Strategic Security in the Digital Age: The EU’s Deep Dive into Critical Technologies

by Inline Policy on 27 Oct 2023

The European Union’s economic framework has for a long time been underpinned by advances in technology. Yet, in our rapidly evolving digital era, innovation may in some cases pose a threat to economic security. The European Commission has therefore announced that it will undertake in-depth risk assessments across a number of critical technologies. While this initiative pivots on reducing tech vulnerabilities, it also encompasses geopolitics, strategic partnerships, and safeguarding the EU’s economic interests. 

The Core Four: Collective Risk Assessment to be Conducted this Year 

On 3 October 2023, the European Commission approved a Recommendation on critical technology areas for the EU's economic security. This non-binding EU act provides guidance on the interpretation of EU law, which identifies ten critical technology areas in which it will conduct its risk assessments. Among these, four technology areas are deemed the highest risk: 

  • Advanced semiconductors. These are the heartbeat of today’s digital devices and networks and include microelectronics, high-frequency chips, photonics, and semiconductor manufacturing equipment. 
  • Artificial intelligence. A vast field, including high-performance computing, cloud and edge computing, data analytics, language processing, object recognition, and computer vision. 
  • Quantum technologies. This includes quantum computing, cryptography, communications, and sensing techniques. 
  • Biotechnologies. These technologies span from genetic modifications and new genomic techniques to gene-drive and synthetic biology. 

This list is based on three criteria: the enabling and transformative nature of the technology; the risk of civil and military fusion; and the risk of misuse in violation of human rights. 

The four areas have been identified by the European Commission for collective risk assessments by the Member States together with the Commission, which should be completed by the end of 2023. The Commission and the Member States will discuss the timing and scope of subsequent risk assessments and will consult with the private sector.  

Based on the feedback and insights from the risk assessments, the European Commission will propose any further measures the EU might implement to curb the risk of security issues related to these technologies, such as leaks and unauthorised access, by spring 2024. European Commission Vice-President for Values and Transparency Vĕra Jourová has stated that discussions on how to mitigate these risks will begin only after the risks have been identified both at the EU and at the national level.  

De-risk Rather Than De-Couple: The Backdrop of the European Economic Security Strategy 

The EU’s goal in this Recommendation is to ‘de-risk’ trade relationships rather than ‘de-couple’ from them. The strategy emphasises the management and reduction of vulnerabilities instead of severing ties with global partners. This 'de-risking' approach is designed to bolster trade relationships by reducing dependencies, ensuring the EU remains resilient amid tech challenges or geopolitical strains. As European Commissioner for Internal Market Thierry Breton highlighted during the announcement of the Recommendation, protection does not mean protectionism. Quite the opposite… 

The Recommendation is part of the European Economic Security Strategy adopted in June 2023 by the European Commission. Based on a three-pillar – one might say three-P – approach that aims to promote competitiveness, to protect against risks, and to partner with the broadest possible range of stakeholders, the Strategy defines a number of risks that the Commission and Member States will address. These include risks to the resilience of supply chains, risks to the physical and cyber security of critical infrastructure, risks related to technology security and technology leakage, and risks of economic coercion or turning economic dependencies into strategic tools. The Commission’s list of critical technologies is linked to the category of risks related to technology security and technology leakage. 

Geopolitical Implications: Reading Between the Lines 

While the Commission’s recommendation is broad, the subtext points to a significant player: China. Given China’s dominant role in global supply chains and the tech arena, the risk assessments undoubtedly have Beijing in their sights.  

Although Commissioner Thierry Breton stated that ‘this is not against anyone, this is not against any continent or country, it is for us in Europe, for our citizens, companies’, reading between the lines, the EU’s message is clear: while embracing globalisation and partnerships, there is a pressing need to secure its digital and economic sovereignty. 

Commissioner Breton said that Europe was ‘adapting to the new geopolitical realities, putting an end to the era of naivety and acting as a real geopolitical #power.’ He termed the ten critical technology areas as strategic cornerstones for the EU’s autonomy and security. 

The Commission’s announcement is rooted in past experiences where the consequences of over-dependence on certain technological areas have been striking, including the vulnerabilities exposed during the Covid-19 pandemic and recent tensions linked to the Russian war in Ukraine.  

Beyond the Big Four  

In addition to the aforementioned core areas, the EU has its sights set on six other technology areas: 

  • Advanced connectivity, navigation, and digital technologies 
  • Advanced sensing technologies 
  • Space and propulsion technologies 
  • Energy technologies 
  • Robotics and autonomous systems 
  • Advanced materials, manufacturing, and recycling technologies 

Looking ahead: Implications and Expectations 

In a nutshell, the European Union’s stance on technology is clear. While innovation and partnerships are essential, ensuring the security and resilience of its technological infrastructure is paramount. Stakeholders across the board, from businesses to policymakers, will be watching the next steps as they unfold: 

Timeline for next announcements. The collective risk assessments for the four identified technology areas are scheduled for completion by the end of 2023. A subsequent set of announcements detailing the findings of these assessments, as well as the next steps for the risk assessments of the other six technology areas, is expected in early 2024. Depending on the initial results, the European Commission may then roll out additional initiatives. They may include guidelines and even regulations to ensure the safety and security of technological advances. 

Implications for businesses. Companies operating within the specified critical technology sectors should prepare for heightened scrutiny and potential regulatory changes. They might also consider proactively evaluating and bolstering their own internal risk management processes and security measures in preparation for the outcomes of the EU’s assessments. Considering this, businesses should also anticipate potential shifts in trade dynamics. The EU’s intention to 'de-risk' rather than 'de-couple' might lead to stronger collaboration with trusted partners or diversified supply chains to minimise vulnerabilities. Given that the European Commission is taking a collaborative approach with both the Member States and the private sector, companies should engage in an open dialogue through public consultations to discuss the future of technological innovation, and its opportunities, risks, as well as mitigations. 

If you would like to keep up to date or learn more about this subject, please email isabella.morgott@inlinepolicy.com.   

Topics: International politics, EU, Technology

Inline Policy

Written by Inline Policy

Get the latest updates from our blog

Related Articles

I sat down for an hour-and-a-half in early August with Kai Zenner, longtime policy advisor to MEP Axel Voss. ... Read more

In this blog, we look at the future of European telecoms legislation, including the possibilities for a ... Read more

In this blog, we analyse the Labour government's planned reforms to the UK's data protection and cyber ... Read more

In this blog, we investigate what role current French Commissioner for Internal Market Thierry Breton might ... Read more

Comments