparations could become increasingly important. Calder predicts that new EU rules will be accompanied by stricter enforcement.
“In particular, the entire field of cybersecurity will experience an acceleration in terms of regulation and enforcement as the European Commission forces organizations to take cybersecurity measures that they are not taking voluntarily,” he said.
The EU is also developing new regulations for artificial intelligence, which are based on the technology’s potential to cause harm. The legislation, called the AI Act, forces anyone who wants to use, build or sell AI products and services within the EU to follow the rules.
“The legislation is expected to set a precedent for other jurisdictions to evolve or follow,” said Matt Peake, global director of public policy at ID verification firm. Onfido. “The framework is designed to be risk-based so that the level of regulation depends on the level of risk.”
According to a global survey by Accenture, the rules will have a deep impact. About 95% of respondents said at least part of their business will be affected by EU regulations.
The Accenture researchers expect that a risk management framework will become necessary to comply with the AI law. They also predict that the regulation will be passed before the end of 2023, with a two-year grace period before the rules come into effect. That timetable may be less generous than it seems.
“Our experience working with large organizations on large enterprise-wide compliance programs (e.g. GDPR, Responsible AI) suggests that it could easily take two years to establish all the necessary controls they need to be compliant,” the research team wrote. in a report.
Follow the money
Cryptocurrencies are becoming a focal point of technical regulation. In the EU, a growing number of controversies have led the bloc to develop new legislation for the sector.
“I think 2023 will be a milestone for crypto regulation,” said Ivan Liljeqvist, co-founder and CEO of moralea Web3 API provider.
Liljeqvist emphasizes the importance of the Market in Crypto Assets (MiCA) account. In February, the European Parliament is expected to vote on the bill – the continent’s first all-encompassing crypto regulation.
With Big Tech encroaching on Web3 and the metaverse, competition is likely to increase in the coming years, which could lead to increased regulatory oversight. The European Union recently introduced its Markets in Crypto Assets (MiCA) legislation, but even European Commission insiders agree that some wording around NFTs is ambiguous and even downright inaccurate.
The proposals could become an integral part of the European Commission’s future digital finance strategy. In addition, they can be a point of reference for other regulatory authorities.
“While the bill probably won’t be rolled out before the end of the year, I think when we’re dealing with legislative firsts, the expectation is that lawmakers are cautious and over-regulate rather than under-regulate,” Liljeqvist said.
“What I want to see, and what I think others in the market want to see, is regulation that is sensible rather than stifling, that protects the principles of innovation and competition. I think the most important thing is that the bill is open-minded and flexible enough to be revised depending on how the markets develop.”
Liljeqvist wasn’t the only one who was cautious. Jake Stott, CEO of creative agency Web3 hypeis concerned about the impact on the market.
“As tech giants such as Meta, Reddit, Google and Apple continue to venture into Web3 and NFTs, regulations could quickly escalate, adding further uncertainty to the market.”
“They need to move at a faster pace.
However, some critics argue that the EU should be quicker to regulate the sector. Martin Magnone, co-founder and CEO of credit company Tymitbelieves that the new legislation will only take effect in 2024.
“If the EU is to successfully take a stronger stance, it needs to move at a faster pace in line with industry movements,” he said.
Meanwhile, the payments industry is preparing for the European Commission’s review of PSD2, an EU regulation for online transactions.
Industry insiders have high hopes for the review, which is scheduled for 2023. They believe it could lead European SMEs and consumers to better payment outcomes – at a better price.
Under the current rules, only credit institutions have access to European payment schemes. As a result, non-banks and more innovative companies have to go through traditional banks to benefit from the schemes.
“This creates dependency on credit institutions and their legacy systems; single point of failure; and increases the cost of payment services offered by non-credit institutions to European SMEs and consumers,” says Elanie Steyn, Director of Operations at the payments platform modular.
“Should the PSD2 review take into account which institutions can directly access and settle European payments, the impact could be seismic. Opening up access has the potential to level the playing field, create more competition and reduce payment costs for all Europeans.”
Indeed, many of the experts we spoke to expect the EU to prioritize open access.
“The main focus of the EU for 2023 will still be on the Big Tech platforms and achieving their goal of making them more open and interoperable,” said Tymit CEO Martin Magnon.
“The measures introduced so far to ease the monopoly of big tech companies, from labor laws to taxation, are only partially effective and have not yet produced the desired effects. In 2023, we will see the EU take further steps to remedy this and achieve its open access goals.”