EU Flash: The European Commission’s digital agenda


To unlock the full potential of the EU data economy, the European Commission has proposed a new digital package, including a new set of rules to govern the free flow of non-personal data in the EU. A wide-ranging set of measures to build strong cybersecurity in the EU is also on the table in order to equip Europe with the right tools to deal with cyber-attacks.

Below you will find a brief summary of these topics.

Free flow of non-personal data in the EU

The European Commission is proposing a new set of rules to govern the free flow of non-personal data in the EU.

The proposal will enable the free movement of all types of data in the single market, making it easier for SMEs and start-ups to develop new innovative services and to enter new markets. Citizens and businesses will benefit from better products and services as more and more data becomes available for data-driven innovation.

The new measures aim to boost the competitiveness of European businesses and to modernise public services. Businesses and organisations are no longer obligated to locate the storage or processing of data within the borders of a single Member State. This free flow of non-personal data will make it easier and cheaper for businesses to operate across borders without having to duplicate IT systems or to save the same data in different places.

The new measures will increase legal certainty and trust for businesses and organisations, as well as clear the way for a truly EU single market in data storage and processing. Users of data storage and processing services will benefit from a competitive, safe and reliable European cloud sector and lower prices. The measures also allow companies to move their in-house IT-resources to the most cost-effective locations.

However, certain restrictions are possible for public security reasons.

Furthermore, codes of conduct will be developed to remove obstacles to switching between service providers of cloud storage and to porting data back to users' own IT systems.

EU cybersecurity measures

On September 13th, the European Commission has proposed  extensive measures to build strong cybersecurity in the EU.

Stepping up the EU's cybersecurity capacity

To reinforce the EU's cybersecurity capacity, the Commission is proposing:

  • a European Cybersecurity Research and Competence Centre to help develop and roll out the tools and technology needed to protect against cyber-criminals.
  • a Blueprint for how Europe and Member States can respond quickly, operationally and in unison when a large-scale cyber-attack strikes.
  • a Cybersecurity Emergency Response Fund for those Member States that have responsibly implemented all the cybersecurity measures required under EU law.
  • stronger cyber defence capabilities. Member States are encouraged to include cyber defence within the Framework of Permanent Structured Cooperation (PESCO) and the European Defence Fund to support cyber defence projects.
  • a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities to enhance international cooperation, prevent conflicts and increase stability in cyberspace by strengthening the EU’s response to cyber-attacks.

A strong EU Cybersecurity Agency

The EU Cybersecurity Agency aims to assist Member States in effectively preventing and responding to cyber-attacks, as well as implementing the EU-wide certification framework that will ensure that products and services in the digital world are safe to use.

Effective criminal law response

The Commission aims to boost deterrence through new measures to combat fraud and the counterfeiting of non-cash means of payment.

The proposal will expand the scope of the offences related to information systems to all payment transactions, including transactions through virtual currencies, as well as introduce common penalty rules and clarify the scope of Member States' jurisdiction in such offences.

The Commission will also present proposals to facilitate cross-border access to electronic evidence in the beginning of 2018. In addition, by October, the Commission will present its reflections on the role of encryption in criminal investigations.

More on: