Spanish Prime Minister Pedro Sánchez on Wednesday unveiled a new government AI tool that will rank social media sites based on how much hate speech they host. “If hate is already dangerous, social networks have turned it into a weapon of mass polarization that ends up seeping into everyday life,” Sánchez said at an International Summit against Hate and Digital Harassment. “Today social networks are a failed state,” he said. The new system, known as HODIO, will analyze large volumes of publicly available activity on social media to measure the scale and spread of online hate speech. The data will be used to track how hateful content evolves and spreads on platforms, and will feed into a public ranking comparing how much hate speech circulates on major networks. The European Union has rolled out laws and regulations like the Digital Services Act to crack down on illegal and harmful online content. The rules have drawn the ire of the United States’ administration, which sees them as online censorship. The new Spanish hate speech tool comes as Sanchéz repeatedly clashed with U.S. President Donald Trump last week over the conflict in Iran. The Spanish prime minister said the initiative is aimed at holding platforms accountable for how their algorithms amplify polarizing content, and added that the government plans to introduce a legal offense for “algorithmic amplification” of hate speech. Sánchez launched a broader push for stricter digital regulation last month and wants to ban social media access for users under 16.

Scattered among the candy shelves and freezer cabinets in Russian supermarkets across Germany are advertisements promoting a business with a service the government has tried to outlaw: a logistics company specialized in moving packages from the heart of Germany to Russia, in defiance of European Union sanctions. Trade restrictions have been in place since 2014 and were tightened just after the 2022 invasion of Ukraine, when Western nations began to impose far-reaching financial and trade sanctions on Russia. But an investigation by the Axel Springer Global Reporters Network, which includes POLITICO, has identified a clandestine Berlin-based postal system that exploits the special status of postal parcels to transport all kinds of European goods — including banned electronics components — into President Vladimir Putin’s empire. We know every stop and turn in the route because we sent five packages and used digital tracking devices to follow them — through an illicit 1,100-mile journey that undermines the sanctions regime European policymakers consider their strongest tool to generate political pressure on Russian leaders by weakening their country’s economy. LS Logistics said its internal controls make violations of EU sanctions “virtually impossible” but that it was not immune from customers making fraudulent declarations about the goods they ship. “Sanctions enforcement is whack-a-mole,” said David Goldwyn, who worked on sanctions policy as U.S. State Department coordinator for international energy affairs and now chairs the Atlantic Council Global Energy Center’s energy advisory group. “It’s a hard process, and you have to constantly be adapting to how the evaders are adapting.” THE UZBEK LABEL In late December, we packed five square brown parcels with electronic components specifically banned under EU sanctions and addressed the parcels to locations in Moscow and St. Petersburg. When we brought our parcels to the counters of Russian supermarkets in Berlin, we told salespeople the packages included books, scarves and hats. But they never checked inside the packages, which in fact held banned electronic components we rendered unusable before packing. Salespeople charged us 13 euros per kilogram, about $7 per pound, refusing to provide receipts. What makes these cardboard packages even more special is their disguise: The employee does not affix Russian postal stickers to the boxes, but rather those of UzPost, the national postal service of Uzbekistan. The former Soviet republic is not subject to EU sanctions. UzPost maintains close ties to the Russian postal service, according to a person familiar with the entities’ history of cooperation granted anonymity to discuss confidential business practices. Tatyana Kim, the CEO of Russian ecommerce marketplace Wildberries and reputedly her country’s richest woman, recently acquired a large stake in UzPost, according to media reports. “We work with partners, including private postal service providers,” the Uzbek postal service stated in response to our inquiry. “They can use our solutions for deliveries.” In Germany, registered logistics companies are permitted to provide postal services — including pick-up, sorting and delivery — for international postal operators. However, the Federal Network Agency, which is responsible for postal oversight, says the Uzbek postal service is not authorized to perform any of these functions in Germany. (The Federal Network Agency said in a response to our inquiry that it is “currently reviewing” the case and that it would pursue penalties for LS if it is found to be using Uzbek documents without