Priorities for the international agenda of EU’s digital policy in the 2024-2029 mandate

Close-up of a hand holding a mobile phone displaying a live broadcast of Roberta Metsola (seated in a studio, wearing a light-coloured suit and speaking into a microphone), President of the European Parliament. The blurred background reveals the shadow of a person and the same studio, illuminated by blue lights. digital
Technology and economics
Working Paper
Raquel Jorge-Ricart is an Analyst at the Elcano Royal Institute working on the technology and digital agenda
Raquel Jorge Ricart
// Posted on 30 Jan 2025

Latest Publications

Lessons from last mandate over the 2019-2024 period

Lessons from the last European Commission’s mandate (2019-2024) show that the international engagement of the European Union institutions in technology policy with third partners has largely increased. The institutionalization of dialogues with other countries has been translated into structured platforms for trust and information exchange and, in some cases, for joint decisions on implementation roadmaps. This is the case of the EU-US Trade and Technology Council, the EU-India Trade and Technology Council, the Digital Partnership Agreements with many Indo-Pacific countries -Japan, Republic of Korea, and Singapore-, the launch of the EU-LAC Digital Alliance, or the strengthening of the Digital Agenda for Western Balkans.

Also, this mandate witnessed the first-ever coordinated support from the 27 Member States to digital diplomacy through the endorsement of the Conclusions from the Council of the EU in July 2022 on establishing a framework of digital diplomacy which serves as umbrella to coordinate all actions related to the foreign policy of EU’s technology policy. This includes security issues -e.g. the negotiations of the Framework for Responsible State Behavior on cyber norms at the UN-, economic topics -e.g. investments from the Global Gateway onto third countries, or agreements on telecommunications, 5G and others in third partners- and in regulatory convergence efforts -e.g. the establishment of the EU’s Office in San Francisco singularly devoted to giving outreach to the digital policy legislative files.

However, if the European Union’s perspective has been since 2019 focused on sovereignty and open strategic autonomy, the new mandate in 2024 kicks off with a paradigm shift towards economic security. Also, a second layer of this transformation is marked by the transition from a regulatory focus into a new approach oriented to industrial policy, public intervention and competitiveness as the vertebral axis of digital and clean transitions and a stronger defense baseline.

These transformations over the 2019-2024 period have contained an international angle. This chapter addresses four main policy angles that the new mandate for the 2024-2029 period should include in the international dimension of EU’s digital policy:

  • The institutional and governance dimension with the creation of first-ever Executive Vice-President for Technology Sovereignty, Security and Democracy;
  • The strengthening and further coordination of digital diplomacy efforts;
  • The technological dimension in the Enlargement Policy mostly with candidate countries to access the European Union;
  • Revamped agenda with priority-setting and an action-based roadmap for putting the Economic Security Strategy into practice.

Boosting policy needs from Draghi and Letta reports

While both Draghi and Letta reports largely touch upon domestic policy needs at the EU level and across Member States, the international angle is present both explicitly and implicitly.

Concretely, main ideas showcase that the key driver of the rising productivity gap between the EU and the US has been digital technology. The EU failed to capitalize on the first digital revolution led by the Internet in the 1990s. At present times, high-technology capital is concentrated in the United States (e.g. 70% of foundational AI models are developed in the U.S., 65% of European cloud market is led by three U.S. hyperscalers, and 5 out of top 10 quantum-related companies are concentrated in the U.S. and four in China).

The Draghi report indicates that the EU has lagged behind too far. However, while first-tier leadership is not possible for many technologies, the EU has the opportunity to maintain a foothold in specific areas where either the dependencies may be partially reduced or where it may become a frontrunner if investments are effectively allocated. This is the case of “sovereign cloud” solutions, where Draghi calls for further security and encryption. Selected segments are autonomous robotics, where the EU hosts around 22% of worldwide activity, and in AI services such as predictive analytics, forecasting, optimization, failure detection, business intelligence and business functions.

