From regulation of Big Tech to the upcoming legislative framework for AI, I have identified the key areas to be on the lookout for in 2021 when it comes to regulating ICT.

1. Regulating digital gatekeepers

Big Tech has been on the regulators’ and legislators’ radar for a while, with earlier EU antirust fines imposed on Google and the introduction of more serious fines by the GDPR. While a number of antitrust cases have been filed against Facebook in the US in late 2019, the latest European Commission proposal signifies more considerable innovation when it comes to regulating Big Tech.

The proposed Digital Markets Act creates something new: asymmetric, market power-based regulation of digital gatekeepers. Whereas the new Digital Services Act continues to build on the existing consumer protection philosophy, which only acknowledges the asymmetry between the consumer and the business, Digital Markets Act only imposes remedies on those digital platforms that have an entrenched, durable intermediary position. This is akin to asymmetric regulation of telecoms operators with Significant Market Power.

In a manner that resembles telecoms infrastructure regulation, the Digital Markets Act seeks to grant access to the Big Tech platforms by means of ‘unbundling’ some of their features. Considering the regulators’ and legislators’ reluctance to regulate Internet ‘content’ since late 1990s, such ex ante measures can be seen as truly historic. 

2. AI regulation

Following the introduction of GDPR rules on profiling and human intervention, the Ethics Guidelines for Trustworthy AI prepared by the EU High-Level Expert Group on Artificial Intelligence (AI HLEG) have provided a strong hint that we can expect a horizontal legislative action in the area of AI.

Following a public consultation in 2020, European Commission expects to unveil a legislative proposal regulating AI in the first quarter of 2021. It remains to be seen to what extent will European legislators transpose ethical principles identified by the AI HLEG, such as human agency and oversight or technical robustness and safety, into mandatory legal obligations.

3. European Electronic Communications Code (EECC)

The EECC, a new Directive incorporating most of the EU electronic communications legislation, was due for implementation on 21st December 2020. With a few Member States still lagging behind the schedule, often due to COVID-19, European Commission has already adopted Delegated regulation on EU-wide voice-call termination rates for both fixed and mobile calls. This further reduces wholesale prices of voice calls within the EU with the aim of further reduction of retail prices.

The impact of the EECC on telecoms markets remains to be seen. The new Directive gives national regulatory authorities more options to tackle market failure through commitments of dominant players. It modernises and further harmonises the rules on spectrum with a view to 5G and technologies to follow, plus introduces basic regulation protection customers using number-independent OTT communications services. The latter have until now largely been excluded from the regulation of the telecoms sector.

Practical effects will largely depend on the implementation in the Member States. For example, will the regulators be able to leverage regulatory sticks and carrots to foster the emergence of wholesale-only broadband infrastructure players? Implementation at the national level will also be crucial to reap the full benefits of the new spectrum management rules, according to Vesna Prodnik of Vafer, a specialised mobile telecoms consultancy: “Member States still have a wide discretion as to the exact rules on simplifying small-area wireless cells placement, which are crucial for the necessary 5G network density.”

4. Electronic identity

As even larger amount of business and private life moves online because of COVID-19 pandemic, online identity fraud has become even more rampant. Should governments centralise the approach to e-identity? Or should one rely on decentralised, commercially offered identity solutions? Should everyone receive an ID certificate, or another means of verifying who they are in all online environments?

The EU eIDAS Regulation has introduced an interoperability framework for EU citizens using their own national electronic identification schemes (eIDs) to access public services in other Member States. It has further created an internal market for trust services – namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication – by ensuring that they will work across borders and have the same legal status as their traditional paper based equivalents. 

Despite these developments, we still seem to be far from a uniform and universally accepted electronic IDs, especially at the international level. A further push may come from the European Commision’s review of the eIDAS regulation, which is currently underway following an open public consultation.

Next steps for ICT businesses

• Check how your online operations might be affected in the future by the additional obligations proposed by the EU Digital Services Act
• If you develop or deploy AI solutions, consider doing an AI ethics impact assessment to ensure their long-term viability
• Check if any of the services you provide online might be classified as interpersonal communications services and therefore subject to EECC regulation

At Aphaia, we will continue to keep up with these developments. Please reach out if your business requires assistance with any of them. You can visit us at https://aphaia.consulting to explore our full array of services.