authorization.) After our packages spent one to two days at the supermarkets, we saw them begin to move. Inside each package we had placed a small black GPS device, naming them “Alpha,” “Beta,” “Gamma,” “Delta” and “Epsi.” We could track their movements in real time in an app, watching them closely as they wound through Berlin’s roads to Schönefeld, site of the capital’s international airport. There they stopped, unloaded into a modern warehouse that has been repurposed into a Russian shadow postal service. COLOGNE, TECHNICALLY In 2014, a retired professional gymnast was tasked with launching a subsidiary of Russia’s national postal service, the RusPost GmbH, which would operate with official authorization to collect, process and deliver postal items in Germany, according to a former employee granted anonymity to speak openly about the business. For 18 years, the St. Petersburg-raised Alexey Grigoryev had competed and coached at Germany’s highest levels, winning three national championship titles with the KTV Straubenhardt team and working with an Olympic gold medalist on the high bar. But he had no evident experience in the postal business. RusPost’s German business model collapsed upon the imposition of an expanded sanctions package in the weeks after Russia’s invasion of Ukraine in February 2022. Much like American sanctions on Russia, the European Union blocks sensitive technical materials that could boost the Russian defense sector, while allowing the export of personal effects and quotidian consumer items. “The sanctions are accompanied by far-reaching export bans, particularly on goods relevant to the war, in order to put pressure on the Russian war economy,” according to a statement the Federal Ministry of Economics provided us. In March 2022, while conducting random checks of postal traffic to Moscow, customs officials discovered sanctioned goods (including cash, jewelry and electrical appliances) in numerous RusPost packages. The Berlin public prosecutor’s office launched an investigation of the company, concluding that a former RusPost managing director had deliberately failed to set up effective control mechanisms, in breach of his duties. He was charged with 62 counts of attempting to violate the Foreign Trade and Payments Act over an eight-month period; criminal proceedings are ongoing. The Russian postal network did not quite disappear, however. A new company called LS Logistics Solution GmbH was formed in December 2022, according to corporate filings. LS filled its top jobs, including customs manager and head of customer service, with former RusPost employees, according to their LinkedIn profiles. The new company listed as its business address an inconspicuous semi-detached house in a residential area of Cologne, across from a church. When we visited, we found an old white mailbox whose plated sign lists LS Logistics alongside dozens of other companies supposed to be housed there. But none of them seemed to be active. The building was empty during business hours, its mailbox overflowing with discolored brochures and old newspapers. The operational heart of LS is the warehouse complex in Berlin-Schönefeld, just a few minutes from the capital’s airport. The building itself is functional and anonymous: a long, gray industrial structure with several metal rolling doors, some fitted with narrow window slits. Through them, towering stacks of parcels are visible, packed tightly, sorted roughly, stretching deep into the hall. Trucks arrive and depart regularly, from loading bays lit by harsh white floodlights that cut through the otherwise quiet industrial area. Behind the warehouse lies a wide concrete parking lot where a black BMW SUV with a license plate bearing the initials AG is often parked. We saw a man resembling Grigoryev enter the car. The former head of RusPost officially withdrew from the postal business after authorities froze the company’s operations. Unofficially, however, the 50-year-old’s continued presence in Schönefeld suggests otherwise. According to one former RusPost employee, the warehouse near the airport serves as a collection point for parcels from all over Europe. Other logistics companies with Russian management have listed the warehouse as their business address, some of their logos decorating the façade. LS Logistics Solution GmbH has the largest sign of them all. THE A2 GETAWAY According to tracking devices, our packages spent several days in the warehouse before being loaded onto 40-ton trucks covered with grey tarps, among several that leave every day loaded with mail. They were then driven toward the Polish border, through the German city of Frankfurt (Oder). Without any long stops, the 40-ton trucks traversed Poland on the A2 motorway, past Warsaw. Two days after leaving Berlin, they were approaching the eastern edge of the European Union. They arrived at a border checkpoint in Brest, the Belarusian city where more than a hundred years ago Russia signed a peace pact with Germany to withdraw from World War I. Now it marked the last place for European officials to identify contraband leaving for countries they consider adversaries. In 2022, the European