For this to happen, Draghi recommends scalability in the spending of R&I and shifting the focus towards breakthrough innovation. It compares it to the U.S. Defense Advanced Research Projects Agency (DARPA) and other “ARPA-style” agencies. Another recommendation is the creation of stronger innovation clusters, where out of the 10 top global hubs, 4 are located in the U.S. and 3 in China. Also, looking at the international angle, Draghi proposes following a model closer to the U.S. or China for mobile network operator groups, which are concentrated in these two cases, while in the EU there are 34 groups. Fragmentation hinders competitiveness.

As for Letta, his report “Much more than a market” provides an innovative approach to the international agenda of the EU. Only by means of a 5th freedom on research, innovation, data, competences, knowledge and education, a European integration -and, then, a coordinated EU’s position worldwide- will be feasible. Under this framework, the EU will be better suited to position itself not only as a global leader in setting international standards for innovation and knowledge diffusion, but a creator and a maker of new technologies.

These messages also translate the idea that a further integrated EU across its 27 Member States in the digital space also leads to a stronger EU’s international agenda.

Institutionalization of the international dimension of EU’s digital policy: the new College

The profile creation of the first-ever Commissioner-designate for Tech Sovereignty, Security and Democracy (with an Executive Vice-President role) should put digital diplomacy at the center of its international engagement roadmap. Mission letter from the President of the European Commission, Ursula Von der Leyen, asks Henna Virkkunen to boost productivity with digital technology diffusion, strengthen EU’s digital competitiveness, intensify investments concerning the next wave of frontier technologies -in particular, quantum computing, supercomputing, semiconductors, the Internet of Things, genomics, space technology and beyond-, and requests a long-term EU Quantum Chips plan.

Due to the limited capacity in resources, technical maturity and competitive market players on EU soil, the Commissioner-designate should channel these developments through international engagement initiatives with key partners, identified based on the level of mutual benefit and strategic interest, by ensuring these partnerships are sustainable and based on a level-playing field.

Also, the new EVP for Tech Sovereignty should ensure coherence and complementarity between internal and external digital policies, especially when touching upon sensitive security-related issues. This should apply to bilateral partnerships and to current efforts leading to global digital governance. The first case should delve into leveraging EU’s current efforts in certain technology verticals and find trusted partners. Semiconductors cannot be developed only and exclusively in the EU or in any other region. The EU should leverage the budget derived from the Chips Act and the tools from the Chips Joint Undertaking (including pilot lines and process capabilities development) to arrange collaboration arrangements with third countries.

One of the first deliverables from the EU-Japan Digital Partnership Council was a Memorandum of Cooperation establishing cooperation in semiconductors, including an early warning mechanism for the semiconductor supply chain; research and development for semiconductors; advanced skills for the semiconductor industry; use cases of semiconductor applications; and subsidy transparency. On the EU side, all collaborative research actions will be funded by the EU’s Research & Innovation programme Horizon Europe including the actions launched through the Chips Joint Undertaking. In the case of the Republic of Korea, the first bilateral Forum for Semiconductor Researchers took place. The EU-India Trade and Technology Council led to the first Memorandum of Understanding on semiconductors. Also, the EU-US TTC established an early warning system for supply chain crisis in semiconductors.

However, this new mandate should broaden the scope of collaboration -from the current information exchange, R&D and early warning mechanism- towards a more ambitious agenda where joint investments may be leveraged.

Another area to ensure complementarity and coherence among internal and external actions is AI. In this case, the AI Office should consolidate its international relations branch with staff teaming up for engagement in concrete, tangible areas of AI technical development with third countries. Networking with other AI Offices and Safety Institutes from trusted partners and arranging priority lists will be fundamental to ensure the sustainability of technical partnerships (beyond regulatory dialogues). It is in technical development where actual leadership may take place due to the increasing integration of AI into non-technological sectors.

Also, the EVP should work on the security angle of AI to ensure international binding agreements on meaningful human control over the critical functions of systems deployed in defense with AI.

The second case on international governance relates to tangible actions such as the implementation roadmap of the UN-led Global Digital Compact where the EU has influenced the final content of the document to promote a human-centric vision. Spain has become one of the co-facilitators to ensure this implementation and the EU should play an active role. Also, international ICT standard-setting bodies should be a targeted area of the new Commissioner and EVP in order to enhance EU coordination. This is key to reducing dependencies and strengthening the capacity in critical technologies. The EU Observatory on Critical Technologies may broaden its scope and address potential policy research on which critical technologies the EU should partner up with specifically with targeted countries. For instance, the Republic of Korea and Japan have developed guidelines of National Core Technologies for basic research, and this might become an area of cooperation, falling back on the EU’s Digital Partnership Agreements with each respectively.

