European regulators have approved Microsoft's $69 billion acquisition of Activision Blizzard, handing the technology giant a victory at a time when the deal is being challenged in other countries. From a report: While the merger could harm competition in some respects, particularly in the fast-growing market for cloud gaming services, concessions by Microsoft were enough to mitigate antitrust concerns stemming from the deal, the European Commission said in a statement. Among Microsoft's offers were a 10-year commitment letting European consumers play Activision titles on any cloud gaming service. Microsoft also committed that it would not downgrade the quality or content of its games made available on rival streaming platforms.

The European Union plans to force crypto companies to give tax authorities details of their clients' holdings, according to a draft bill released to CoinDesk under freedom of information laws. From a report: The data-sharing law, based on a model from the Organization for Economic Cooperation and Development (OECD), is set to be agreed by finance ministers next week, and will allow tax authorities to share data within the 27-nation bloc. Commission officials have said the bill received unanimous acclaim at a meeting on Wednesday, though people familiar with the matter told CoinDesk that some finance ministers have not yet received formal approval from parliaments.

The bill, dated May 5, closely matches proposals made by the European Commission in December 2022, as part of a bid to stop EU residents stashing crypto abroad to hide it from the taxman. The commission would have to set up a register of crypto asset operators' by December 2025, bringing forward a previous deadline by one year, and the rules will apply as of Jan. 1, 2026. Controversially, the law -- known as the eighth directive on administrative cooperation (DAC8) -- still includes platforms for trading non-fungible tokens that can be used for payment or investment, and providers from outside the bloc that have EU clients.

The EU is planning an undersea internet cable to improve connectivity to Georgia and reduce dependence on lines running through Russia, amid growing concerns about vulnerabilities to infrastructure transmitting global data. From a report: The $49mn cable will link EU member states to the Caucasus via international waters in the Black Sea, stretching a span of 1,100km. The project aims to reduce the region's "dependency on terrestrial fibre-optic connectivity transiting via Russia," the European Commission said in a policy document. The EU and Georgia jointly identified the need for the Black Sea internet cable in 2021 to improve Georgia's digital connectivity. However, the war in Ukraine has added impetus to the project, given the need to avoid relying on "connections that are not secure or stable," said a person with knowledge of the proposal.

Internet cables have come under scrutiny because of global concerns around espionage, as land-based lines and the stations where submarine cables come ashore are seen as vulnerable to interception by governments, hackers and thieves. Concerns around intentional sabotage of undersea cables and other maritime infrastructure have also grown since multiple explosions on the Nord Stream gas pipelines last September, which media reports recently linked to Russian vessels. Two cables off the coast of Norway were cut in 2021 and 2022, sparking concerns about malicious attacks.

At I/O 2023 earlier this week, Google announced that it's expanding its AI chatbot Google Bard to 180 countries. However, what Google didn't mention is that Bard still isn't available in the European Union. From a report: On a support page, Google details the full list of 180 countries in which Bard is now available. This includes countries all over the globe, but very noticeably not any countries that are a part of the European Union. It's a big absence from what is otherwise a global expansion for Google's AI. The reason why isn't officially stated by Google, but it seems reasonable to believe that it's related to GDPR. Just last month, Italy briefly banned ChatGPT over similar concerns that the AI couldn't comply with the regulations. Google also slyly hints this might be the case saying that further Bard expansions will be made "consistent with local regulations."

Veteran open source report Steven J. Vaughan-Nichols, writing at The Register: We can all agree that securing our software is a good thing. Thanks to one security fiasco after another -- the SolarWinds software supply chain attack, the perpetual Log4j vulnerability, and the npm maintainer protest code gone wrong -- we know we must secure our code. But the European Union's proposed Cyber Resilience Act (CRA) goes way, way too far in trying to regulate software security. At the top level, it looks good. Brussels states that before "products with digital elements" are allowed on the EU market, manufacturers must follow best practices in four areas. Secure the product over its whole life; follow a coherent cybersecurity framework; show cybersecurity transparency; and ensure customers can use products securely. Sounds great, doesn't it? But the road to hell is paved with good intentions. The devil, as always, is in the details. Some of this has nothing to do with open source software. Good luck creating any program in any way that a clueless user can't screw up.

