PRIVACY AND SECURITY IN LIGHT OF THE EUROPEAN DIGITAL AGENDA

(Preface) Authors VII

K. Ujazdowski IX

A. Paschalides XI

G. Christofides XIII

Introduction 1

CHAPTER I

DIGITAL CRIME AND SECURITY

I. The EU security landscape 8

A. An overview of the EU Security Union Strategy 2020 - 2025 9

a. A future-proof security environment 9

i. Critical infrastructure protection and resilience 9

ii. Cybersecurity 10

iii. Protecting public spaces 11

b. Tackling evolving threats 11

i. Cybercrime 11

ii. Modern law enforcement 12

iii. Countering illegal content online 12

iv. Hybrid threats 13

c. Protecting Europeans from terrorism and organised crime 14

i. Terrorism and radicalisation 14

ii. Organised crime 14

d. A strong European security ecosystem 15

i. Cooperation and information exchange 15

ii. The contribution of strong external borders 16

iii. Strengthening security research and innovation 16

iv. Skills and awareness raising 17

B. An overview of the EU cybersecurity strategy 18

a. Resilience, technological sovereignty and leadership 18

i. Resilient infrastructure and critical services 18

ii. Building a European Cyber Shield 19

iii. An ultra-secure communication infrastructure 19

iv. Securing the next generation of broadband mobile networks 19

v. An Internet of Secure Things 20

vi. Greater global Internet security 20

vii. A reinforced presence on the technology supply chain 21

viii. A Cyber-skilled EU workforce 21

b. Building operational capacity to prevent, deter and respond 22

i. A Joint Cyber Unit 22

ii. Tackling cybercrime 22

iii. EU cyber diplomacy toolbox 23

iv. Boosting cyber defense capabilities 23

c. Advancing a global and open cyberspace 24

i. EU leadership on standards, norms and frameworks in cyberspace 24

ii. Cooperation with partners and the multi-stakeholder community 24

iii. Strengthening global capacities to increase global resilience 25

d. Cybersecurity in the EU Institutions, Bodies and Agencies 25

II. NIS 2 Directive Proposal 26

III. PNR Directive 29

CHAPTER II

PRIVACY AND SECURITY IN ELECTRONIC COMMUNICATIONS

I. Freedom of Expression: A Controversial Notion 36

a. The European approach: Interpretation of the term according to the European
Convention on Human Rights (ECHR) 36