Similarly, topics that have received little attention from an EU-wide perspective and governance approach should be strengthened by the new College. This is the case of subsea cable infrastructure, for which the European Commission released a Recommendation for its security and resilience, and proposed greater coordination, unified technical cooperation, and increased funding.

Encouraging and entrusting digital diplomacy efforts

While international digital partnerships have been created rapidly during the 2019-2024 mandate with third countries and regions, as stated above, the release of the Conclusions of the Council of the EU on Digital Diplomacy in July 2022 signaled the high-level importance that this topic had, not only by the EU institutions, but also by the support from each of the 27 Member States.

With the goal to work towards a more concerted European approach, the agreement foresees four actionable pillars: strategic objectives, core proposals, implementation mechanisms, and institutional enhancements. While some of them have been put into motion, still most need to reach institutional maturity and further coordination in the coming years.

As for the strategic objectives, the EU should aim to position itself as a global leader in digital diplomacy by championing a human-centric and rights-based approach to technology. It is essential for the EU to leverage its geopolitical influence to shape digital governance frameworks that promote universal human rights, uphold the rule of law, and strengthen democratic principles in the digital sphere. Additionally, the EU should prioritize enhancing digital sovereignty by reducing vulnerabilities and critical dependencies in emerging and foundational technologies, ensuring resilience against external pressures.

As for the core proposals, the EU should comprehensively integrate digital diplomacy into its external action. This involves aligning digital diplomacy initiatives with existing policies, such as Green Diplomacy and Cyber Diplomacy, to address hybrid threats, cyberattacks, and foreign disinformation campaigns cohesively. The EU should foster international collaboration by partnering with global entities such as the United Nations, G7, OSCE, and WTO to uphold democratic standards and advocate for a stable, open, and secure internet governed by multi-stakeholder principles. It should also take a leading role in influencing the development of ethical technology standards through its strong presence in global standardization bodies.

The EU should actively promote its internal digital policies globally, ensuring that its regulatory frameworks, such as the “Digital Compass” vision for 2030, gain international traction. Advocacy for governance approaches that balance innovation with ethical and responsible use of technology should remain a central pillar. Another priority should be to facilitate a sustainable digital transition by utilizing digital tools to advance the UN Sustainable Development Goals (SDGs), address climate change, and build resilient digital infrastructures, particularly in regions with significant technological disparities.

To counter malicious activities in the digital sphere, the EU should strengthen its policies to combat cyberattacks, disinformation, and state-sponsored interference. Mechanisms like the Cyber Diplomacy Toolbox should be further developed and deployed, alongside initiatives to address online hate speech and violent content. These efforts will safeguard democratic processes, foster public trust, and protect the digital ecosystem from misuse.

Regarding implementation mechanisms, the EU should focus on building and strengthening partnerships to implement its digital diplomacy goals effectively. Existing collaborations, such as the EU-U.S. Trade and Technology Council, should be expanded to advance shared objectives.  Additionally, the EU should integrate investments in digital infrastructure with the strategic promotion of technological solutions and regulatory convergence through digital economy packages.

The EU should engage with a broad range of stakeholders, including academia, civil society, and the private sector, to develop innovative solutions to address challenges such as data security and privacy. Promoting ethical European business practices and data governance models globally will allow the EU to set a strong example and enhance its influence in shaping digital policies.

As for institutional enhancements, the EU should invest in capacity building and institutional development. Training diplomats in digital diplomacy will enhance technical expertise and enable strategic geopolitical positioning. Regional digital diplomacy hubs within key EU delegations should be established to streamline efforts and strengthen outreach. Additionally, the EU should develop robust mechanisms for monitoring global technological developments, enabling it to address their implications for digital sovereignty and security effectively. Regular reporting and assessment of the impact of digital technologies on democracy and human rights should ensure alignment with core EU values.