Union applied a separate set of sanctions on Belarus because its leader, Alexander Lukashenko, a close ally of Putin, has supported Russia’s presence in Ukraine. Yet despite provisions that should have stopped our packages from leaving Poland, they moved onward into Belarus, their tracking devices apparently undetected. What makes this possible is the special legal status that accompanies international mail. While a formal export declaration is required for the export of regular goods, such as those moving via container ship or rail freight, simplified paperwork helps speed up the departure process for postal items. At Europe’s borders, this distinction becomes crucial, as postal packages are examined largely on risk-based checks rather than comprehensive inspections. “International postal items are subject to the regular provisions of customs supervision both on import and on export and transit and are checked on a risk-oriented basis in accordance with applicable EU and national legislation, including with regard to compliance with sanctions regulations,” the German General Customs Directorate stated in response to our inquiry. Two of our tracking devices briefly lost their signal in Belarus — likely part of a widespread pattern of satellite navigation systems being disrupted across Eastern Europe — but after a journey of around 1,100 miles, they all showed the same destination. Our packages had reached Russia’s largest cities. Ukrainian authorities told us they were not surprised by our investigation. The country’s presidential envoy for sanctions policy, Vladyslav Vlasiuk, said at the Ukrainian embassy in Berlin that his government regularly collects intelligence on such schemes and shares it with international partners. “Nobody is doing enough, if you look at the number of cases,” Vlasiuk said. ONE STEP BEHIND After the arrival of the packages, we confronted all parties involved, including LS Logistics Solution GmbH, the mysterious shipper that helped transport the goods from Europe to Russia. We called Grigoryev several times, but he never answered; efforts to reach him through the company failed as well. An LS executive would not answer our questions about his role. “Our internal control mechanisms are designed in such a way that violations of EU sanctions are virtually impossible,” LS managing director Anjelika Crone wrote to us. “Shipments that do not meet the legal requirements are not processed further. We are not immune to fraudulent misdeclarations, such as those that obviously underlie the ‘test shipments’ you refer to.” Crone said she could not answer further questions due to data protection and contractual confidentiality concerns. This month, Germany took steps to strengthen enforcement of its sanctions regime, expanding the range of violations subject to criminal penalties. The law, passed by the Bundestag in January, amends the country’s Foreign Trade and Payments Act to integrate a European Union directive harmonizing criminal sanctions law across its 27 member states and ensure efficient, uniform enforcement. Germany was one of the 18 countries put on notice by EU officials last May for having failed to follow the 2024 directive. The Federal Ministry for Economic Affairs, which is responsible for implementing the new policy, argued in a statement to the Axel Springer Global Reporters Network that the very ingenuity of the logistics network we unmasked operating within Germany was a testament to the strength of the country’s sanctions regime. “The state-organized Russian procurement systems operate at enormous financial expense to create ever new and more complex diversion routes,” said ministry spokesperson Tim-Niklas Wentzel. “This confirms that the considerable compliance efforts of many companies and the work of the sanctions enforcement authorities in combating circumvention are also having a practical effect. Procurement is becoming increasingly difficult, time-consuming, and expensive for Russia.” According to those who have tried to administer sanctions laws, that argument rings true — but only partly. “It’s probably more fair to say that sanctions had a material impact and increased the cost of bad actors to achieve their goals. But to say that they’re working well is probably overstating the truth of the matter,” said Max Meizlish, formerly an official with the U.S. Treasury’s Office of Foreign Assets Control and now a research fellow at the Foundation for Defense of Democracies. “When there’s evasion, it requires enforcement,” Meizlish went on. “And when you need more enforcement I think it’s hard to make a compelling case that the tool is working as intended.” The Axel Springer Global Reporters Network is a multi-publication initiative publishing scoops, investigations, interviews, op-eds and analysis that reverberate across the world. It connects journalists from Axel Springer brands—including POLITICO, Business Insider, WELT, BILD, and Onet— on major stories for an international audience. Their ambitious reporting stretches across Axel Springer platforms: online, print, TV, and audio. Together, these outlets reach hundreds of millions of people worldwide.