But the EU commissioners don't have a clue about how open source software works. Or, frankly, what it is. They think that open source is the same as proprietary software with a single company behind it that's responsible for the work and then monetizes it. Nope. Open source, as I've said over and over again, is not a business model. Sure, you can build businesses around it. Who doesn't these days? But just as the AWSes, Googles, and Facebooks of the world depend on open source software, they also use programs written by Tom, Denise, and Harry from around the world. The CRA's underlying assumption is that you can just add security to software, like adding a new color option to your car's paint job. We wish!

Securing software is a long, painful process. Many open source developers have neither the revenue nor resources to secure their programs to a government standard. The notional open source developer in Nebraska, thanklessly maintaining a vital small program, may not even know where Brussels is (it's in Belgium). They can't afford to secure their software to meet EU specifications. They often have no revenue. They certainly have no control over who uses their software. It's open source, for pity's sake! As open source developer Thomas Depierre recently blogged: "We are not suppliers. All the people writing and maintaining these projects, we are not suppliers. We do not have a business relationship with all these organizations. We are volunteers, writing code and putting it online under these Licenses." Exactly.

An anonymous reader shares an excerpt from a collaborative investigation between Motherboard, lavialibera, and IrpiMedia: Mafioso Bartolo Bruzzaniti needed everyone to do their job just right. First, the Colombian suppliers would hide a massive amount of cocaine inside bananas at the port city of Turbo, Colombia. That shipping container would then be transported across the ocean to Catania, in Sicily, Italy. A corrupt port worker on the mafia's payroll would wave the shipment through and had advised the group how to package the drugs. This was so the cocaine could remain undetected even if the worker was forced to scan the shipment. Another group of on-the-ground mafiosos would then unload the cocaine outside of the port.

In March 2021, Bruzzaniti, an alleged member of the infamous 'Ndrangheta mafia group and who says Milan belongs to him "by right," asked his brother Antonio to go fetch something else crucial to the traffickers' success. "Go right now," Bruzzaniti wrote in a text message later produced in court records. "It's needed urgently." Investigators know what Bruzzaniti said because European authorities had penetrated an encrypted phone network called Sky and harvested around a billion of the users' messages. These phones are the technological backbone of organized crime around the world.

The thing Antonio needed to urgently fetch was a phone from a different encrypted phone network, one that the authorities appear to have not compromised and which the mafia have been using as part of their operations. To that phone, a contact sent one half of the shipping container's serial number. A reporting collaboration between Motherboard, lavialibera, and IrpiMedia has identified that encrypted phone as being run by a company called No. 1 Business Communication (No. 1 BC). The investigation has found members of the mafia and other organized crime groups turning to No. 1 BC as authorities cracked down on other platforms. The collaboration has identified multiple key players in No. 1 BC's development, sales, and legal structure. "Take the bc1 right away," Bruzzaniti wrote in another text, referring to the No. 1 BC phone.

EU lawmakers on Thursday urged the European Commission to continue talks to reinforce a proposed data transfer pact with the United States, saying there were still shortcomings in the agreement. From a report: The move could further delay an accord which is critical for thousands of companies. The EU executive in a draft decision in December said that U.S. safeguards against American intelligence activities were strong enough to address EU data privacy concerns. Such worries had prompted Europe's top court to strike down two previous data transfer pacts, affecting thousands of companies that move Europeans' personal data across the Atlantic for commercial use such as financial services, human resources and e-commerce. "This new proposal contains significant improvements, but unfortunately, we are not there yet," lawmaker Juan Fernando Lopez Aguilar said after the assembly voted in a non-binding resolution against the proposed pact.

European lawmakers came a step closer to passing new rules regulating artificial intelligence tools such as ChatGPT, following a crunch vote on Thursday where they agreed tougher draft legislation. From a report: The European Union's highly anticipated AI Act looks set to be the world's first comprehensive legislation governing the technology, with new rules around the use of facial recognition, biometric surveillance, and other AI applications. After two years of negotiations, the bill is now expected to move to the next stage of the process, in which lawmakers finalise its details with the European Commission and individual member states.

