The EU’s Approach to Technology Policy Enforcement

The EU’s Role in Shaping Technology Policy

Over the past decade, the European Union has emerged as a leader in global technology policy, implementing transformative regulations such as the General Data Protection Regulation (GDPR), the Digital Services Act (DSA), and the Artificial Intelligence Act (AI Act). These laws aim to stimulate innovation, create equitable markets, and uphold democratic values. However, the true effectiveness of these regulations hinges on their enforcement; if they exist solely as unfulfilled promises, their impact on European citizens will be negligible.

Historically, enforcement has been an underappreciated aspect of policy-making, but there is a notable shift in attitude towards this issue. As the EU elections approach, discussions have increasingly centered on the next Commission’s mandate prioritizing the enforcement and implementation of existing regulations over the introduction of new legislation. In fact, a draft document from the Council of the EU underscored this sentiment by stating, “the implementation of already-adopted regulations should be prioritised over the creation of new laws.” However, such intentions will only translate into meaningful action with concrete commitments from both Brussels and member state capitals.

To effectively harness enforcement, the EU must embrace innovative strategies that ensure laws are not only passed but also actively upheld. There are four pivotal areas where a concentrated effort can enhance enforcement: policy, procedures, people, and politics.

Making Enforcement Clear and Actionable

For enforcement to be effective, laws must be clear, actionable, and adaptable. Legislators need to minimize ambiguities while avoiding overly prescriptive language that could limit future applicability. For example, the technical specifications of the AI Act are being transformed into adaptable standards and codes of practice to maintain relevance in our fast-evolving technological landscape. Engaging with civil society and independent experts during the development of these laws can further ensure that guidelines for interpretation and enforcement are both clear and applicable as technology advances.

A notable ambiguity exists in two recent laws — the DSA and the AI Act — regarding the necessity for impact assessments, which must consider risks to human rights. Companies, auditors, and authorities will face the challenge of navigating this without clear guidance. The EU should strike a balance between investing in innovation and adequately funding enforcement agencies; under-resourced regulators are simply insufficient to uphold the laws effectively.

The European Commission and member states need to enhance collaboration with civil society to establish robust and meaningful guidelines for conducting impact assessments. This collaboration can build on previous discussions related to the European Media Freedom Act.

Strengthening Regulatory Resources

Effective enforcement requires well-resourced regulators equipped with the technical expertise necessary to navigate complex technology, policy, and legal issues. The EU must ensure that investments in innovation are matched by adequate funding for enforcement agencies; inadequate resources for regulators will hinder compliance efforts. Providing regulators with the necessary skills and resources will help avert potential skills shortages and bolster compliance.

• For instance, at the national level, EU member states should heed complaints from data protection authorities regarding insufficient resources by increasing financial, human, and technical resources for supervisory authorities across the EU’s tech and data policy spectrum.
• Cross-border, the Commission and member states must work to lower barriers to joint operations, fostering better coordination and harmonizing enforcement capabilities throughout the EU.
• At the EU level, establishing a dedicated, independent EU digital enforcement agency could centralize expertise and enhance regulatory cohesion.

A Decentralized Approach to Enforcement

However, it is crucial not to rely solely on centralized enforcement mechanisms. Decentralizing enforcement responsibilities can alleviate bottlenecks and improve overall effectiveness. Involving civil society, academia, and other practitioners in monitoring and oversight can enhance enforcement efforts. We are already witnessing this with the DSA’s implementation, where civil society participation has bolstered accountability and distributed the “enforcement burden.”

Transparency and public oversight are equally vital. Governments should implement measures such as mandatory algorithm registries, the publication of impact assessments, and making data accessible to researchers. These initiatives can promote broader public engagement and ensure that enforcement is both transparent and accountable.

• Moreover, adequate resources and compensation for these contributors are essential to prevent overreliance on under-resourced sectors.
• For example, to mitigate capacity constraints in the implementation and enforcement of the AI Act, the proposed AI Office can prioritize enforcement funding based on computational trends while collaborating closely with academia and civil society to shape codes of practice or develop relevant methodologies and benchmarks.

From Policy to Reality

For enforcement to be effective, it must withstand political and economic pressures. The independence of regulators is crucial to resist corporate influence and uphold democratic principles. The EU and its member states must be prepared to enforce laws decisively, even against powerful tech corporations. Such resilience will not only reinforce the credibility of regulations but also affirm the EU’s regulatory soft power on the global stage.

However, ensuring regulatory independence is a complex challenge. The Fundamental Rights Agency’s 2024 report on the GDPR in practice revealed that most national regulators face significant hurdles in maintaining the independence guaranteed by the GDPR.

To empower regulators to fulfill their responsibilities effectively, sustained investment and a genuine commitment to their independence are imperative. After ten years of unprecedented policy activity, it is time for the EU to translate these new policies into actionable realities. To strengthen and protect regulatory resilience, EU lawmakers and regulators must prioritize clear and actionable enforcement policies, ensure adequate financial, human, and technical resources for independent enforcement, and support enforcement efforts through inclusive and decentralized procedures.

The next decade will be pivotal in reinforcing the EU’s regulatory framework aimed at safeguarding democratic principles and human rights. By investing in innovative enforcement strategies now, the foundation for a more secure and human-centric future in Europe can be established. Stronger enforcement will not only enhance the EU’s regulatory framework but also promote market and societal stability, ultimately fostering European innovation and competitiveness. By setting a high standard for enforcement, the EU has the potential to cultivate an environment where technology serves democracy amidst rapid innovation. The alternative is relinquishing control to monolithic industries driven purely by profit motives, largely situated outside Europe — a scenario that could jeopardize democracy by placing it in the hands of unaccountable tech giants.

Maria Koomen is the Emerging Technology Governance Director, and Raegan MacDonald is a Senior Fellow at the International Center for Future Generations (ICFG), a Brussels-based think tank.

At Euronews, we believe all views matter. Contact us at view@euronews.com to send pitches or submissions and be part of the conversation.