Germany’s data privacy authority on Thursday warned it can’t properly protect citizens from surveillance by the country’s intelligence services, right as Germany is moving to fortify its intelligence agency with sweeping new powers. “Citizens have virtually no means of defending themselves against intelligence measures that can deeply intrude on their privacy,” Louisa Specht-Riemenschneider, the head of the Federal Commissioner for Data Protection and Freedom of Information (BfDI), warned after a court ruled against the commissioner’s request to get data on espionage activities. Germany is drafting laws to give its intelligence services vast new powers, in a historic shift that breaks with decades of strict limits on its espionage abilities, rooted in the country’s Nazi and Cold War past. Berlin’s plan to empower intelligence services comes as European leaders grow increasingly concerned that U.S. President Donald Trump could move to halt American intelligence sharing with Europe. To keep German spies in check, the country’s privacy regulator started a legal challenge against the Federal Intelligence Service (BND) after it refused to share details of how it hacked electronic devices of foreigners abroad and gathered data. On Thursday, an administrative court ruled the privacy regulator didn’t have legal standing to pursue the case, redirecting it to file a complaint with Germany’s chancellery instead. The ruling means “areas free from oversight will emerge” within German spy agencies, Specht-Riemenschneider said, calling the agencies’ data processing practices “secretive.” Germany’s BND has historically been far more legally constrained than intelligence agencies elsewhere, due to intentional protections put in place after World War II to prevent a repeat of the abuses perpetrated by the Nazi spy and security services Gestapo and SS. The agency was put under the oversight of the chancellery and bound to a strict parliamentary control mechanism. Germany’s stringent data protection laws — which are also largely a reaction to the legacy of the East German secret police, or Stasi — restrict the BND further. The agency must, for instance, redact personal information in documents before passing them on to other intelligence services, POLITICO reported. The German government is now reviewing those constraints and preparing an overhaul of intelligence powers. Chancellor Friedrich Merz wants to boost and unfetter his country’s foreign intelligence service, giving it much broader authority to perpetrate acts of sabotage, conduct offensive cyber operations and more aggressively carry out espionage. Specht-Riemenschneider called on legislators to amend intelligence laws to make sure her authority can challenge agencies’ data processing, because the spy agency “can now effectively decide for itself what I am allowed to inspect and what I can therefore monitor,” she said. Spy services across Europe have also started to build a shared intelligence operation to counter Russian aggression. The push for deeper intelligence cooperation accelerated sharply after the Trump administration abruptly halted the sharing of battlefield intelligence with Kyiv last March. The BND did not immediately respond to a request for comment.

DUBLIN — TikTok on Tuesday began a defense of how it handles Europeans’ privacy and data in a court case that will define how Chinese-owned companies in Europe deal with Beijing’s spying laws. The popular social media app is going head to head with the Irish Data Protection Commission — Europe’s most powerful privacy regulator, which oversees tech giants including Meta, X and Google. At stake in the Irish court battle is whether TikTok is allowed to transfer personal data of Europeans to China. The company, which is owned by Chinese giant ByteDance, is challenging a €530 million fine by the Irish regulator last year, when officials found it had allowed Chinese staff to access Europeans’ data — but failed “to verify, guarantee and demonstrate” that the data was properly protected. The Irish regulator wants TikTok to shut off data flows to China, unless it can prove its user information is safe from Beijing’s invasive surveillance and intelligence laws. The case is a major test for Europe’s privacy rulebook, the General Data Protection Regulation (GDPR), and how it protects Europeans when their data is transferred to China. It comes as Europe is facing transatlantic pressure, forcing the bloc to revisit trade ties with Beijing, despite long-held security concerns over the Chinese government’s data snooping practices. Lawyers faced off Tuesday in Dublin’s top courts building, for the start of a grueling 10-day hearing, sparring over how to interpret the limits of Chinese laws and the merits of TikTok’s data practices. “The consequences of [the Irish regulator’s] decision are immense, even for a very large organization like TikTok,” the firm’s senior counsel Paul Gallagher told the court, estimating the cost of complying with the Irish order to run as high as €5 billion. If judges side with the Irish regulator, that could ultimately force TikTok to unplug from China entirely to continue serving European users — just months after it split off its U.S. operation into a new app, under the control of a group of investors led by Silicon Valley giant Oracle and investment firms Silver Lake and MGX, to alleviate long-standing American data security concerns. TikTok has estimated that it would cost billions for it to comply with the Irish regulator’s demand to cut off data flows, and would involve relocating thousands of its workers outside of China. DATA ACCESS WOES The Irish regulator slapped TikTok with the privacy fine last May after it found the platform couldn’t guarantee the data of its 159 million monthly users in Europe were safe from China’s “problematic” surveillance laws. “This is all about what TikTok have described as the relevant laws, and what the [Data Protection Commission, or DPC] have described as the problematic laws,” said TikTok’s senior counsel Gallagher, who is also a former