Speaking ahead of the vote by two lawmakers' committees, Dragos Tudorache, one of the parliamentarians (MEPs) charged with drafting the laws, said: "It is a delicate deal. But it is a package that I think gives something to everyone that participated in these negotiations. Our societies expect us to do something determined about artificial intelligence, and the impact it has on their lives. It's enough to turn on the TV ... in the last two or three months, and every day you see how important this is becoming for citizens." Under the proposals, AI tools will be classified according to their perceived level of risk, from low to unacceptable. Governments and companies using these tools will have different obligations, depending on the risk level.

Clearview AI, the US startup that's attracted notoriety in recent years for a massive privacy violation after it scraped selfies off the Internet and used people's data to build a facial recognition tool it pitched to law enforcement and others, has been hit with another fine in France over non-cooperation with the data protection regulator. From a report: The overdue penalty payment of $5.7M has been issued by the French regulator, the CNIL -- on top of a $22M sanction it slapped the company with last year for breaching regional privacy rules. The European Union's General Data Protection Regulation (GDPR) sets out conditions for processing personal data lawfully. Clearview has been found to have breached a number of requirements set out in law -- by France's CNIL and several other regional data protection authorities, including authorities in the UK, Italy and Greece, garnering several tens of millions in total fines to date. Whether Clearview will ever pay any of these fines remains an open question, since the US-based company has not been cooperating with EU regulators.

An anonymous reader shares a report: When Mohamed Maslouh, a London-based contractor, was assigned to enter data into Google's internal gHire recruitment system last September, he noticed something surprising. The database contained the profiles of thousands of people in the EU and U.K. whose names, phone numbers, personal email addresses and resumes dated back as far as 2011. Maslouh knew something was amiss, as he had received data-protection training from Randstad, the European human-resources giant that employed him, and was aware of the EU's five-year-old General Data Protection Regulation (GDPR), which remained part of British law after Brexit.

Under the law, companies in the European Union and U.K. may not hang onto anyone's personal data -- that is, information relating to any identifiable living person -- for longer than is strictly necessary, which generally means a maximum retention time measured in weeks or months. Google may now face investigations over potential violations of the GDPR, after Maslouh filed protected whistleblower complaints with the U.K. Information Commissioner's Office in November and with the Irish Data Protection Commission (DPC) -- which has jurisdiction over Google's activities in the EU -- in February.

An anonymous reader quotes a report from The Guardian: An EU plan under which all WhatsApp, iMessage and Snapchat accounts could be screened for child abuse content has hit a significant obstacle after internal legal advice said it would probably be annulled by the courts for breaching users' rights. Under the proposed "chat controls" regulation, any encrypted service provider could be forced to survey billions of messages, videos and photos for "identifiers" of certain types of content where it was suspected a service was being used to disseminate harmful material. The providers issued with a so-called "detection order" by national bodies would have to alert police if they found evidence of suspected harmful content being shared or the grooming of children.

Privacy campaigners and the service providers have already warned that the proposed EU regulation and a similar online safety bill in the UK risk end-to-end encryption services such as WhatsApp disappearing from Europe. Now leaked internal EU legal advice, which was presented to diplomats from the bloc's member states on 27 April and has been seen by the Guardian, raises significant doubts about the lawfulness of the regulation unveiled by the European Commission in May last year. The legal service of the council of the EU, the decision-making body led by national ministers, has advised the proposed regulation poses a "particularly serious limitation to the rights to privacy and personal data" and that there is a "serious risk" of it falling foul of a judicial review on multiple grounds.

The EU lawyers write that the draft regulation "would require the general and indiscriminate screening of the data processed by a specific service provider, and apply without distinction to all the persons using that specific service, without those persons being, even indirectly, in a situation liable to give rise to criminal prosecution." The legal service goes on to warn that the European court of justice has previously judged the screening of communications metadata is "proportionate only for the purpose of safeguarding national security" and therefore "it is rather unlikely that similar screening of content of communications for the purpose of combating crime of child sexual abuse would be found proportionate, let alone with regard to the conduct not constituting criminal offenses." The lawyers conclude the proposed regulation is at "serious risk of exceeding the limits of what is appropriate and necessary in order to meet the legitimate objectives pursued, and therefore of failing to comply with the principle of proportionality". The legal service is also concerned about the introduction of age verification technology and processes to popular encrypted services. "The lawyers write that this would necessarily involve the mass profiling of users, or the biometric analysis of the user's face or voice, or alternatively the use of a digital certification system they note 'would necessarily add another layer of interference with the rights and freedoms of the users,'" reports the Guardian.

