The Progressive Post
Digital strategic autonomy: the EU needs to go beyond legislation
To achieve strategic autonomy in the digital domain, the EU must do more than legislate. It needs to assert more political control over crucial supply chains and standardisation processes, and invest in the development of public digital infrastructure.
Digital strategic autonomy: the EU needs to go beyond legislation
This European Commission – a ‘geopolitical’ Commission – has been adamant that Europe needs to become more strategically autonomous. Not least when it comes to digital technologies that have become crucial to the functioning of public services, the provision of healthcare and education, and the way Europeans work. The urgency of this has again been underscored by the Russian invasion of Ukraine, which – one hopes – finally puts to rest two persistent myths. The first is that creating trade ties will eventually lead to political convergence. This narrative has been a useful political cover to ensure cheap imported goods and natural resources from for instance Russia and China. But what it chiefly did was empower strategic adversaries, while making the EU dependent.
The second myth that is finally punctured is that economic issues and trade are solely about efficiency, with which politics has nothing to do. Since the outbreak of the war in Ukraine, there have been attempts to mobilise the governance of the internet and social media for explicitly political ends. Indeed, as many have pointed out for decades, technology is not neutral. It matters who controls and operates the digital infrastructures that underpin our economy and society. This became painfully obvious to European governments during the early days of the Covid-19 crisis, when they attempted to set up digital contact tracing apps to dampen the spread of the virus. They realised that the crucial infrastructure for such tools – mobile phone operating systems – were controlled by two firms, Apple and Alphabet, and that these firms could simply dictate on what terms such apps would operate, if at all.
The acknowledgement that the digital transition is pregnant with political implications is banal, but the implications are huge. It means that the European Commission, if it is serious about achieving strategic autonomy, will need to go well beyond its current approach. The strategies of the European Commission set ambitious goals, from fully digitised public services and new rights for citizens, to secure and sustainable digital environments. But when it comes to reaching those targets in a way that strengthens the EU’s strategic autonomy, it relies mainly on familiar legislative tools, and an unfounded belief that the private sector can bring this about largely on its own.
For instance, the gist of the effort is going into regulating big tech – with the Digital Services Act and the Digital Markets Act. This is necessary, but it is low-hanging fruit, and costs little, given that the companies that will face the brunt of the legislative impact are mostly non-European. In addition, there are limits to the approach of creating laws for digital technologies, with the expectation that other jurisdictions follow, and that EU values and standards end up being effectively promoted at the global level. As Andrea Renda highlights in his policy brief ‘Beyond the Brussels effect‘, increasingly, the most effective way to regulate the digital domain is not via traditional laws, but by embedding laws in technical standards, or – going one step further – by controlling an entirely autonomous technology-stack, that is designed to operate in your interests, as China attempts to develop.
In the absence of that, effective tech regulation is difficult, as the case of the General Data Protection Regulation (GDPR) makes clear. Applicable since 2018, it is still hampered by piecemeal enforcement and widespread non-compliance. And this should not come as a surprise, because the GDPR is being applied in a digital environment that has been designed to do the opposite: whereas the GDPR preaches data minimisation and purpose limitation, the economic incentives and design principles of the businesses controlling the infrastructure focus on collecting, combining and storing as much personal data as possible, for commercial purposes. In these circumstances, it will require massive enforcement resources to ensure the law is being followed.
To become more autonomous, the EU needs to do so something that it is historically and politically reluctant to do: it needs to become more active in the economy. More specifically, it needs to be much more involved in creating the technical standards for crucial digital technologies, as well as in organising key supply chains and providing essential digital infrastructures. As Paul Timmers explains in his policy brief on ‘Strategic Autonomy Tech Alliances‘, this will require more public involvement in strategic industrial value chains. Whereas the EU is starting to explicitly organise EU semiconductor and cloud activities in view of strategic autonomy considerations, similar thinking is needed for a range of other technologies, from the Internet of Things (IoT) to mobile telecoms standards (5G, 6G).
It also requires a more cooperative approach. The logic of the EU’s digital policy agenda has been one of unilateralism – by aiming to legislate early and hoping that others will follow. But the EU can never be autarkic for all levels of the technological stack, and standard-setting processes are often international, with a multitude of different stakeholders. If the EU wants more control, it needs to be much more cooperative and build strategic coalitions with like-minded countries, around a set of shared principles. This would also allow it to present a credible alternative to the digitalisation approaches of both China and the US. And where this is not possible, it will need to carefully manage – and where possible limit – the inevitable dependencies on systemic rivals like China. This also requires a capacity for integrated policymaking and foresight that is now lacking in the European Commission.
Finally, the EU needs to decide what digital infrastructures it should absolutely be able to manage autonomously and provide the public investments and governance structures for that. One area that can be thought of is digital identity services, which have taken flight in the wake of Covid. But here, it looks like the NextGenerationEU fund is a momentous missed opportunity. While billions will be spent by public authorities across the EU on digitising their public services, there is hardly any link to the goal of achieving strategic autonomy. The European Commission has not leveraged public procurement rules to set conditions on the openness, interoperability and provenance of the digital services and infrastructures being bought. Nor did it create a coordination mechanism – like an EU digital infrastructure fund – that would create the scale for investments in (and development of) EU capacity, beyond limited existing funding instruments.
Photo credits: FOXANDIT/Shutterstock.com