Also, external factors such as the U.S. elections should be observed in order to guarantee that the EU-US Trade and Technology Council keeps on track and serves as a tangible platform to provide specific measures and joint cooperation areas. Trust is needed to ensure technological competitiveness within the EU and outside with third partners.

Enlargement and EU candidate countries

Candidate countries for accession to the EU should be a relevant element of EU’s digital diplomacy efforts. Many countries have moved forward in the compliance with the required elements by the EU to enter into the process of being considered as candidate countries, such as Ukraine, Georgia or Moldova, among others.

Convergence and coherence in digital policy issues, including telecommunications, technical standards, cybersecurity certification schemes, electronic communications, or the transmission of personal data, are areas where the EU should get involved further, not only from a domestic policy perspective, but also through the lens of foreign policy. Candidate countries are also affected by third partner’s interference in some areas such as disinformation or are particularly vulnerable in assets such as cables or data centers’ security and resilience. The EU’s international engagement should focus on making sure these vulnerabilities are overcome and there is no harmful influence from illiberal countries.

Currently, candidate countries are Albania, Bosnia and Herzegovina, Georgia, Moldova, Montenegro, North Macedonia, Serbia, Turkey and Ukraine. According to the 2024 Communication on EU Enlargement Policy, there are several areas where all candidate countries should focus on: digitalization of the justice system, strengthening of digital infrastructure, economic policies oriented to clean and digital transitions, interoperability of technological assets such as the identity wallet (such as the Balkan Digital Identity Wallet or the WiFi4EU initiative in Western Balkans), the inclusion of the region in the European Digital Innovation Hubs, regional connectivity through digital infrastructure for transport and energy sectors, and agreements on electronic communications regulatory convergence, roaming agreements with telecom operators, convergence with the EU 5G Cybersecurity Toolbox, cyber resilience frameworks, the facilitation of the development of research infrastructures, science and technology parks, the promotion of technology transfer schemes, and innovation support measures.

Albania needs to address several areas to align with EU standards and improve digital integration. In electronic communications, the rollout of the 112 emergency number is incomplete, and fixed internet broadband access remains inequitable, especially in rural areas. Digital services require efforts to ensure equal access and alignment with the Digital Services and Digital Markets Acts. In digital skills, further progress is needed to expand ICT curricula and training programs. Cybersecurity demands greater focus on protecting critical infrastructure, operationalizing the new national security operations center, adopting the cybersecurity action plan, and enhancing cooperation with private sectors. Legislative updates are pending in electronic identification to align with the EU Digital Identity framework and for the ePrivacy Directive. The 700 MHz band needs to be released for mobile communications, including 5G, to prevent interference with neighboring countries. Moreover, improvements in statistical data collection are required to meet the Digital Economy and Society Index standards. Finally, in media, the Audiovisual Media Authority (AMA) needs better resources to enhance monitoring and reporting capacity, with no significant legislative developments since the 2023 Broadcasting Code approval.

Bosnia and Herzegovina faces significant challenges in aligning with EU standards across digital and media policy areas. The country lacks a broadband strategy, has not aligned electronic communications laws with the EU acquis, and faces delays in 5G licensing until at least 2026. The Communications Regulatory Agency suffers from political and financial dependency, with its board’s mandate expired since 2017. Digital services lack a national strategy, open data policy, and coordinated transformation, requiring alignment with EU frameworks like the Digital Services Act. Cybersecurity is underdeveloped, with no national strategy, legislative framework, or operational cybersecurity infrastructure such as CSIRTs. Additionally, legislation on electronic identity and signature interoperability remains unaddressed. In media, despite progress in digital broadcasting, public broadcasters lack financial sustainability and political independence, necessitating reforms in fee collection and governance to comply with EU standards and reduce political influence.

Montenegro has made progress in aligning with EU standards but still needs to address key policy areas. In electronic communications, while national legislation aligns with the European Electronics Communication Code, the government must adopt a National Plan for broadband infrastructure development and align with the Gigabit Infrastructure Act. In cybersecurity, Montenegro needs to establish a Cybersecurity Agency, meet critical infrastructure requirements, implement the 5G Cybersecurity Toolbox, and align with the e-Privacy Directive. Further efforts are required to align with the EU Digital Identity and Trust Services framework. In digital services, Montenegro should accelerate alignment with the Digital Services Act and Digital Markets Act to provide business predictability. Lastly, in the media sector, Montenegro must ensure the effective functioning of its restructured audiovisual regulator, AMU, strengthen its capacity to monitor the audiovisual market, and promote media literacy to solidify recent legislative advancements and cultural program participation.