attorney general for the Irish government. “We don’t think they are problematic, because we think they don’t apply. The DPC thinks they are problematic, because it thinks they do apply.” The fine was one of the highest the Irish regulator has handed out since it started enforcing the GDPR in 2018. It followed years of scrutiny from security and privacy authorities, as Western governments increasingly viewed TikTok as a threat. TikTok is owned by Beijing-based ByteDance, and staff in China have remote access to some European user data stored outside the country. In details shared with the Irish regulator during the investigation, TikTok said that the kind of data accessed by staff in China could include usernames and account holder details, interaction and activity data, and other personal data. It said the company didn’t intend to collect sensitive data about users, but it “may be collected incidentally or uploaded” by users, and staff needed to have “restricted and limited” access for research, security, analytics and other services. TikTok has said Chinese laws don’t apply to its data, which it stores outside of China, and has said it has never been asked to hand over data to Beijing’s authorities.  The firm already launched a massive campaign to alleviate European politicians’ security concerns in 2023, when it presented what it called “Project Clover,” a €12 billion plan designed to store data in Europe, overseen by a European security company. It mimicked a U.S. campaign called “Project Texas,” which promised similar controls to the U.S. in 2020. But the moves failed to persuade politicians. The EU already cracked down on TikTok for its own officials when it banned the app on their phones in 2023, a move that was followed by many governments across Europe. CHINA VS. US The TikTok case is also forcing Europe to deal with a blind spot: data flowing to China has, so far, been left largely unscrutinized. The EU has skirmished with American authorities for years over how to protect Europeans’ personal data from mass surveillance programs uncovered by whistleblower Edward Snowden in 2013. Data transfer agreements crafted by the EU and U.S. have been repeatedly wiped out by Europe’s top court over surveillance concerns. For data flowing to China, though, few cases have tested how companies protect Europeans’ data when it comes within reach of Beijing’s surveillance authorities. The Irish regulator’s decision to fine TikTok meant the “screw is turning” on data flows to China, Joe Jones, research director at the International Association of Privacy Professionals, said after the decision came out. “We’ve had over a decade of EU-U.K., EU-U.S. fights and sagas on [data flows]. This is the first time we’ve seen anything significant on any other country outside of that transatlantic triangle — and it’s China,” Jones said.

Chinese technology giant Huawei is participating in 16 projects funded by the European Commission’s Horizon Europe research and innovation program despite being dubbed a high-risk supplier. The Commission restricted Huawei from accessing Horizon projects in 2023 after saying that it (and another Chinese telecom supplier, ZTE) posed “materially higher risks than other 5G suppliers” in relation to cybersecurity and foreign influence. However, public data reviewed by POLITICO’s EU Influence newsletter shows that Huawei still takes part in several projects, many of which are in sensitive fields like cloud computing, 5G and 6G telecom technology and data centers. These projects mean Huawei has been working alongside universities and tech companies in Spain, France, Sweden, Denmark, the Netherlands, Germany, Belgium, Finland and Italy. It also has access to the intellectual property generated by the projects, as the contracts require the sharing of information as well as joint ownership of the results between partners. A Commission spokesperson confirmed that of the 16 projects, 15 were signed before the restrictions took place. The remaining project “was signed in 2025 and was assessed as falling outside the scope of the existing restrictions.” Many of the projects started in January 2023, with the contracts running out at the end of this year, while others will last until 2027, 2028 and 2030. “Huawei participates in and implements projects funded under Horizon Europe in a lawful and compliant manner,” a company spokesperson said. One of the projects is to develop data privacy and protection tools in the fields of AI and big data, along with Italy’s National Research Council, the University of Malaga, the University of Toulouse, the University of Calabria, and a Bavarian high-tech research institute for software-intensive systems. Huawei received €207,000 to lead the work on “design, implementation, and evaluation of use cases,” according to the contract for that project, seen by POLITICO. COMMISSION CRACKDOWN Last month the Commission proposed a new Cybersecurity Act that would restrict Huawei from critical telecoms networks under EU law, after years of asking national capitals to do so voluntarily. “I’m not satisfied [with] how the member states … have been implementing our 5G Toolbox,” the Commission’s executive VP for tech and security policy, Henna Virkkunen, told POLITICO at the time, referring to EU guidelines to deal with high-risk vendors. “We know that we still have high-risk vendors in our 5G networks, in the critical parts … so now we will have stricter rules on this.” The Commission is also working on measures to cut Chinese companies out of lucrative public contracts. Bart Groothuis, a liberal MEP working on the Cybersecurity Act, told POLITICO that the Commission should “honor the promises and commitments” it made “and push them out.” “They should be barred from participating. Period.” Huawei was also involved in an influence scandal last year, with Belgian authorities investigating whether the tech giant exerted undue influence over EU lawmakers. The scandal led to Huawei’s being banned from lobbying on the premises of the European Commission and the European Parliament.