"Despite the advice, it is understood that 10 EU member states -- Belgium, Bulgaria, Cyprus, Hungary, Ireland, Italy, Latvia, Lithuania, Romania and Spain -- back continuing with the regulation without amendment."

An anonymous reader shares a report: Last year, the EU passed legislation that will require the iPhone and many other devices with wired charging to be equipped with a USB-C port in order to be sold in the region. Apple has until December 28, 2024 to adhere to the law, but the switch from Lightning to USB-C is expected to happen with iPhone 15 models later this year. It was rumored in February that Apple may be planning to limit charging speeds and other functionality of USB-C cables that are not certified under its "Made for iPhone" program. Like the Lightning port on existing iPhones, a small chip inside the USB-C port on iPhone 15 models would confirm the authenticity of the USB-C cable connected. "I believe Apple will optimize the fast charging performance of MFi-certified chargers for the iPhone 15," Apple analyst Ming-Chi Kuo said in March.

In response to this rumor, European Commissioner Thierry Breton has sent Apple a letter warning the company that limiting the functionality of USB-C cables would not be permitted and would prevent iPhones from being sold in the EU when the law goes into effect, according to German newspaper Die Zeit. The letter was obtained by German press agency DPA, and the report says the EU also warned Apple during a meeting in mid-March.

The EU has been warned that it risks handing control of artificial intelligence to US tech firms if it does not act to protect grassroots research in its forthcoming AI bill. From a report: In an open letter coordinated by the German research group Laion, or Large-scale AI Open Network, the European parliament was told that "one-size-fits-all" rules risked eliminating open research and development. "Rules that require a researcher or developer to monitor or control downstream use could make it impossible to release open-source AI in Europe," which would "entrench large firms" and "hamper efforts to improve transparency, reduce competition, limit academic freedom, and drive investment in AI overseas," the letter says.

It adds: "Europe cannot afford to lose AI sovereignty. Eliminating open-source R&D will leave the European scientific community and economy critically dependent on a handful of foreign and proprietary firms for essential AI infrastructure." The largest AI efforts, by companies such as OpenAI and Google, are heavily controlled by their creators. It is impossible to download the model behind ChatGPT, for instance, and the paid-for access that OpenAI provides to customers comes with a number of restrictions, legal and technical, on how it can be used. By contrast, open-source AI efforts involve creating an AI model and then releasing it for anyone to use, improve or adapt as they see fit.

Microsoft has offered to charge different prices for its Office product with and without its Teams app to stave off a possible EU antitrust investigation and fine, two people familiar with the matter said. From a report: Microsoft has been seeking to address the EU competition enforcer's concerns since last year after Salesforce-owned workspace messaging app Slack complained to the European Commission, other people familiar with the matter told Reuters in December. Slack in 2020 alleged that Microsoft has unfairly integrated its workplace chat and video app Teams into its Office product. The U.S. tech giant introduced Teams in 2017 targeting the fast-growing and lucrative workplace collaboration market. The European Commission on Thursday said there were other complainants besides Slack.

The low-profile firm that has become crucial to a half-trillion-dollar global industry. From a report: In 1984, Martin van den Brink, a young Dutch engineer, joined a newly created venture in a quiet corner of the Netherlands. Little did he know then that about 40 years on the company would be so crucial to the $580 billion semiconductor industry that it would be the epicenter of a US-China chip war. ASML Holding NV, where Van den Brink is now the chief technology officer, practically owns the market for a critical piece of equipment needed to produce the brains of everything that makes modern life possible -- from cars and smartphones to computers, microwaves and airplanes. With the company's high-end machines churning out chips that can also go into state-of-the-art weapons and artificial intelligence devices, ASML is effectively being treated as critical infrastructure for US national security and has become a target of industrial espionage for China. "I never expected to be where we are today," said Van den Brink.

