A decisive year for the digital Single Market

The digital review of the year 2016 shows important progress on the way towards a digital Single Market. The year 2017 will focus on IT security.

The world is upside-down.
While the political Union has been eroding dangerously in 2016, there have also been some significant highlights in data aspects.

The hard-won reform package on data security that was achieved in May will unify European standards on a high level in all of the member states (likely without the UK). Union-wide implementation of the GDPR (General Data Protection Regulation) is mandatory within a period of two years.

The new data protection “made in Europe” will bring more transparency in the processing of personal data by private companies and public authorities as well as enforceable rights to 500 million EU citizens. Companies will benefit from more fairness in the competitive conditions of the EU’s Single Market.

In areas such as the “right to be forgotten”, voluntary, active and explicit approval of the processing of personal data, the right to take along data when the provider is changed or the rights on information in general, the affected persons’ rights have been strengthened. This progress is an answer to the demands of a social Internet economy and will set a mark worldwide.

The ethical principles of data protection with a European dimension are also clearly visible in the strict rules for data transfer to third countries, the focus on privacy by design and by default in the area of technical design respecting data protection, as well as the obligation of data processors to report on infringements of security and data misuse.

2016 has been a decisive year for network security

The outstanding set of GDPR rules is not the only reason why the year 2016 will be remembered as a decisive one. In its shadows, the “Data Protection Directive for police and criminal justice authorities” has been implemented in parallel. This directive submits the rights of law enforcement authorities to collect data to stricter constitutional controls.

However, data protection is just one aspect when it comes to establishing an “Internet of trust” to achieve European competitiveness on the global stage of data economy. It also requires reliable security for the critical network infrastructure on which our economies, our political and legal institutions, science and culture depend.

The Directive on security of network and information systems (NIS Directive) that has come into effect on August 8, 2016, is a major breakthrough. After a two-year moratorium it has to be implemented into national legislation. With its measures for technical cyber protection, the directive is adding value to the achievements of the GDPR.

The NIS Directive is focusing on the cooperation between EU countries in the protection of important social and economic infrastructure networks and is coordinating the defence against cyber threats and hacker attacks on critical services.

It is a good start towards a comprehensive cyber security strategy for the European Union. By placing importance on high network and information security as well as the multilateral exchange of expert know-how, the directive is taking into account that ICT is often operating across borders and that security incidents can lead to cascade effects in the form of system failures in several countries. In Austria, the NIS Directive will be implemented into national legislation via a national cyber security law.

Electronic identity brings Europeans closer together

The implementation of the eIDAS regulation (EU regulation on electronic identification and trust services for electronic transactions in the internal market, Nr. 910/2014) is an important step towards the realisation of a common European data room as a key concept of the DSM (Digital Single Market). eIDAS comprises regulations for electronic signatures and trust services such as electronic seals, timestamps, delivery of registered electronic mail or website certificates. The regulation is establishing a standardised framework for cross-border use of these services.

The electronic identity does not provide for an “EU eID” or a central database. Instead, the member states are to notify the eID system voluntarily. As a prerequisite, they have to offer three security levels (low, substantial, high). Austria is notifying its “Bürgerkarte” (Cititzen Card) with Mobile Phone Signature. By September 29, 2018, notified eIDs of EU member states must be mutually recognised.

In view of the fact that 13 million EU citizens are currently working in another member state, that many of the 21 million SMEs are operating internationally and that 150 million EU citizens shop online but only 20% of them do so in another EU country, the eIDAS regulation is an important signal to establish trust and security in the cross-border use of electronic services.

Fabasoft is consistently pursuing its European path

Fabasoft has been committed to the highest European standards of data protection and the protection of important information infrastructures for many years. And Fabasoft knows that Europe can only have success in global competition if the principles of today’s all-pervading data economy are based on European values and common technical specifications are developed for the major IT value drivers.

Cloud computing is the information technology’s core sector. Its use by organisations of any size and throughout Europe is one of the major prerequisites to ensure that the European high tech industry can play a role in global competition across all future-oriented technological developments.

European harmonisation is the main response to this effort of perpetuating our highly developed society. Fabasoft has therefore always continued to develop its entire Cloud ecosystem according to high-quality and independent certifications. This understanding has made us a European role model and has allowed us to establish the importance of information security throughout the entire Cloud value-added chain.

In the course of the year that is now coming to an end, we have strengthened our efforts by contributing to ETSI (European Telecommunications Standards Institute) to set Europe-wide specifications for safe Cloud computing in motion. In addition, we have been involved intensively in C-SIG (Cloud-Select Industry Group) to define a code of conduct for European suppliers of Cloud services.

In an effort to swiftly advance the digitisation of the European industry, the European Commission has decided in Spring to include prioritised standards for important digital areas of technology into its DSM strategy. By guaranteeing the interoperability of different networked devices (phone, computer, sensors), these standards intend to be incentive systems for digital innovation. Cloud computing is one of the five prioritised areas included in the European campaign for standardisation. The other four areas are 5G, the Internet of things, advanced data technology and cyber security.

