Maria Koomen, Director of Emerging Technology Governance, and Raegan MacDonald, Senior Fellow, ICFG
The opinions expressed in this article are those of the author and do not in any way represent the editorial position of Euronews.
The EU and its member states must be prepared to enforce the law rigorously, even against powerful tech companies, but regulatory independence is easier said than done, write Maria Koomen and Reagan MacDonald.
advertisement
Over the past decade, the European Union has established itself as a pioneer in global technology policy, enacting landmark legislation such as the General Data Protection Regulation, the Digital Services Act and the Artificial Intelligence Act.
These regulations are intended to foster innovation, ensure fair markets, and uphold democratic principles.
But the real value of these laws lies in their effective implementation: if they remain mere words on paper, they will be of no use to Europeans.
It has long been an overlooked and out-of-favour part of the policy cycle, but attitudes on the issue are changing in real time.
In the run-up to the EU elections, there has been much discussion that the next European Commission’s mandate should be focused on implementation and enforcement, rather than the further expansion of new policies. As stated in a draft document from the Council of the EU earlier this year, “the implementation of already adopted regulations should take priority over the creation of new legislation.”
But without real commitment in Brussels and in the capitals, such intentions will go awry.
To use enforcement effectively, the EU needs to adopt innovative approaches that ensure that laws are not only enacted but actively followed. There are four key areas where enforcement can be strengthened with a strategic focus (policy, procedure, human resources and politics).
Make it clear and actionable
Clear, workable and adaptable laws are essential for effective implementation. Legislators must avoid ambiguity wherever possible, but at the same time avoid being too prescriptive to ensure legal texts are future-proof.
For example, technical specifications for AI law are being incorporated into standards and codes of practice to remain relevant in a rapidly changing context.
Collaboration with civil society and independent experts can further help develop clear guidelines for interpreting and enforcing the law, ensuring it remains relevant as technology evolves over time.
Meanwhile, a key ambiguity shared by the two new laws, the DSA and the AI Act, is the requirement to conduct impact assessments, including on risks to human rights, which companies, auditors and authorities will have to grapple with immediately and without clear guidelines.
Building on similar discussions on the European Media Freedom Act, the European Commission and Member States should deepen their engagement with civil society and set clear guidelines for robust and meaningful impact assessments.
Effective enforcement requires well-resourced regulators with the technical expertise to oversee complex technology, policy and legal tasks.
The EU needs to strike a balance between investing in innovation and funding enforcement agencies. Under-resourced regulators are not enough. Ensuring that regulators have the skills and resources they need can help avoid potential skills shortages and strengthen compliance.
For example, at the national level, EU Member States should heed complaints about inadequate resources for data protection authorities by increasing financial, human and technical resources for supervisory authorities across the full scope of EU technology and data policy.
advertisement
Beyond borders, the Commission and Member States must lower barriers to collaboration and promote better coordination and harmonisation of enforcement capabilities across the EU. At EU level, the creation of a dedicated, independent EU Digital Enforcement Agency could centralise expertise and improve regulatory cohesion.
We can’t rely on people who lack resources
But you can’t put all your eggs in one basket: decentralizing execution responsibility can also alleviate bottlenecks and improve effectiveness.
Involving civil society, academia, and other practitioners in monitoring and oversight can strengthen enforcement. This has already been seen in the implementation of DSA, which includes civil society participation, which can strengthen accountability and distribute the “burden of enforcement.”
However, adequate resources and compensation for these contributors are essential to avoid over-reliance on under-resourced departments.
advertisement
Transparency and public oversight are also important: governments should adopt procedures such as mandatory algorithm registration, publishing impact assessments, and making data available to researchers.
These measures will encourage wider public engagement and ensure transparency and accountability in enforcement.
For example, to avoid capacity constraints faced in implementing and enforcing AI laws specifically, the AI Office could size and prioritize enforcement funding based on computing trends and work closely with academia and private society to help develop codes of practice and develop methodologies and benchmarks accordingly.
It’s time to move from policy to reality
Effective enforcement must withstand political and economic pressures. Regulatory independence is essential to resist corporate influence and safeguard democratic principles.
advertisement
The EU and its member states must be prepared to enforce the law rigorously, even against powerful technology companies. This resilience could help strengthen regulatory credibility and consolidate the EU’s regulatory soft power on the global stage.
However, regulatory independence is easier said than done: the UK Fundamental Rights Agency’s report on GDPR 2024 implementation found that regulators in most countries are experiencing significant challenges in maintaining GDPR independence guarantees.
Ensuring that regulators can perform their duties effectively requires continued investment and a meaningful commitment to their independence in the performance of their functions.
After a decade of unprecedented policy activity, it is time for the EU to make these new policies a reality. To build and protect regulatory resilience, EU legislators and regulators alike must prioritize clear, actionable policies to enforce, ensure sufficient financial, human and technical resources for people to enforce these policies voluntarily, and bolster enforcement efforts with comprehensive and decentralized enforcement procedures.
advertisement
The next decade will be crucial for strengthening the EU’s regulatory achievements, which have been focused on protecting democratic principles and human rights. Investing in innovative enforcement strategies now will lay the foundations for a safer, more people-centred Europe’s future.
Stronger enforcement will strengthen the EU regulatory framework, promote market and social stability, and ultimately foster innovation and competitiveness in Europe.
By setting high standards on enforcement, the EU can foster an environment in which technology can serve democracy in an era of accelerating innovation.
The alternative is to bow to industrial giants that are fundamentally driven by profit motives and based mainly outside Europe – in other words, to place democracy in the hands of unaccountable tech companies.
advertisement
Maria Koomen is Director of Emerging Technologies Governance and Reagan MacDonald is a Senior Research Fellow at the International Centre for Future Generations (ICFG), a Brussels-based think tank.
At Euronews we believe that every opinion matters: to send us your comments and suggestions and join the conversation, please contact us at view@euronews.com