Over his nearly four decades at the company, ASML has gone from a bit player competing with the likes of Nikon, Canon and Ultratech to the world's only maker of very high-end semiconductor lithography equipment. Its ascent has made it Europe's most valuable technology company, with a market capitalization of over $247 billion -- more than twice that of its customer Intel. In an industry where devices typically cost $10 million, ASML commands about $180 million for its current top-end machine. And although the chip market has softened recently, ASML is still growing and its long-term outlook seems intact, thanks to the insatiable demand for computing power.

"This is a company that the world can't exist without," said Jon Bathgate, a fund manager at NZS Capital in Denver, which has about $2 billion under management, with ASML as one of its biggest holdings. "They've got a 20-year head start... Investors have clearly realized how important ASML is as a company and how difficult it would be to replicate. It's a natural monopoly with secular growth winds. That's unique." As chips become for geopolitics in the 21st century what oil was in the last one, ASML's singular success has thrust it squarely in the crosshairs of the intensifying tensions between the US and China. With the US focused on the strategic importance of semiconductors, Presidents Donald Trump and Joe Biden have done everything to ensure that China is a couple of generations behind in chips. No company is more critical to that effort than ASML.

The European Commission proposed rules on Thursday to govern patents increasingly in demand for technologies used in smart devices such as drones, connected cars and mobile phones, to try to reduce litigation. From a report: The Commission said the system for what are known as standard-essential patents (SEPs), was fragmented, lacked transparency, led to lengthy disputes and that self-regulation had not worked. SEPs protect technology such as for 5G, Wi-Fi or Bluetooth that is needed by equipment producers to comply with international standards.

Apple has revealed App Store metrics in Europe in response to the European Digital Services Act. From the legal compliance post: iOS App Store: 101 million
iPadOS App Store: 23 million
macOS App Store: 6 million
tvOS App Store: 1 million
watchOS App Store: under 1 million
Apple Books: under 1 million
Podcasts paid subscriptions: under 1 million

A draft law that aims to criminalize and prosecute those who "create conditions for online piracy" has been approved by Bulgaria's Council of Ministers. The proposed amendments are Bulgaria's response to heavy criticism from the United States, most publicly via the USTR's Special 301 Reports. It's hoped that prison sentences of up to six years will send a deterrent message. TorrentFreak reports: Last week the Council of Ministers approved draft amendments to the Criminal Code that aim to protect authors, rightsholders, and state revenue. "Crimes against intellectual property should be perceived as acts with a high degree of public danger, not only considering the rights and interests of the individual author, which they affect, but also considering the financial losses for the holders of these rights, which also affects the revenues in the state budget," the explanatory notes read.

The stated aim of the bill is to solve identified weaknesses by upgrading substantive law to counter computer-related crimes against intellectual property. The text references those who "build or maintain" an information system or provide a service to the information society for the purpose of committing crimes. The notes offer further clarification. "The bill aims to prosecute those who create conditions for online piracy -- for example, by building and maintaining torrent tracker sites, web platforms, chat groups in online communication applications for the online exchange of pirated content, and any other activities that may fall within the definition of 'information society service' within the meaning of the Electronic Commerce Act (pdf) and which are carried out with the specified criminal purpose."

The Bulgarian government notes that the amendments are part of its response to criticism in the USTR's Special 301 Report. [When countries are placed on the USTR's 'Watch List' for failing to combat piracy, most can expect years of pressure punctuated by annual Special 301 Reports declaring more needs to be done. Bulgaria was on the Watch List in 2015 when the USTR reported "incremental progress" in the country's ability to tackle intellectual property infringement, albeit nowhere near enough to counter unsatisfactory prosecution rates. In 2018 the United States softened its position toward Bulgaria, removing it from the Watch List on the basis that the government would probably deliver.] The fact that Bulgaria has been absent from the 'Watch List' for the last five years is down to "specific commitments" made by the authorities, with progress being monitored closely by the United States in respect of Bulgaria's future status. The draft approved by the Council of Ministers last week envisions sentences of up to six years imprisonment and a fine of up to $5,600. According to the draft, there is no intent to prosecute individual users who simply consume pirated content.