LONDON — The Information Commissioner’s Office has fined Reddit £14.47 million for unlawfully processing the data of young children. Data protection law in the U.K. requires parental consent to process personal data of children aged under 13, but the U.K.’s data watchdog said the social media platform had failed to implement robust age assurance mechanisms, meaning it was unable to adequately determine the age of users. As a result, Information Commissioner John Edwards said children under the age of 13 “had their personal information collected and used in ways they could not understand, consent to or control. This is unacceptable and has resulted in today’s fine.” The ICO also said Reddit had not carried out a Data Protection Impact Assessment focusing on the risks of using children’s personal information before January 2025, even though children between 13 and 18 were allowed to use the platform. Confirmation of the fine follows the issuing of provisional decision against Reddit last year. It is the second and largest the ICO has issued for failing to comply with its Children’s Code, following a £250,000 penalty issued to MediaLab, operator of Imgur, earlier this month. The ICO said Reddit was issued a larger fine due to its size, the number of children affected by its infringement, and the degree of potential harm caused. Edwards said the ICO would continue to monitor companies for relying on users to self-declare their age, saying it is “not enough when children may be at risk.” “I therefore strongly encourage industry to take note, reflect on their practices and urgently make any necessary improvements to their platforms,” he said. A Reddit spokesperson said the company plans to appeal the ICO’s decision. “Reddit doesn’t require users to share information about their identities, regardless of age, because we are deeply committed to their privacy and safety. The ICO’s insistence that we collect more private information on every U.K. user is counterintuitive and at odds with our strong belief in our users’ online privacy and safety,” the spokesperson said.

BRUSSELS — European Parliament members on Monday slammed the Spanish government for using Huawei to store judicial wiretaps, with one leading lawmaker warning Madrid is putting its “crown jewels” at risk. The Spanish government has drawn criticism since the summer after it awarded a multimillion euro contract to Huawei for the storage of judicial wiretaps — a move that led the United States to threaten to cease intelligence sharing with Madrid. The outcry over Spain’s use of the Chinese tech giant for sensitive services lays bare how Europe continues to grapple with how to secure its digital systems against security threats. The European Union considers Huawei to be a high-risk supplier and wants to crack down on countries that still afford it broad market access. The EU proposed new draft cybersecurity legislation last month that, if approved, would force EU member countries to kick Huawei out of their telecoms networks, after years of trying to get capitals to ban the Chinese vendor voluntarily.  Lawmakers from several political groups said Spain’s contract with the Chinese tech giant could endanger the EU as a whole.  “We cannot operate in a union where one of the states actively strips high-risk vendors from its networks while another entrusts them with the crown jewels of its law enforcement,” said Markéta Gregorová, a Czech Pirate Party lawmaker who is part of the Greens group. Gregorová leads negotiations on a cyber bill that would give the EU the power to force Huawei and other — often Chinese — suppliers out of critical infrastructure in Europe. “When you introduce a high-risk vendor … we do not just risk a localized data breach, we risk poisoning the well of European intelligence sharing,” she said on Monday. Juan Ignacio Zoido Álvarez, a member of Spain’s center-right opposition party, said the decision puts “the entirety of the EU at risk.” The Spanish government has defended the contract it struck for storing wiretaps. Spain’s Interior Ministry said in a statement that the government had awarded a contract to “European companies,” which then bought storage products. “There is no risk to security, technological and legal sovereignty, nor is there any foreign interference or threat to the custody of evidence,” the ministry said. Interior Minister Fernando Grande-Marlaska told the Spanish parliament last September that Telefónica, the country’s telecom champion, operated a state surveillance system called SITEL and that storage “cabinets” had been integrated into that system.   Bloomberg reported last July that Huawei equipment is not used for classified information, with one government official saying the storage “represents a minor part of a watertight, audited, isolated and certified system.” On Monday, Juan Fernando López Aguilar, a prominent member of the European Parliament for the Socialists and Democrats group and a member of Prime Minister Pedro Sanchéz’s party in Spain, defended Madrid’s contract and pushed back on EU moves to intervene on the issue. In terms of “security, espionage, or violation of technological sovereignty,” there is “no risk,” Aguilar said. Huawei did not respond to a request for comment.