In order to realise this plan on the basis of emerging technologies such as intelligent, machine-learning networks (AI), mobile health services, networked and autonomous vehicles or highly automated IT-supported industrial manufacturing processes, the EU Commission has suggested co-financing of audits and test series for an accelerated standardisation in cooperation with public-private partnerships (standardisation institutes and industry). A common European Cloud standard with clearly defined performance parameters, coming from the certification sector, will not only be a unique selling point of Europe, but will also ensure that developers of services (sub systems) throughout Europe can dock onto the standardised Cloud ecosystem.

Ultimately, common standards for Cloud computing will provide Cloud customers with a large market to choose from. One the one hand, competition will further improve the attractiveness of the Cloud computing market, while on the other hand associations of European Trusted Clouds (Cloud federation) will be possible.

Industry solutions are in demand

Following last year’s innovative break-throughs in product development – the Private Cloud and an appliance-based encryption concept – we are now moving towards industry solutions targeting our markets. Our success in the market shows what is important in upcoming Industry 4.0 appliances, IT-based multi-modal traffic concepts using autonomous vehicles or tele-medical healthcare: Electronic collaboration and the safe transfer of highly sensitive data in complex project implementations. We have been developing our Cloud solutions to this aim and are concentrating on IT security and usability. In the year 2017 we will continue our way and create even more public awareness through a “cyber security year”.

The DSM train will continue at full speed in the year 2017

The initiatives taken by the European Union this year with regard to the DSM allow us to be optimistic for the year 2017.

In May, the “E-Commerce Package” was started. It aims at abolishing unwarranted geoblocking and other forms of discrimination by citizenship or a customer’s place of residence within the Single Market. The process of overcoming the fragmented EU market is expected to be difficult and will meet with resistance of those holding rights to digital content. For consumers, it is however important to tackle this issue. Abolishing roaming charges in the Single Market has for a long time seemed to be illusory, and will now become a reality for consumers in next year’s month of June.

The regulation of online platforms with regard to non-discriminatory access, particularly for large app stores on mobile end devices, is also of great importance to the DSM. Since May, efforts are in place to implement a concept for the promotion of cross-border trade for European citizens and companies.

In its European Agenda for the collaborative economy (Shared Economy) the Union aims at realising business models successfully used by US companies such as Uber for car sharing or AirBnB for renting appartments. In April, the EU Commission started public consultations on the revision of the ePrivacy Directive. In this revision, special emphasis will be placed on the consistency of the ePrivacy Directive and the General Data Protection Regulation, the definition of its scope in view of new market and technical realities, and the improvement of integrity (security and reliability).

In my view, the definition of an up-to-date copyright law for the digital age is another important potential for the digital Single Market. It will make for a good start if consumers can use online subscriptions from their home country if they stay abroad for some time.

I think that the digital Single Market can benefit in particular from the “Free Flow of Data Initiative” which addresses restrictions in the free flow of data and locations for the storage and processing of data in Europe and also aims at resolving questions of data propriety, interoperability, usability and access on data in any constellation (B2B, B2C, machine generated and M2M). The “Cloud Initiative”, which focuses on raising the full potential of the European data economy by setting up a “European Open Science Cloud” is of equal importance to the establishment of a competitive data and knowledge society. It deals with the removal of five key barriers: The malfunctioning of data sharing caused by a lack of suitable incentive systems; inadequate interoperability; split data infrastructures (fragmentation into scientific and economic domains); a missing high performance computing infrastructure (HPC) for data processing with exascale super computers and quantum computing; as well as an insufficient reuse of data and analysis techniques.

The biggest hope – the cyber security industry package

Based on its cyber security strategy (strengthening the European cyber resistance, radical reduction of cyber crime, setup of industrial and technological resources for a powerful ICT security industry), the EU launched a “Public-Private Partnership on Cybersecurity” in July.

Within the framework of H2020, 450 million euros of funding are to promote a total investment of 1.8 billion euros until the year 2020 in this fastest growing ICT market. 75 percent of this amount are raised by the developed industry. In 2018, global sales of products and solutions for cyber security will amount to 100 billion dollars. Europe could generate about 17% of this amount. The partnership was signed by the EU and the European Cyber Security Organization (ECSO) which is the umbrella organisation of cyber security market participants. The two partners aim at including national, regional and local authorities as well as research centres.

The EU Commission furthermore wants to take dedicated measures for the removal of the fragmentation that still exists in the European cyber security market. Today, an ICT company needs to go through different certification processes if it wants to sell its products in various member states. The Commission therefore wants to establish a “European Certification Framework” for ICT security products to facilitate access within the EU market.

These measures are confirming my conviction that the data protection year 2016 will be followed by a cyber security year. The digital Single Market can only prosper if we place the utmost attention on the protection of our data and our network infrastructures.
In 2017, Fabasoft will put a strong emphasis on cyber security in all market activities and ICT events. At next year’s European Forum Alpbach under the general motto “Conflict and Cooperation” we will raise public awareness for the most important concern of our European data economy. I am highly confident that the new year will be a great year for European ICT, and that we will get considerably closer to the dream of a digital Single Market.