North Macedonia needs to address several policy gaps to advance its digital transformation and align with EU standards. The country has yet to adopt long-term ICT and national cybersecurity strategies, and the Ministry of Digital Transformation must strengthen its capacity to coordinate policies effectively. In electronic communications, alignment with the EU Broadband Cost Reduction Directive is pending, and the independence of the regulator remains a concern after the dismissal of the AEC Commission. Fixed broadband coverage is substantial, but the 112 emergency services require enhancement. Digital services need improvement, with many critical services like issuing personal documents unavailable online and incomplete upgrades to the national e-portal. Efforts to align with the Digital Services Act, Digital Markets Act, and European Interoperability Framework must be prioritized. In cybersecurity, adopting the NIS2-aligned Law on security of networks, bolstering the national cybersecurity center, and addressing the cost and usability of e-identification tools are essential. Media sector challenges include delays in appointing regulatory members, enhancing oversight of new media formats, and concerns over reintroduced government advertising in private media. Lastly, alignment with the ePrivacy Directive and further expansion of broadband access in underserved areas remain critical goals.

Georgia lacks an overarching digital strategy despite announcing priorities like artificial intelligence and agrotechnology. In electronic communications, while progress was made with adopting the e-commerce Law and Broadband Cost Reduction Directive by-laws, Georgia still needs to align with the European Electronic Communications Code, the Regulation on geo-blocking, and platform-to-business relations. The ongoing 5G rollout shows alignment with EU standards, but further development is required. Digital services need significant improvement, with partial alignment on open data reuse and limited progress on the Digital Services Act (DSA) and Digital Markets Act (DMA). Alignment with the GDPR, AI Act, and EU AI innovation best practices is also necessary. In cybersecurity, the national strategy would benefit from closer adherence to the NIS2 Directive, and a National Interoperability Framework aligned with the European Interoperability Framework is needed to enhance cross-border digital services. Media regulation has improved with amendments to the broadcasting law addressing the protection of minors and self-regulation, but the independence of the national media regulator requires safeguarding. Finally, Georgia has made progress in media and information literacy by integrating it into formal education, training teachers, and developing resources, but continued efforts are needed to enhance digital literacy broadly.

Moldova has made progress in digital transformation, establishing a National Council for Digital Transformation in 2023 to implement the 2023-2030 strategy. It has started aligning with the EU Roaming acquis and the European Electronic Communications Code, while the National Regulatory Agency (ANRCETI) has taken over civil radio frequency management. Moldova ratified the Digital Europe programme association in May 2024, opening opportunities for EU projects. However, alignment with the Digital Services Act (DSA), Digital Markets Act (DMA), and open data policies remains insufficient. On cybersecurity, the newly established Cybersecurity Agency needs further operational strengthening, and media regulation improvements are ongoing.

Serbia needs to ensure the full operational and financial independence of the Regulatory Agency for Electronic Communications (RATEL) and improve its administrative capacity. Although Serbia adopted a new electronic communications strategy in 2024, the broadband law and 5G frequency auction legislation are still pending. Serbia also needs to align with the Digital Services and Digital Markets Acts, the EU Open Data Directive, and the AI Act by 2025. In cybersecurity, further alignment with the NIS 2 Directive and the European Digital Identity framework is required. Media regulation improvements are ongoing, but concerns remain regarding independence, media pluralism, and full implementation of media laws.

In Turkey, although the e-commerce market has expanded, alignment with the Digital Services Act and Digital Markets Act is needed. Existing digital services legislation, such as the Social Media and Disinformation Laws, conflicts with EU principles on freedom of expression. Türkiye’s e-government services have grown, but alignment with the European Interoperability Framework is required. Broadband competition remains weak, and progress on 5G procurement is slow. Türkiye must improve cybersecurity, continue implementing the 5G Cybersecurity Toolbox, and enhance media regulation clarity and independence.

Ukraine has made progress in aligning its electronic communications and digital services with EU standards, including adopting legislation on EU roaming and working on the regulatory framework for radio spectrum policy, though security concerns delay the release of the 700 MHz band. It continues developing its e-government system, seeking alignment with the European Interoperability Framework and the Digital Services Act. Ukraine has made strides in digital trust and cybersecurity, aligning with the European Digital Identity Regulation and implementing a national cybersecurity strategy. In media, Ukraine’s legislation aligns with the Audiovisual Media Services Directive, though restrictions on Russian TV channels remain due to security concerns.

While it is unknown whether or not, when and which countries will enter the European Union, the EU’s enlargement policy will be a central element in the coming years and digital policy is a significant element due to its impact on the security, resilience and economic competitiveness of the European Union.

The European Commission proposed in the summer of 2023 the first-of-its-kind Economic Security Strategy, which aims to address the economic security risks derived from certain economic flows and activities that may remain vulnerable or threatened in the current scenario of geopolitical tensions and accelerated technological development.

The European Economic Security Strategy is based on a three-pillar approach, or three Ps: promotion of the EU’s economic base and competitiveness; protection against risks; and partnership with countries with shared concerns and interests. The four areas that require risk assessment are: resilience of supply chains, including energy security; physical and cyber-security of critical infrastructure; technology security and leakage; and weaponization of economic dependencies and coercion.

Concretely, one of the first deliverables has been the list proposal on critical technologies by the European Commission, which encourages Member States to provide their risk assessments and lead to a collective work to determine which proportionate and precise measures should be taken to promote, protect and partner in specific technology areas. The goal is two-fold: to reduce dependencies from third actors whose supply chain and political security may be of high-risk, and to promote a diversification of strategic assets across the Union and with trusted partners.

The proposal for a European Economic Security Strategy emphasizes cooperation between the European Commission and EU Member States to strengthen economic security across various dimensions. Key actions for Member States include developing a shared framework for assessing economic risks, particularly regarding critical technologies, and engaging in a structured dialogue with the private sector to enhance risk management. Member States are also encouraged to coordinate on foreign investment screening, address outbound investment risks, and improve research security across the EU. Additionally, national efforts are expected to align with EU initiatives on export controls, dual-use technologies, and cybersecurity tools.

For this to happen, Member States, including Greece, Italy, Portugal and Spain, need to reflect on their own national approaches on how to Promote innovation, Protect our competitiveness and our technological capabilities, and Partner with trusted partners outside the EU but also through a strengthening of the cooperation across Member States.

Cooperation and coordination with Member States is particularly important due to the overall negative situation of EU’s leadership in critical technologies. According to Digital Europe’s Critical Technologies Gap report, the EU faces three major challenges in regaining its position as a global technology leader:

  1. Scalability Issues: Fragmentation within the single market and the absence of a unified strategy limit EU companies’ ability to grow and compete internationally.
  2. Investment Gaps: Europe lags behind the US and China in investing in capital-intensive critical technologies, with fragmented public funding and inefficiencies in research commercialization.
  3. Regulatory Barriers: Stringent EU regulations, unmatched elsewhere, create a competitive disadvantage for European companies, preventing them from growing and scaling within the region.

The EU is falling behind in critical technologies, with the US leading in most sectors, and China excelling in energy technologies. Despite strong R&D capabilities, the EU faces challenges in scaling, manufacturing, and commercializing innovations. A significant investment gap in AI, quantum computing, and space technologies hampers competitiveness. Additionally, complex regulations and restrictive funding hinder business growth, while a shortage of tech talent in key areas exacerbates the problem.

To remain competitive, the EU must strengthen global partnerships, enhance supply chain resilience, leverage its leadership in global standards, and establish priority-setting, timelines, expected outcomes and coordination mechanisms to reach its goals during the 2024-2029 period.

(*) This paper was originally published as a chapter of the PromethEUs’ Joint Publication ‘A Blueprint for the Digital Priorities for the New EU Mandate’, on 9 December 2024.

Image: A person holds a mobile phone displaying Roberta Metsola, President of the European Parliament, in a live broadcast. Photo: Daïna Le Lardic – Christophe Licoppe – EC Audiovisual Services / ©European Union, 2022.