September 2017

EC announces new industrial policy strategy

Commission unveils initiatives for a smart, innovative and sustainable industry

On September 18, the EC published a renewed EU Industrial Policy Strategy that aims at empowering European industries to continue delivering sustainable growth and jobs. 

Europe's industry is strong and has retained a leading position in many sectors in global markets. Industry accounts for two thirds of the EU's exports and provides jobs for 32 million people, with 1.5 million of these jobs created since 2013. But to maintain and reinforce its competitive advantage, an important modernisation effort is required.

The new strategy brings together existing and new horizontal and sector-specific initiatives like:

• a new cybersecurity framework,
• a proposal of a regulation on the free flow of non-personal data,
• a series of actions on the circular economy,
• initiatives to modernise the intellectual property framework,
• improvements with respect to public procurement,
• extension of the Skills Agenda to new industrial sectors,
• strategy on sustainable finance,
• a progressive trade policy including screening of foreign direct investments,
• ensuring supply of certain critical raw materials,
• proposal for clean, competitive and connected mobility.

It also sets out the fora to bring the relevant actors together: an annual Industry Day (the first edition of which took place in February 2017), and a High Level Industrial Roundtable.

Cybersecurity

According to Jean-Claude Juncker, "Europe is still not well equipped when it comes to cyber-attacks". 80% of European companies experienced at least one cybersecurity incident in the past year. The EC is now proposing a set of tools to deal with cyber attacks, based on better resilience, effective deterrence and defense.

The ability of member states to react on cyber-attacks shall be strengthened, and the collaboration between member states shall be enhanced.

To better help companies and consumers, an EU-wide certification framework is to be established to avoid fragmentation in different national certificates. This shall ensure trustworthiness of devices and services that are crucial for the functioning of the Digital Single Market. It is expected that numerous individual certification schemes based on different requirements will be delivered (coordinated by a new EU cybersecurity agency). The use will be on a voluntary basis. Moreoever, companies are encouraged to already include the concept of "cybersecurity by design" in their development process. 

Proposed measures include:

• establishing an EU cybersecurity agency (built on existing ENISA) & a recommendation (Blueprint) for a coordinated EU response to cyberattacks (for crisis management)
• EU-wide cybersecurity certification framework
• Directive on the combatting of fraud and counterfeiting of non-cash means of payment
• creating an effective criminal law response by expanding the scope of offences to be able to properly prosecute cyber-crimes, and development of common standard for penalties
• strengthening international cooperation on cybersecurity

Free flow of non-personal data

EC has now also introduced rules to govern the free flow of non-personal-data, after having already regulated handling of the personal data in the general data protection regulation (GDPR). This will remove unjustified data localisation restrictions, while guaranteeing accessibility of these data for regulatory control.
Moreover, it encorages the development of self-regulatory codes of conduct, in order to make it easier for users to switch cloud service providers or to port data back to in-house servers.

Free flow of non-personal data means unrestricted movement of data across borders and IT systems in the EU. The regulation should contribute to creating a common European data space. 
It shall for example help SMEs to switch cloud service providers, provide legal certainty and increase trust in security of cloud services. Overall, it should make it easier for companies (especially SMEs and start-ups) to do business across borders in the EU.

It is anticipated that lower costs for data services and greater flexibility for companies could boost EU GDP by up to €8 billion per year.

This first move on the regulation of the free flow of non-personal data is only the first step of measures that were discussed in the context of the "Building a European Data Economy"-Communication of the EC (published in January 2017). The more controversely discussed acces to and re-use of data, for example for new business models based on the use of these data, has not been tackled so far. In B2B data sharing, it turned out to be difficult to find a one-size-fits-all solution. Data holders voice the need to protect their investments in data collection and the protection of commercially sensitive information. 

From EC workshops it became clear that the aim of the EC is to encourage more data sharing and to allow fair access to data (especially a huge concern in the automotive after-sales market). The debate among stakeholders focussed on the question whether freedom of contract is sufficient, hard EC legislation is needed or, as kind of a compromise, soft measures like model contract terms would be useful.

• New Industrial Policy Strategy
• Cybersecurity and free flow of non-personal data in the EU
• Jean-Claude Juncker's State of the Union Address