Strategic Security in the Digital Age: The EU’s Deep Dive into Critical Technologies
by Isabella Morgott on 27 Oct 2023
The European Union’s economic framework has for a long time been underpinned by advances in technology. Yet, in our rapidly evolving digital era, innovation may in some cases pose a threat to economic security. The European Commission has therefore announced that it will undertake in-depth risk assessments across a number of critical technologies. While this initiative pivots on reducing tech vulnerabilities, it also encompasses geopolitics, strategic partnerships, and safeguarding the EU’s economic interests.
The Core Four: Collective Risk Assessment to be Conducted this Year
On 3 October 2023, the European Commission approved a Recommendation on critical technology areas for the EU's economic security. This non-binding EU act provides guidance on the interpretation of EU law, which identifies ten critical technology areas in which it will conduct its risk assessments. Among these, four technology areas are deemed the highest risk:
- Advanced semiconductors. These are the heartbeat of today’s digital devices and networks and include microelectronics, high-frequency chips, photonics, and semiconductor manufacturing equipment.
- Artificial intelligence. A vast field, including high-performance computing, cloud and edge computing, data analytics, language processing, object recognition, and computer vision.
- Quantum technologies. This includes quantum computing, cryptography, communications, and sensing techniques.
- Biotechnologies. These technologies span from genetic modifications and new genomic techniques to gene-drive and synthetic biology.
This list is based on three criteria: the enabling and transformative nature of the technology; the risk of civil and military fusion; and the risk of misuse in violation of human rights.
The four areas have been identified by the European Commission for collective risk assessments by the Member States together with the Commission, which should be completed by the end of 2023. The Commission and the Member States will discuss the timing and scope of subsequent risk assessments and will consult with the private sector.
Based on the feedback and insights from the risk assessments, the European Commission will propose any further measures the EU might implement to curb the risk of security issues related to these technologies, such as leaks and unauthorised access, by spring 2024. European Commission Vice-President for Values and Transparency Vĕra Jourová has stated that discussions on how to mitigate these risks will begin only after the risks have been identified both at the EU and at the national level.
De-risk Rather Than De-Couple: The Backdrop of the European Economic Security Strategy
The EU’s goal in this Recommendation is to ‘de-risk’ trade relationships rather than ‘de-couple’ from them. The strategy emphasises the management and reduction of vulnerabilities instead of severing ties with global partners. This 'de-risking' approach is designed to bolster trade relationships by reducing dependencies, ensuring the EU remains resilient amid tech challenges or geopolitical strains. As European Commissioner for Internal Market Thierry Breton highlighted during the announcement of the Recommendation, protection does not mean protectionism. Quite the opposite…
The Recommendation is part of the European Economic Security Strategy adopted in June 2023 by the European Commission. Based on a three-pillar – one might say three-P – approach that aims to promote competitiveness, to protect against risks, and to partner with the broadest possible range of stakeholders, the Strategy defines a number of risks that the Commission and Member States will address. These include risks to the resilience of supply chains, risks to the physical and cyber security of critical infrastructure, risks related to technology security and technology leakage, and risks of economic coercion or turning economic dependencies into strategic tools. The Commission’s list of critical technologies is linked to the category of risks related to technology security and technology leakage.
Geopolitical Implications: Reading Between the Lines
While the Commission’s recommendation is broad, the subtext points to a significant player: China. Given China’s dominant role in global supply chains and the tech arena, the risk assessments undoubtedly have Beijing in their sights.
Although Commissioner Thierry Breton stated that ‘this is not against anyone, this is not against any continent or country, it is for us in Europe, for our citizens, companies’, reading between the lines, the EU’s message is clear: while embracing globalisation and partnerships, there is a pressing need to secure its digital and economic sovereignty.
Commissioner Breton said that Europe was ‘adapting to the new geopolitical realities, putting an end to the era of naivety and acting as a real geopolitical #power.’ He termed the ten critical technology areas as strategic cornerstones for the EU’s autonomy and security.
The Commission’s announcement is rooted in past experiences where the consequences of over-dependence on certain technological areas have been striking, including the vulnerabilities exposed during the Covid-19 pandemic and recent tensions linked to the Russian war in Ukraine.
Beyond the Big Four
In addition to the aforementioned core areas, the EU has its sights set on six other technology areas:
- Advanced connectivity, navigation, and digital technologies
- Advanced sensing technologies
- Space and propulsion technologies
- Energy technologies
- Robotics and autonomous systems
- Advanced materials, manufacturing, and recycling technologies
Looking ahead: Implications and Expectations
In a nutshell, the European Union’s stance on technology is clear. While innovation and partnerships are essential, ensuring the security and resilience of its technological infrastructure is paramount. Stakeholders across the board, from businesses to policymakers, will be watching the next steps as they unfold:
Timeline for next announcements. The collective risk assessments for the four identified technology areas are scheduled for completion by the end of 2023. A subsequent set of announcements detailing the findings of these assessments, as well as the next steps for the risk assessments of the other six technology areas, is expected in early 2024. Depending on the initial results, the European Commission may then roll out additional initiatives. They may include guidelines and even regulations to ensure the safety and security of technological advances.
Implications for businesses. Companies operating within the specified critical technology sectors should prepare for heightened scrutiny and potential regulatory changes. They might also consider proactively evaluating and bolstering their own internal risk management processes and security measures in preparation for the outcomes of the EU’s assessments. Considering this, businesses should also anticipate potential shifts in trade dynamics. The EU’s intention to 'de-risk' rather than 'de-couple' might lead to stronger collaboration with trusted partners or diversified supply chains to minimise vulnerabilities. Given that the European Commission is taking a collaborative approach with both the Member States and the private sector, companies should engage in an open dialogue through public consultations to discuss the future of technological innovation, and its opportunities, risks, as well as mitigations.
If you would like to keep up to date or learn more about this subject, please email email@example.com.
Written by Isabella Morgott
Isabella provides policy analysis, monitoring and advice to tech clients. Her areas of expertise span the range of EU tech policy, including AI, digital platforms and data protection. Before joining Inline, Isabella worked as a researcher at the University of Malta, as well as a Project Communication Officer at the European Forum for Urban Security. She holds an MA in European Public Affairs and Governance from the University of Paris 1 Panthéon-Sorbonne, a graduate degree in Political Science from the University of Paris 2 Panthéon-Assas, as well as an undergraduate degree in Romance Philology and Communication Science from the Ludwig Maximilian University of Munich. Isabella speaks English, French, German, Spanish and Polish.