BRUSSELS — The European Union’s sweeping privacy reforms are off to a bad start. National governments want to shoot down a key legal change at the heart of the European Commission’s proposal to reform the General Data Protection Regulation (GDPR), a document obtained by POLITICO showed. The document is the first official negotiating text weighing in on the issue — and it shows how contentious reforming the GDPR will be. The privacy law is seen as the “third rail” of European tech policy, and is one of the EU’s most fiercely lobbied pieces of legislation in history. Amending it is expected to trigger a massive political and lobbying storm in Brussels. The Commission in November presented its “digital omnibus” plan as part of a bigger overhaul of data and AI laws that seeks to boost AI technology in Europe. It is one of (so far) 10 so-called omnibuses that aim to slash red tape and boost European competitiveness proposed by Ursula von der Leyen’s Commission. The new document, dated Feb. 20, was prepared by the rotating presidency of the Council of the EU, currently held by Cyprus, and serves as a basis for national governments to negotiate a joint position on the privacy reforms. The Cypriots took aim at a core change to the data protection rulebook: how the law defines personal data. If approved, the change would move troves of data out of the scope of privacy protections. The revision sought to adapt the GDPR to a recent ruling by the EU’s top court (SRB v EDPS), which found that sometimes “pseudonymized” data, where a person’s details are obscured so they can’t be easily identified, could move it outside the strict privacy guardrails of the GDPR. That would particularly benefit companies, including AI developers, which would be able to use pseudonymized data more freely as long as they can’t reasonably re-identify data subjects. The changes have already triggered a backlash from European privacy regulators, which this month warned against amending the definition, and have split EU countries, which pushed back against the reform in early position papers. But European tech and business lobby groups welcomed the Commission’s proposed reforms, applauding the EU executive for its efforts to unlock more data to fuel AI innovation. EU countries will consider the text on Feb. 27 at a meeting of diplomats focused on the EU’s simplification efforts. In the European Parliament, lawmakers are working on a first position on the GDPR reforms.

NEW DELHI — A top United States official on Wednesday told the European Union to focus more on innovation in artificial intelligence — and less on rules. “I do think the atmosphere in the EU needs to change and be more focused on innovation, less focused on governance and less focused on doomerism,” said Sriram Krishnan, the White House’s senior policy adviser on artificial intelligence, at an event of the Tony Blair Institute on the sidelines of the India AI Impact Summit. Krishnan reiterated the U.S. opposition to the EU’s Artificial Intelligence Act, which was adopted in 2024 and aims to mitigate risks associated with the technology. “The EU AI Act, which I have ranted about before this job, during this job, maybe after this job … it’s not really conducive to an entrepreneur who wants to build basic technology,” he said. One example, Krishnan said, was Peter Steinberger, the Austrian coder behind the personal AI assistant platform OpenClaw who is moving to the U.S. to join OpenAI. Krishnan was much more positive about India’s regulatory approach, which he praised as “pro-innovation.” World leaders, including EU tech chief Henna Virkkunen and French President Emmanuel Macron, will gather on Thursday in New Delhi. A draft of the declaration of the summit, seen by POLITICO, didn’t include the word safety. Ever since the first AI Summit in the United Kingdom in 2023, the series of annual summits has gradually shifted from discussions on AI governance to business and investment deals between the industry and governments.

BERLIN — Germany is moving to fortify its foreign intelligence agency with sweeping new powers in preparation for a potential divorce from the United States.  The plan comes as German and other European leaders grow increasingly concerned that U.S. President Donald Trump could move to halt the American intelligence sharing Europe largely relies on — or exploit that dependence for leverage. Just as European countries must radically bolster their militaries to gain more autonomy, officials in Berlin argue, so too must Germany’s intelligence apparatus grow far more capable. “We want to continue working closely with the Americans,” Marc Henrichmann, the chairman of a special committee in Germany’s Bundestag that oversees the country’s intelligence services, told POLITICO. “But if a [U.S.] president, whoever that may be, decides in the future to go it alone without the Europeans … then we must be able to stand on our own two feet.” German leaders believe the need is especially urgent in their country, where the foreign intelligence service, or BND, is far more legally constrained than intelligence agencies elsewhere. Those restraints stem from intentional protections put in place after World War II to prevent a repeat of the abuses perpetrated by the Nazi spy apparatus. But those restraints have had the side effect of making Germany particularly dependent on the U.S. for intelligence gathering, and this is now seen as a potential danger. “The intelligence business is one where the question always arises: What do you offer me, what do I offer you?” Henrichmann said. “And of course, if Germany is only a taker, the risk is simply too great.”  German Chancellor Friedrich Merz now wants to boost and unfetter his country’s foreign intelligence service, giving it much broader authority to perpetrate acts of sabotage, conduct offensive cyber operations and more aggressively carry out espionage. Thorsten Frei, the chancellery official overseeing the intelligence reform, this week likened the plans to the Zeitenwende, or “historic turning point,” Germany’s former Chancellor Olaf Scholz declared after Russia’s full-scale invasion of Ukraine. At the time, Berlin announced major investments to bolster its long-neglected armed forces. A similar shift, Frei said, “must now also be applied to our intelligence services.” NAZI LEGACY Germany’s BND was founded in 1956 with legal limitations intended to prevent a repeat of the abuses perpetrated by the Nazi Gestapo and SS — though, at the time, many of its agents were former Nazis. To strictly divide the BND from the police and prevent interference with domestic affairs, the agency was put under the oversight of the chancellery and bound to a strict parliamentary control mechanism. Its powers were limited to collecting and analyzing intelligence. Agents were not given the legal capacity to intervene to foil perceived threats. Friedrich Merz wants to boost and unfetter his country’s foreign intelligence service. | Sven Hoppe/Getty Images Such restrictions persist until this day. German spies, for example, could through surveillance become aware of plans of an impending cyberattack, but are virtually powerless to stop it on their own. They can bug a conversation with strict legal oversight, but are unable to carry out acts of sabotage to undermine a discovered threat. Germany’s stringent data protection laws — which are also largely a reaction to the legacy of the East German secret police, or Stasi — restrict the BND further. The agency must, for instance, redact personal information in documents before passing them on to other intelligence services. Such restrictions are no longer justified especially in light of the rising threat of Russian sabotage, say German officials. “If there are attacks on Germany, then in my view it is not enough for us to simply watch, we must also be able to defend ourselves,” said Frei, the chancellery official in charge of the BND reform. “All other countries in the world that have corresponding services of a corresponding size do this.” As a consequence of Germany’s intelligence weakness, the country has heavily relied on U.S. clandestine activities to stop planned attacks. The U.S., for instance, provided warnings about a Russian plot to assassinate the CEO of Rheinmetall and a plot by a Chechen national to attack the Israeli embassy in Berlin. Only about 2 percent of terrorist threat warnings come from the BND itself, according to a report in Germany’s Bild that cited a confidential agency document. This heavy reliance on the U.S. has led some German leaders to warn that the alliance with Washington must be preserved to the extent possible even as Berlin gradually moves to become less dependent on it. Without U.S. intelligence sharing, “we are defenseless,” Foreign Minister Johann Wadephul said in a radio interview this week. “That is the pure reality, which I cannot spare anyone from.” ‘GAME WITHOUT RULES’ German officials were shaken when Washington temporarily halted its intelligence sharing with Ukraine in March last year to pressure Kyiv during peace negotiations with Russia, a move that effectively blinded the Ukrainian military in the middle of the war. The episode showed that the Trump administration is willing to use American dominance in intelligence gathering to exert leverage over allies. Several months later, Merz vowed to significantly increase the BND’s capabilities.  “Old certainties have been devalued, tried-and-tested rules no longer apply,” Merz said in a speech to agency officials. “Given the responsibility we bear in Europe in view of our size and economic strength, it is therefore our aspiration that the BND should operate at the very highest level in terms of intelligence.”  Merz’s government has increased the BND budget by about 26 percent to €1.51 billion this year. The chancellor is also moving to relax the data protection regulations to which the BND is subject, allowing use of AI and facial recognition. The chancellery hopes to bring a full package of proposed reforms to a vote in parliament by the fall. German officials were shaken when Washington temporarily halted its intelligence sharing with Ukraine. | Sergey Bobok/AFP via Getty Images Still, considerable restrictions on the BND are likely to remain in place. The agency’s expanded powers will be contingent on the chancellery’s national security council declaring a “special intelligence situation” that is also subject to the approval of two-thirds of lawmakers in the parliamentary committee overseeing the BND, according to German media outlets citing a draft of the chancellery’s proposal. But many lawmakers belonging to Germany’s coalition government still believe the proposed changes will put the country in a far better position to defend itself. “Those who are working against us — Russian state actors, Russian cyber factories — are working in the same way as the Nazi intelligence services did back then,” Henrichmann, the conservative lawmaker who heads the parliamentary committee, said. “In a game without rules, we cannot stand by and impose artificial restrictions on ourselves.”