An anonymous reader quotes a report from Ars Technica: The European Commission will require 19 large online platforms and search engines to comply with new online content regulations starting on August 25, European officials said. The EC specified which companies must comply with the rules for the first time, announcing today that it "adopted the first designation decisions under the Digital Services Act." Five of the 19 platforms are run by Google, specifically YouTube, Google Search, the Google Play app and digital media store, Google Maps, and Google Shopping. Meta-owned Facebook and Instagram are on the list, as are Amazon's online store, Apple's App Store, Microsoft's Bing search engine, TikTok, Twitter, and Wikipedia. These platforms were designated because they each reported having over 45 million active users in the EU as of February 17. The other listed platforms are Alibaba AliExpress, Booking.com, LinkedIn, Pinterest, Snapchat, and German online retailer Zalando.

Companies have four months to comply with the full set of new obligations and could face fines of up to 6 percent of a provider's annual revenue. One new rule is a ban on advertisements that target users based on sensitive data such as ethnic origin, political opinions, or sexual orientation. There are new content moderation requirements, transparency rules, and protections for minors. For example, "targeted advertising based on profiling towards children is no longer permitted," the EC said. Companies will have to provide their first annual risk assessment on August 25, and their risk mitigation plans will be subject to independent audits and oversight by the European Commission. "Platforms will have to identify, analyze and mitigate a wide array of systemic risks ranging from how illegal content and disinformation can be amplified on their services, to the impact on the freedom of expression and media freedom," the EC said. "Similarly, specific risks around gender-based violence online and the protection of minors online and their mental health must be assessed and mitigated." The new requirements for the 19 platforms include:
- Users will get clear information on why they are recommended certain information and will have the right to opt-out from recommendation systems based on profiling;
- Users will be able to report illegal content easily and platforms have to process such reports diligently; - Platforms need to label all ads and inform users on who is promoting them;
- Platforms need to provide an easily understandable, plain-language summary of their terms and conditions, in the languages of the Member States where they operate.

Platforms will be required to "analyze their specific risks, and put in place mitigation measures -- for instance, to address the spread of disinformation and inauthentic use of their service," the EC said. They will also "have to redesign their systems to ensure a high level of privacy, security, and safety to minors."

Alexander De Croo (the prime minister of Belgium), Mark Rutte (the prime minister of the Netherlands), Xavier Bettel (the prime minister of Luxembourg), Emmanuel Macron (the president of France), Olaf Scholz (the chancellor of Germany), Leo Varadkar (the prime minister of Ireland), Jonas Gahr Store (the prime minister of Norway), Rishi Sunak (the prime minister of the United Kingdom), and Mette Frederiksen (the prime minister of Denmark), writing at Politico: We need offshore wind turbines -- and we need a lot of them. We need them to reach our climate goals, and to rid ourselves of Russian gas, ensuring a more secure and independent Europe. Held for the first time last year, Denmark, Germany, Belgium and the Netherlands came together for the inaugural North Sea Summit in the Danish harbor town of Esbjerg, setting historic goals for offshore wind with the Esbjerg Declaration. It paved the way for making the North Seas a green power plant for Europe, as well as a major contributor to climate neutrality and strengthening energy security.

This Monday, nine countries will meet for the next North Sea Summit -- this time in the Belgian town of Ostend -- where France, Ireland, Luxembourg, Norway and the United Kingdom will also put their political weight behind developing green energy in the North Seas, including the Atlantic Ocean and the Irish and Celtic Seas. Together, we will combine and coordinate our ambitions for deploying offshore wind and developing an offshore electricity grid, putting Europe on the path toward a green economy fueled by offshore green power plants. Collectively, our target for offshore wind in the North Seas is now 120 gigawatts by 2030, and a minimum of 300 gigawatts by 2050 -- larger than any of the co-signatories' existing generation capacity at a national level. And to deliver on this ambition, we are committing to building an entire electricity system in the North Seas based on renewable energy by developing cooperation projects.

This is a massive undertaking and a true example of the green transition in the making. It also requires huge investments in infrastructure, both offshore and on land. It presents us with a political and environmental dilemma as well: We are facing a climate crisis at the same time some of our ecosystems are in decline, and offshore wind is an integral part of both climate action and safeguarding our energy security. Thus, time is of the essence, and we must follow up on the progress already made on reining in the burden of bureaucracy for renewable projects.