b. The international approach 37

c. Regulating Internet: risks and challenges 38

d. The theoretical dimension of e-governance 38

e. The legal framework 40

II. The new challenges: the Digital Services Act 40

a. What is the future of our digital rights? 42

b. Recent evolutions on freedom of speech’ governance 44

c. What’s next? 46

III. Regulating disinformation 46

IV. Emergence of new rights in the digital age 50

a. Establishment of the right to be forgotten 50

b. Constitutional dilemmas pertaining to freedom of expression 52

c. Abusing RtbF 53

d. Jurisdiction and interpretation challenge 53

e. Expanding jurisprudence on RtbF 53

f. Is RtbF a viable new right for the Digital Era? 54

CHAPTER III

DIGITAL ECONOMY AND E-COMMERCE

I. The modernization of digital services and commerce: DSA and DMA 56

a. A brief description 56

b. An intense analysis of the Digital Services Act Package 57

i. Exploring the Digital Services Act 57

ii. Exploring the Digital Markets Act (DMA) 60

iii. Guaranties of compliance of gatekeepers 60

c. A critical approach to the Digital Services Package 61

d. Latest evolutions on the adoption of DSA and DMA 64

i. What is illegal offline, should be illegal online 64

ii. A list of “do’s” and “don’ts” for gatekeepers 65

iii. Gatekeepers can no longer: 65

iv. Sanctions 66

II. Cryptocurrency: towards a new mode of economic transactions? 66

a. A descriptive approach of the phenomenon 66

i. A. Prolegomena: Cryptocurrencies’ anatomy and their particularities 66

ii. Tracing the problematic of defining legal nature of cryptocurrencies 67

b. Data privacy issues regarding to the use of cryptocurrencies 70

i. Generalities 70

ii. Data protection under the spotlight 71

iii. Current evolutions 72

iv. Instead of conclusions: Ultima cogitation 73

III. Chatbots, digital security and privacy: an interactive relationship
or a source of risks? 74

a. Chatbots in Customet Relations Management (CRM) 74

i. CRM: An Introduction 74

ii. CRM Use 75

b. The Rise of Chatbots 77

c. Chatbots Classification 79

i. Knowledge Domain 79

ii. Service provided 80

iii. Goals 80

iv. Input processing and Response generation method 81

d. Chatbots and CRM Systems 81

e. Reshaping E-Commerce 83

f. Privacy Issues 85

i. Legal Framework 87

CHAPTER IV

DIGITAL PRIVACY AND SECURITY IN THE ERA OF ARTIFICIAL INTELLIGENCE

I. Defining AI at European and international level 97

II. Serious concerns raised by the use of AI technology 102

a. What is the nature of Artificial Intelligence? 102

b. AI and face recognition: seeking the right balance 104

i. The European regulatory framework on face recognition 105

ii. View and opinions on face recognition 107

iii. The Alicem project 109

iv. New security law 111

III. A critical approach on draft AI Regulation 114

a. AI Regulation and General Data Protection Regulation 119

CHAPTER V

ONLINE PRIVACY AND SECURITY IN THE ERA OF COVID-19.
SPECIAL LEGAL ISSUES

I. Data protection in the era of the pandemic 128

a. Data rights processing at social level in the context of coronavirus 132

b. Remarks-Conclusions 144

c. Recent evolutions in COVID-19 era 145

II. Regulating cookies: EU Cookies policy 146

a. Types of Cookies 148

b. Duration 148

c. Provenance 148

d. Purpose 149

e. Legal nature of cookies 149

f. Cookie walls 152

g. Whitelisting service providers 152

h. Cookies for audience measurement 152

CONCLUSIONS 155

BIBLIOGRAPHY 159

ANNEX I

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT
AND OF THE COUNCIL LAYING DOWN HARMONISED RULES
ON ARTIFICIAL INTELLIGENCE (ARTIFICIAL INTELLIGENCE ACT)
AND AMENDING CERTAIN UNION LEGISLATIVE ACTS 175

INDEX 229

INTRODUCTION

Stephen Hawking:
“We are all now connected by the Internet,
like neurons in a giant brain”

On 9 March 2021 the European Commission issued a Communication named “2030 Digital Compass: the European way for the Digital Decade”[1]. The COVID-19 pandemic has radically reformed the nature of our societies and led to unpredictable situations. In the new environment, digital technologies are imperative for working, learning, entertaining, socialising, shopping and accessing everything from health services to culture. On the other hand, the massive procession of data accompanied by their circulation to undefined number of recipients in order to restrain the spread of the coronavirus, the huge and increasing use of non-European technologies[2], the great evolution of digitalization in almost every level of private and public life[3] as well as the expansion of disinformation and misinformation in times of a pandemic[4], set serious concerns about our digital privacy and security.

This is why Europe needs to develop a digital sovereign policy ensuring the protection of fundamental rights and freedoms and promoting sustainability, prosperity, productivity and innovation.

Under those circumstances the European Commission on 26 January 2022 issued a Declaration on Digital Rights and Principles[5] aiming at the promotion of a digital transition shaped by European values. The Declaration provide a guide for policy makers and companies when dealing with new technologies. The rights and freedoms enshrined in the EU’s legal framework, and the European values expressed by the principles, should be respected online as they are offline.

The text covers key rights and principles for the digital transformation, such as placing people and their rights at its centre, supporting solidarity and inclusion, ensuring the freedom of choice online, fostering participation in the digital public space, increasing safety, security and empowerment of individuals, and promoting the sustainability of the digital future[6].

These rights and principles should accompany people in the EU in their everyday life: affordable and high-speed digital connectivity everywhere and for everybody, well-equipped classrooms and digitally skilled teachers, seamless access to public services, a safe digital environment for children, disconnecting after working hours, obtaining easy-to-understand information on the environmental impact of our digital products, controlling how their personal data are used and with whom they are shared.

In short terms, the principles are shaped under the following schema and orientations:

• Putting people and their rights at the centre of the digital transformation

• Supporting solidarity and inclusion

• Ensuring freedom of choice online

• Fostering participation in the digital public space

• Increasing safety, security and empowerment of individuals

• Promoting the sustainability of the digital future

The above framework constitutes the main pillars of the EU’s Digital Agenda which has been drafted following the aforementioned legal initiatives of EU’s actors. Via the Digital Compass for the EU’s digital decade (2020-2030), the European Commission pursues to establish a trustworthy and powerful digital environment, promoting in parallel fundamental rights and freedoms. As it is explicitly declared “the EU will pursue a human-centric, sustainable vision for digital society throughout the digital decade to empower citizens and businesses”[7].

Digitalisation is the most indicative and consequent element which penetrates the perception of the EU’s Digital Agenda. The introduction and mass use of technology contributes essentially in the reshaping of public administration, the update of the relations between citizens and local authorities, the interactive communication between them and the enhancement of the democracy. The appropriate terms which ideally describe those processes are the following: electronic administration, electronic government or governance and electronic or digital democracy[8].

E-governance[9] constitutes a reality and defines decisively the quality of our democracy. Respectfully, according to the Organisation for Economic Cooperation and Development (OECD) the use of ICT in the public sector is fundamental to serve the needs of citizens and businesses, and can bring governments closer to their citizens and businesses and enhance transparency[10]. Transparency and better accessibility to services increases trust in government.

Regarding the interaction between e-governance and democracy it is crucial to underline that the large use and exchange of technology tools in public administration defines the relation between citizens and state’s leaders[11]. Information and Communication Technologies offer local authorities and public administration new and original opportunities to improve their effectiveness of their services and increase citizens’ participation in public policy making. A recent report of MEPs concerning e-democracy[12] provides a simple and clear definition of the relative terms:

E-democracy refers to the use of information and communications technology (ICT) to create channels for public consultation and participation, for example for elections, consultations or referendums.

E-governance refers to the use of ICT to establish communication channels that enable the inclusion of the various stakeholders with something to say about the policy-making process. This could be for example a consultation on whether a specific speed limit should be kept.

E-government refers to the use of ICT in the public sector, particularly to provide people with information and services electronically. This could be for example to enable to pay their speeding ticket online.

It becomes apparent from the perception of the nature of the EU’s Digital Agenda that the most crucial issue is to find the right balance between technological progress and innovation and protection of online privacy and security.

The term “privacy” has been translated in various forms. Initially, it is defined as the “right to let to be alone” and is strongly connected with the right to personality[13]. At the same time, it refers to the separation between private and public life, which can only be restricted under the principle of proportionality. Following the interpretation by the European Convention on Human Rights privacy falls into the scope of article 8 which corresponds to the protection of private and family life as well as individual’s home and correspondence. As such it encompasses several dimensions of individual’s physical and social identity, including the protection of his personal data and autonomy in the internet[14].

According to the Organisation for Economic Co-operation and Development (OECD) Digital security refers to the economic and social aspects of cybersecurity, as opposed to purely technical aspects and those related to criminal law enforcement or national and international security.

The term “digital” is consistent with expressions such as digital economy, digital transformation and digital technologies. It forms a basis for constructive international dialogue between stakeholders seeking to foster trust and maximise opportunities from ICTs[15].

The re-examination of the concept of privacy in the digital age is necessary, initially, due to the continuous and explosive development of new technologies. Serious risks and concerns arise not because of their application but of how they are used, since they are often used either as tools to tackle various problems, such as cybercrime or cyber piracy, or as drivers of the economy and innovation, as in the case of artificial intelligence.

Finding the right balance between technological advancement and security and digital privacy is therefore a laborious process[16]. At the same time, global developments with a significant impact on the legal field, such as Snowden’s revelations about the mass surveillance of US communications by US and British secret services, the revision of the institutional framework for data sharing between the European Union and the US through the abolition of the regime. Safe Harbor ”and the introduction of a new“ privacy shield ”framework, following the important ruling of the European Court of Justice in the Max Schrems case[17] and the enormous impact of the coronavirus pandemic on all levels of private and public life, create new conditions for the right to digital privacy.

At the same time, the current reality attributes a special meaning to the regulatory perception of the above right, as it is defined and described in the modern “information society”[18]. On the one hand, the guarantee of self autonomy should be pursued in every reform, legislative and scientific, taking place in digital environment. This goal becomes even more important by taking into account the huge impact of the internet on our daily lives. At the second level, the special current challenges in many levels, such as those referred to security and economy, urge a decisive and powerful intervention in digital privacy.

This book aims to illuminate the extent of the protection of individual’s online privacy and security in the light of the adoption and application of the EU’s Digital Agenda in accordance with the ongoing technological evolutions. It is divided into six chapters on the basis of the fields where internet and new information technologies mostly affect the exercise of the above fundamental rights and freedoms. Certainly, those areas ideally coincide with the main themes covered by the EU’s Digital Agenda.

Consequently, our study will be focused on the analysis of the following issues:

a) Digital crime and security – Chapter I

b) Privacy and security in electronic communications – Chapter II

c) Digital economy and electronic commerce – Chapter III

d) Artificial Intelligence (ΑΙ) and digital privacy and security – Chapter IV

e) Online privacy and security in the era of COVID-19 – Chapter V

It is apparent that the analysis of the above theme rationale follows an interdisciplinary approach. Our research and critical study will be not only focused on the legislative measures at EU and state level, but also on practical and technological tools that are adopted to meet the pursued goals. Through the thorough and critical investigation of the lawfulness of

the technological intervention by sector as well as via the indication of the potential risks and challenges, it will be possible to put down fruitful proposals aiming at the shaping of a safer digital environment.

Introduction

Existence in today’s world is difficult to imagine without technology. While technology fosters incredible potential for human development such as enabling creativity and innovation, new means of delivering knowledge and education, establish and improving upon social interactions, a new environment for business opportunities, it also comes with innate drawbacks such as data harvesting and selling, dissemination of false narratives and disinformation, mainstreaming hate speech and polarization of public opinion, as well surveillance intrusion into privacy. The reach and speed at which technology impacts our everyday lives is inviting the ill intent to profit of these features, to commit offences through or with the use of digital, whether by action or omission.

In a span of more than half a century, the world went from being marveled by the invention of the cell phone, harnessing of photovoltaic solar energy and the first electric car, DNA testing, precision GPS and 3D printing to witnessing novel crimes using smart devices, social networks, electronic financial instruments, DDos and cyber-terrorism. Nowadays, it is futile to speak about crime and criminality, without the involvement of technology. Whether it used to commit it or to discover it – technology has embedded itself in all aspects pertaining to it.

The digital component of crime has become more and more pronounced, when humanity and the legal order had to rely heavily on technology for the proper functioning of day-to-day life. Digital services, especially those relating to health and wellbeing, became invaluable during the Covid-19 pandemic.

As authors, we strongly believe that digital crime is an inevitable consequence of the digital revolution. As more companies adopt technology such as artificial intelligence (AI), big data, and cloud computing, they become more vulnerable to hackers who want to gain access to the valuable information stored on their systems. Robert S. Mueller, III, former Director of the FBI once said: “There are only two types of companies: Those that have been hacked and those that will be hacked”[19]. This is why the adoption of an update, solid and uniform legislation at a European level is imperative in order to consolidate security and enhance productivity.

In the following chapter we will examine the recent developments in the framework of digital crime.

I. The EU security landscape

From the moment of its inception Europe has envisioned security as one of the cornerstone elements of the Union. With the advent of the Maastricht Treaty, the complexity of provisions dealing with security, alongside other detrimental domains, enabled the introduction of the pillar system – the Common Foreign and Security Policy being the second pillar, while Justice and Home Affairs was established as the third.[20] Institutional change was also enacted in order to comfort this vision. An agency model was central in enacting the prime role of the Union in key areas such as information security and fundamental rights, alongside other key domains such as maritime and aviation safety.[21]

Currently, the care for security is embroiled into the nature of the EU. As established by the Treaty on European Union, lies the promise that the Union shall offer its citizens an area of freedom, security and justice without internal frontiers, in which the free movement of persons is ensured in conjunction with appropriate measures with respect to external border controls, asylum, immigration and the prevention and combating of crime.[22]

The EU security landscape has been reshaped repeatedly, in an effort to keep up with the novelty and complexity of threats that the EU has been facing. The versatility and volatility of these threats kept European institutions in a state of dynamic and proactive state. As maintaining security is detrimental to the political idea of Europe primed on prosperity, innovation and growth, through a continuous transformative process. Furthermore, the promise of security is strongly linked with democratic idea of unity of member states, founded on the confidence that only in a joint effort can intricate threats be tackled at a level that can provide and consolidate the glue that holds together the realization of the ideal of the Union.

Enabling such a vision for security comes at a substantial cost, associated with the risks of dealing with evolving threats. The EU has paid the toll for ensuring this vision and is continuing to maintain a strong commitment to ensuring a reliable environment for its citizens. Against the backdrop of globalization, climate change, demographic decline, political instability outside its borders, terrorism and the ongoing process of hybridization of threats, the EU has managed to produce viable responses. Nevertheless, these responses have been, at times, latent and did not provide all encompassing, timely and strategic answers to stringent concerns. One of the lackluster aspects in the regard, is the ability to capitalize on the strengths of working together, provide an efficient crisis

management system, base on cross-border and interconnectivity actions, as well as establish a rounded common effort to provide the necessary tools to work together both inside and outside of the EU. This inert characteristic is linked with the notable design that security always remains grounded in the respect for the rule of law, equality, fundamental rights and democratic control. While security and the guarantee of the aforementioned are complementary to each other, actions are envisioned and enacted while having in mind necessity, proportionality, legality, accountability and judicial redress. Security safeguards are envisaged to protect individuals, especially those that are most vulnerable.

The impact of this innate trait can be best perceived within the Covid-19 pandemic. The crisis tested the resilience of Europe, by enabling a rapid need to remodel its security policy in the face of a swift and nimble threat to its citizens both in the physical and digital environment. While there was limited capability to foresee the extent of the pandemic, the flat policy response that the EU initially provided and the lack of proper tools to jointly tackle the threat, exposed critical infrastructure and supply chain vulnerabilities.

A. An overview of the EU Security Union Strategy 2020 - 2025

Having in mind the plethora of ever-growing threats, in 2016, the EU introduced the concept of the Security Union as part of the European Commission Communication “Paving a way towards an effective and genuine Security Union”.[23] This concept was built on the 2015 European Agenda on Security. It proposed a new approach based on shared responsibility between the European Union and the EU countries. To lead the process, a dedicated Security Union Commissioner portfolio was created in September 2016, assisted by a task force that drew on the expertise of the entire European Commission.

The Strategy is structured around 4 pillars aimed at building capabilities and capacities for early detection, prevention and rapid response to crises, linking all players in the public and private sectors in a common effort and a strong focus on performance. Each pillar encompasses several themes. The pillars are as follows: (i) a future proof security environment, (ii) tackling evolving threats, (iii) protecting Europeans from terrorism and organised crime, (iv) a strong European security ecosystem.

a. A future-proof security environment

i. Critical infrastructure protection and resilience

As mentioned above, critical infrastructure plays a detrimental role in the landscape of European security. This role is proliferated by the exponential economic and social growth and the transition to the digital environment. The strategy sets out to provide a much-needed

upgrade to the legislative framework in order to foster interconnectedness and interdependency. This encourages systems and services to be more resilient in terms of planning, absorbing and recovering from adverse events.

According to EU self-assessment, existing framework for protection and resilience of critical infrastructures has not kept pace with evolving risks.[24] Furthermore, guided by the principle of subsidiarity, member states have implemented legislation at their own discretion resulting in a fragmentary approach to the issue, as well as a various level of preparedness, the most incremental developments being attested in border regions, due to less efficient coordination.

The EU has set out a priority to build new resilience boosting tools in connection to the increasing role of the internet. The centerpiece of this priority is to put in place a certified secure end-to-end quantum infrastructure, terrestrial and space-based, in combination with the secure governmental satellite communications system laid out in the Space Programme regulation.[25]

ii. Cybersecurity

Cyber space, under the Security Union concept, is considered an indispensable part of the security landscape. While we examine more thoroughly this theme in the next part of the chapter, it is worthwhile to mention that the main focus of the Union is pinned to the European Cybersecurity Strategy.

The Commission envisions a long-term shift towards a cybersecurity culture model, within a new cybersecurity certification framework under the Cybersecurity Act[26], with a prime role for the EU Agency for Cybersecurity (ENISA), the data protection authorities and the European Data Protection Board is of key importance in this area.[27]

In order to strengthen its position within the international legal order, the Commission is providing a cyber diplomacy toolbox as a set of measures under the Common Foreign and Security Policy, aimed at the activities that harm its political, security and economic interests.

Lastly, cybersecurity cooperation is to be fostered horizontally within EU institutions, bodies and agencies, with a principal role for a Joint Cyber Unit, a novel structure that will become operational by the beginning of 2023. The unit will provide a sandbox for civilian, law-enforcement, diplomatic and cyber defense communities to cooperate in order to prevent, deter and respond to cyberattacks.

iii. Protecting public spaces

In light of the 2016 Brussels bombings[28], aimed at the heart of the EU, protection of public spaces, especially those of worship and transport, has become detrimental. The Commission sets out to bolster both stronger physical protection of such places and adequate detection systems, without undermining citizens’ freedoms.[29] This theme is congruent with the potential miscues of drones by criminals and terrorists.

Key actions under the future-proof security environment pillar are resumed to:

• Legislation on the protection and resilience of critical infrastructure

• Revision of the Network Information Systems Directive

• An initiative on the operational resilience of the financial sector

• Protection and cybersecurity of critical energy infrastructure and network code on cybersecurity for cross-border electricity flows

• A European Cybersecurity Strategy

• Next steps towards the creation of a Joint Cyber Unit

• Common rules on information security and cybersecurity for EU institutions, bodies and Agencies

• Stepped up cooperation for the protection of public spaces, including places of worship

• Sharing of best practices on addressing misuse of drone

b. Tackling evolving threats

i. Cybercrime

The Commissions response to cybercrime focuses on improving the judiciary and law enforcement – Joint Cybercrime Action Task Force in Europol and the Law Enforcement Emergency Response Protocol created to coordinate response to large-scale cyber-attacks. Furthermore, full implementation of the current legal framework is detrimental in offering an appropriate response.[30]

The EU acknowledges the extent that cybercrime has. In this regard, strong support and confidence is shown to Council of Europe’s Budapest Convention on cybercrime, which establishes the objective of a common criminal policy aimed at the protection of society against cybercrime, inter alia, by adopting appropriate legislation and fostering international co-operation, conditioned by the profound changes brought about by the digitalization, convergence and continuing globalization of computer networks.[31]

ii. Modern law enforcement

Stepping up efforts in tackling the ever-evolving threat spectrum is conditioned by the adaptability of law enforcement and justice practitioners to apply new technology. The Commission envisages that that technological developments and emerging threats require law enforcement authorities to have access to new tools, acquire new skills and develop alternative investigative techniques. By connecting scientific evaluations and testing methods, through the Joint Research Centre, new tools are to be created in order to enhance law enforcement capacity in digital investigations. These tools imply the integration of artificial intelligence, space capabilities, Big Data and High Performance Computing into security policy in a way which is effective both in fighting crimes and in ensuring fundamental rights. Artificial intelligence could act as a powerful tool to fight crime, creating enormous investigative capabilities by analyzing large amounts of information and identifying patterns and anomalies.

A particular accent is put on electronic evidence for criminal investigations, as means of tackling cross-border crime, through bi- and multilateral negotiations.[32] Also, encryption is a explored theme as means of securing digital systems and transactions and also protecting a series of fundamental rights, including freedom of expression, privacy and data protection.

iii. Countering illegal content online

The Commission recognize the looming threat of terrorism, extremism or child sexual abuse delivered through the digital environment. In order to prevent and counter the spread of illegal hate speech online, the Commission launched, in 2016, the Code of Conduct on countering illegal hate speech online. Being a non-binding document, it recommended IT companies remove content deemed to be illegal hate speech. Although, according to data 71% of flagged content is removed within 24 hours, issues regarding transparency need to be addressed.[33]

An emphasis on the Digital Service Act (DSA) is made with the rationale that it will clarify and upgrade the liability and safety rules for digital services and remove disincentives holding back actions to address illegal content, goods or services. The DSA is extensively analyzed in the following chapters of the book.

Launched in 2015, the European Union Internet Forum (EUIF), has proliferated its role in reducing accessibility to terrorist content online and increasing the volume of effective alternative narratives online. In the framework of the strategy, EUIF mission to provide a collaborative environment for governments in the EU, the internet industry, and other partners to discuss and address the challenges posed by the presence of malicious and illegal content online, the EUIF is envisaged as means of fighting child sexual abuse online.

iv. Hybrid threats

As mentioned previously, the Covid-19 pandemic has reignited the flame of the Commission towards the hybridization of threats to security. Building upon the 2015 Joint Framework on Countering Hybrid Threats[34] and the 2018 Joint Communication on bolstering hybrid resilience actions are underpinned by a sizeable toolbox covering the internal-external nexus, based on a whole-of-society approach and on close cooperation with strategic partners, notably NATO and G7 [35]

Due to the complex nature of hybrid threats, the Commission targets a cross-border effort, that will integrate horizontally with member state security and defense policies. This effort will be sustained within the EU structure where the Commission services and the European External Action Service will explore options to streamline information flows from different sources, including Member States, as well as EU agencies such as ENISA, Europol and Frontex. This will improve the effect of EU action by swiftly bringing together sectoral responses and ensuring seamless cooperation with partners, especially within NATO members. Integration will also apply thematically by exploring unbeaten paths such as education, technology and research.

Key actions under the tackling evolving threats pillar are resumed to:

• Ensuring that the cybercrime legislation is implemented and fit for purpose

• A Strategy for a more effective fight against child sexual abuse

• Proposals on the detection and removal of child sexual abuse material

• An EU approach on Countering Hybrid Threats

• Review of the EU operational protocol for countering hybrid threats (EU Playbook)

• Assessment of how to enhance law enforcement capacity in digital investigations

c. Protecting Europeans from terrorism and organised crime

i. Terrorism and radicalisation

At its core, the threat of terrorism and radicalization is rooted in the polarisation of society, real or perceived discrimination and other psychological and sociological factors that can reinforce people’s vulnerability to radical discourse. Tackling this threat requires a combined approach, that the Commission envisages through several hard policies, such the Radicalisation Awareness Network and the EU Cities against Radicalisation Initiative[36], as well as soft policies such as education, culture, youth and sports could contribute to the prevention of radicalization[37]. Priority areas include work on early detection and risk management, resilience building and disengagement, as well as rehabilitation and reintegration in society.

In respect to the terrorist threat, the EU boasts state of the art legislation that is aimed at restricting access to explosives precursors and detects suspicious transactions aiming to build improvised explosive devices.[38] In order to enact it, as well as diminish the potential of chemical, biological, radiological and nuclear (CBRN) attacks, the Commission is looking to expand the list of restricted ss to certain dangerous chemicals that could be used.

In order to tackle the external terrorist threat, the EU is looking to improve upon multilateral cooperation, working with the leading global actors in this field, such as the United Nations, NATO, the Council of Europe, Interpol and the OSCE.

Although member states are primarily responsible the fight against terrorism and radicalization, the Commission considers the implementation of counter-terrorism legislation, including restrictive measures, a cornerstone in tackling this threat. In this regard one of the main objectives of the Union, is to extend the mandate of the European Public Prosecutor’s Office to cross-border terrorist crimes.

ii. Organised crime

Organised crime and terrorists are key groups that are active in production, trafficking or distribution of drugs, trade of illegal firearms, migrant smuggling, corruption as well as adopting online crime (i.e., online scams on vulnerable groups). The losses from their illegal activity amounts in both economic downfall and human lives.