2023 has been a tough year for European startups: several EU tech regulations have been discussed and negotiated throughout the year and have, for some, led to heated debates. Although the startup ecosystem would have hoped for a ‘legislative break’ with the campaign for the EU elections, the upcoming Belgian Presidency has announced they would seek to finalise certain tech files during their 6-month term. And if the Belgians are famous for brewing the best beer in the world, they’re also known for their mastery of crafting political compromises!

In 2024, Allied for Startups will therefore keep an eye on these files to ensure that, before the EU elections, startups’ interests are upheld by the Belgian Presidency. Here’s a non-exhaustive list of those legislative texts that are relevant to the EU startup ecosystem.

The AI Act

With the AI Act, the EU intends to create the first-ever AI law, potentially setting a global blueprint. The use of AI systems will be regulated depending on how risky they are. The most dangerous uses of AI systems will be prohibited. The agreement reached in December would allow startups to access AI regulatory sandboxes more easily and would create an advisory board composed by startups’ representatives amongst others. However, the AI Act has integrated last-minute provisions regulating the use of general-purpose AI (GPAI) models that will hinder startups’ ability to create and employ them. Thanks to the Spanish Presidency’s efforts to find a political compromise, the Belgians will only have to preside over some technical meetings before the EU elections campaign begins.

The Cyber Resilience Act

To complete the EU’s cyber arsenal, the Commission proposed a regulation on cybersecurity requirements for products with digital elements: the Cyber Resilience Act (CRA). It aims to bolster cybersecurity rules to ensure more secure hardware and software products. Good news for startups: in November, EU policymakers agreed to exclude open source software from the scope of the regulation, unless used commercially. The Belgian Presidency should only have to accompany the very last steps of this file, together with other cybersecurity-related laws, like the Cyber Solidary Act.

The GDPR Enforcement proposal

Considering the issues related to the implementation of the General Data Protection Regulation (GDPR), the European Commission proposed a law to help national data protection authorities enforce the EU’s landmark data protection legislation. For startups’ sake, this law should remain about improving the GDPR’s enforcement whilst maintaining the one-stop-shop mechanism, and not pave the way for its reform. The European Parliament’s committee of Civil Liberties (LIBE) has taken the lead on this file and is expected to adopt its report in February 2024. The Belgian Presidency has expressed its willingness to cover this file and to work on “additional procedural rules to resolve differences in administrative procedures and practices”. However, the EU elections could prevent EU institutions from finding an agreement before summer 2024. 

The European Health Data Space

The European Health Data Space (EHDS) would facilitate the sharing of a patient’s health information across the entirety of the EU, thus granting researchers, policymakers, and startups access to the vast repositories of medical data within the EU, allowing them to enhance healthcare practices significantly. The first trilogue between EU policymakers took place in mid-December, meaning that the Belgians will be chairing the upcoming interinstitutional negotiations on the file. Although the European Parliament aims for a deal before the EU elections, it’s unclear whether Member States will facilitate the process.

The revised Product Liability Directive

In 2022, the European Commission decided to update the EU’s liability framework by adapting the 1985 Product Liability Directive (PLD) to today’s realities. The revised law would reflect current market development and technological advancements. Fortunately for the startup ecosystem, the agreement found in trilogues excludes the use of open source software from the scope (unless used commercially), like the Cyber Resilience Act. The PLD has been one of the less controversial tech-related policy files, and only two trilogues were necessary for EU policymakers to reach an agreement. The Belgians are likely to get this over with during their Presidency.

The AI Liability Directive

Announced together with the revision of the PLD, the purpose of the AI Liability Directive (AILD) aims is to clarify the rules around some aspects of non-contractual civil liability for damage caused by AI systems. It is meant to complement the PLD and will hopefully align with it. Now that political agreements on both the AI Act and the PLD have been reached, it would be logical to expect the work on the AILD to begin. However, the EU elections may significantly delay the start of this process, both in the European Parliament and the Council of the EU. At this stage, only preliminary discussions have been held.

Standard Essential Patents

While standard essential patents (SEPs) are crucial to creating incentives that enable innovation, the status quo is putting smaller actors like startups at a disadvantage. This is why the Commission proposed a text on standard essential patents that would require patent holders to register their patents and engage in fair negotiations before turning to legal action. Considering the variety of contrasting views revealed by the Commission’s public consultation, the SEPs proposal is not likely to be agreed upon before the EU elections.

Conclusion

Together with the upcoming Commission’s initiative to open up European supercomputer capacity to ethical and responsible AI startups, the Belgian Presidency is actually left with a rather packed agenda, and so are the startups. Allied for Startups will continue to engage with EU policymakers to ensure that the voice of the startup ecosystem is heard in the upcoming months. All we want for Christmas is good EU tech policies for startups!