Follow us

September saw the former European Central Bank chief and Italian prime minister Mario Draghi publish his report on the future of European competitiveness (the "Report"). 

The Report, coupled with European Commission President, Ursula Von der Leyen's, statement on the Report, suggest a shift from the previous digital agenda around regulating "Big Tech", to delivering on Europe's digital ambitions.

The new industrial strategy

The Report, which was commissioned by Von der Leyen, will inform her political guidelines for 2024 – 2029 and is therefore likely to feed into a European strategy on competitiveness expected later this year. In particular, the Report and the statement focus on "technology sovereignty…Boosting European cohesion and regions…Ensuring Europe can assert its interests and lead in the world"

Of the three key areas to boost sustainable growth, the Report highlights include: closing the innovation gap with the US and China, as well as enhancing security and reducing reliance on non-European external suppliers for critical raw materials and technology imports, in particular

The Report also identifies three key barriers preventing Europe from reaching its full potential. It states that Europe lacks focus, failing to set clear priorities and follow through with coordinated actions; regulatory burdens hinder innovation, especially for small and medium-sized enterprises (SMEs), and a fragmented Single Market reduces competitiveness, driving high-growth companies overseas and limiting capital market development.

To address these challenges, the Report presents a new industrial strategy for Europe. It identifies the underlying reasons for the EU's declining position in crucial strategic sectors and offers a range of proposals to regain competitive strength, including specific recommendations in a wide range of sectors. For further detail on each of the recommendations please refer to our competition blog here.

Spotlight on technology and innovation

The Report indicates that the EU’s struggle with technology innovation is evident in its difficulty to establish globally successful platforms. Despite some Member States promoting 'sovereign cloud' solutions, the EU continues to lose ground in cloud services market to US-based companies. The Report also notes the EU's strong foothold in high-performance computing (HPC) and suggests leveraging this to boost AI adoption and private investment. 

However, slow progress in AI development threatens the competitiveness of EU companies, and regulatory hurdles such as the EU GDPR and the new EU AI Act could further stifle innovation. To remain competitive, the Report emphasises that the EU should aim to lead in AI development across key sectors, regain control over data and sensitive cloud services, and build a robust financial and talent foundation to support innovation in computing and AI.

The Report suggests several regulatory initiatives aimed at achieving sovereignty objectives, particularly for critical technologies. These include: 

1. New EU Cloud and AI Development Act

The Report recommends adopting a 'new EU Cloud and AI Development Act' aimed at enhancing European HPC, AI, and quantum capabilities and infrastructure, harmonising cloud architecture requirements and procurement processes, and coordinating priority initiatives to scale up private involvement and financing.

Suggestions in the Report include: 

  • Increasing computational capacity dedicated to the training and fine-tuning of AI models and creating an EU-wide framework to provide 'computing capital' to innovative SMEs in the EU.
  • Identifying priority AI vertical applications for the EU and encouraging EU companies to participate in their development and deployment in key industrial sectors.
  • Leveraging EU-wide coordination and harmonisation of national AI sandbox regimes and ensuring harmonised and simplified implementation of the EU GDPR (see further below).
  • Defining a single EU-wide policy and data residency requirements for public administrations' cloud services (requiring as a minimum EU sovereign control of key elements for security and encryption, standardising tenders and facilitating / promoting collaboration between EU companies to scale up commercially and support consolidation in the EU, subject to certain exceptions including defence, home affairs and justice). 
  • EU-wide sensitive data security policies for collaboration between private cloud providers and hyperscalers (given the valuable role of the latter to support adoption by European companies and due to their current scale and market presence – allowing access to hyperscalers’ latest cloud technologies, while preserving encryption, security and ring-fenced services to trusted EU providers).
  • Adopting a Single Market 'passporting' regime for all EU-provided cloud services.
  • The European Commission is also likely to focus on implementing cybersecurity policies and national-level certification schemes following the failed attempt by Member States to agree a pro-sovereign pan-European cloud certification regime under the European Cybersecurity Certification Scheme for Cloud Services (EUCS).
  • Supporting data brokers as pre-approved data intermediaries with regulatory clearance ensured by a Data Ombudsman. This would help to favour industry-specific solutions promoted by EU companies.
  • Improving cooperation between the EU and the US to ensure access to cloud and data markets.

2. EU GDPR and AI Act interplay 

The Report highlights that "while the ambitions of the EU’s GDPR and AI Act are commendable, their complexity and risk of overlaps and inconsistencies can undermine developments in the field of AI by EU industry actors. The differences among Member States in the implementation and enforcement of the GDPR…as well as overlaps and areas of potential inconsistency with the provisions of the AI Act create the risk of European companies being excluded from early AI innovations because of uncertainty of regulatory frameworks." 

The Report is also critical of over-regulation, highlighting among other areas, high estimated GDPR compliance costs, which it argues have led to "decreased data storage by 26% and data processing by 15%" for EU companies relative to US companies. 

Draghi calls for "developing simplified rules and enforcing harmonised implementation of the GDPR in the Member States, while removing regulatory overlaps with the AI Act". This is expected to ensure that EU companies are not penalised in the development and adoption of frontier AI.

3. Digital infrastructure: A Digital Networks Act

Whilst not expressly referenced in the Report, the Commission's White Paper on "How to master Europe’s digital infrastructure needs?" from February 2024 recommended a need for legislation around digital networks. Any such regime could also form a key part of the Commission's future policy discussions around telecoms infrastructure, edge computing, regulation of "cloudification" of digital services, and potentially subsea cable security and resilience. The Report supports prioritising European-made telecoms equipment, software, and federated AI models, which could effectively also lead to more data localisation.

Conclusion

The Report and Von der Leyen's technology sovereignty statement have the potential to re-imagine Europe's digital policy agenda. It will be interesting to see the development of a new regulatory landscape to support this objective under the Commission's new mandate and whether any new approach does, in fact, deliver on "Europe's digital ambitions".

Key contacts

Miriam Everett photo

Miriam Everett

Partner, Global Head of Data Protection and Privacy, London

Miriam Everett
Claire Wiseman photo

Claire Wiseman

Professional Support Lawyer, London

Claire Wiseman
Kamilia Khairul Anuar photo

Kamilia Khairul Anuar

Trainee Solicitor , London

Miriam Everett Claire Wiseman