BRUSSELS — In the 10 years since the Brussels terror attacks, the EU has tightened its security strategy but the internet is opening up new threats, according to the bloc’s counterterrorism coordinator.  Daesh is “mutating jihadism,” Bartjan Wegter told POLITICO in an interview on the eve of the anniversary of the terrorist attacks in Brussels, which pushed the bloc to bolster border protection and step up collaboration and information-sharing. The group has “calculated that it’s much more effective to radicalize people who are already inside the EU through online environments rather than to organize orchestrated attacks from outside our borders,” he said.  “And they’re very good at it.” Ten years ago, two terrorists from Daesh (also known as the so-called Islamic State) blew themselves up at Brussels Airport. Another explosion tore through a metro car at Maelbeek station, in the heart of Brussels’ EU district. Thirty-two people were killed, and hundreds more injured.  The attacks came just months after terrorists killed 130 people in attacks on a concert hall, a stadium, restaurants and bars in Paris, exposing gaps in information-sharing in the bloc’s free-travel area. The terrorists had moved between countries, planning the attacks in one and carrying them out in another, said Wegter, who is Dutch. “That’s where our vulnerabilities were.” Today, violent jihadism remains a threat and new large-scale attacks can’t be excluded. But the probability is “much, much lower today than it was 10 years ago,” said Wegter. In the aftermath of the attacks, the bloc changed its security strategy with a focus on prevention and a “security reflex” across every policy field, according to Wegter. It’s also stepping up police and judicial collaboration through Europol and Eurojust, and it’s putting in place databases — including the Schengen Information System — so countries could alert each other about high-risk individuals, as well as an entry/exit system to monitor who enters and leaves the free-travel area. But the bloc is facing a new type of threat, as security officials see a gradual increase in attempted terrorist attacks by lone actors. A lot of that is being cultivated online and increasingly, younger people are involved. “We’ve seen cases of children 12 years old. And, the radicalization process [is] also happening faster,” Wegter said. “Sometimes we’re talking about weeks or months.” In 2024, a third of all arrests connected to potential terror threats were of people aged between 12 and 20 years old, and France recorded a tripling of the number of minors radicalized between 2023 and 2024, said Wegter.  “Just put yourself in the shoes of law enforcement … You’re dealing with young people who spend most of their time online … Who may not have a criminal record. Who, if they are plotting attacks, may not be using registered weapons. It’s very hard to prevent.” Violent jihadism is just one of the threats EU security officials worry are being cultivated online. Wegter said there is also an emerging trend of a violent right-wing extremist narrative online — and to a lesser extent, violent left-wing extremism. There’s also what he called “nihilistic extremist violence,” a new phenomenon that can feature elements of different ideologies or a drive to overthrow the system, but which is fundamentally minors seeking an identity through violence. “What we see online, some of these images are so horrible that even law enforcement needs psychological support to see this kind of stuff,” said Wegter. Law enforcement’s ability to get access to encrypted data and information on people under investigation is crucial, he stressed, and he drew parallels with the steps the EU took to secure the Schengen free movement 10 years ago. “If you want to preserve the good things of the internet, we also need to make sure that we have … some key mechanisms to safeguard the internet also.”

Anton, a 44-year-old Russian soldier who heads a workshop responsible for repairing and supplying drones, was at his kitchen table when he learned last month that Elon Musk’s SpaceX had cut off access to Starlink terminals used by Russian forces. He scrambled for alternatives, but none offered unlimited internet, data plans were restrictive, and coverage did not extend to the areas of Ukraine where his unit operated. It’s not only American tech executives who are narrowing communications options for Russians. Days later, Russian authorities began slowing down access nationwide to the messaging app Telegram, the service that frontline troops use to coordinate directly with one another and bypass slower chains of command. “All military work goes through Telegram — all communication,” Anton, whose name has been changed because he fears government reprisal, told POLITICO in voice messages sent via the app. “That would be like shooting the entire Russian army in the head.” Telegram would be joining a home screen’s worth of apps that have become useless to Russians. Kremlin policymakers have already blocked or limited access to WhatsApp, along with parent company Meta’s Facebook and Instagram, Microsoft’s LinkedIn, Google’s YouTube, Apple’s FaceTime, Snapchat and X, which like SpaceX is owned by Musk. Encrypted messaging apps Signal and Discord, as well as Japanese-owned Viber, have been inaccessible since 2024. Last month, President Vladimir Putin signed a law requiring telecom operators to block cellular and fixed internet access at the request of the Federal Security Service. Shortly after it took effect on March 3, Moscow residents reported widespread problems with mobile internet, calls and text messages across all major operators for several days, with outages affecting mobile service and Wi-Fi even inside the State Duma. Those decisions have left Russians increasingly cut off from both the outside world and one another, complicating battlefield coordination and disrupting online communities that organize volunteer aid, fundraising and discussion of the war effort. Deepening digital isolation could turn Russia into something akin to “a large, nuclear-armed North Korea and a junior partner to China,” according to Alexander Gabuev, the Berlin-based director of the Carnegie Russia Eurasia Center. In April, the Kremlin is expected to escalate its campaign against Telegram — already one of Russia’s most popular messaging platforms, but now in the absence of other social-media options, a central hub for news, business and entertainment. It may block the platform altogether. That is likely to fuel an escalating struggle between state censorship and the tools people use to evade it, with Russia’s place in the world hanging in the balance. “It’s turned into a war,” said Mikhail Klimarev, executive director of the internet Protection Society, a digital rights group that monitors Russia’s censorship infrastructure. “A guerrilla war. They hunt down the VPNs they can see, they block them — and the ‘partisans’ run, build new bunkers, and come back.” THE APP THAT RUNS THE WAR On Feb. 4, SpaceX tightened the authentication system that Starlink terminals use to connect to its satellite network, introducing stricter verification for registered devices. The change effectively blocked many terminals operated by Russian units relying on unauthorized connections, cutting Starlink traffic inside Ukraine by roughly 75 percent, according to internet traffic analysis by Doug Madory, an analyst at the U.S. network monitoring firm Kentik. The move threw Russian operations into disarray, allowing Ukraine to make battlefield gains. Russia has turned to a workaround widely used before satellite internet was an option: laying fiber-optic lines, from rear areas toward frontline battlefield positions. Until then, Starlink terminals had allowed drone operators to stream live video through platforms such as Discord, which is officially blocked in Russia but still sometimes used by the Russian military via VPNs, to commanders at multiple levels. A battalion commander could watch an assault unfold in real time and issue corrections — “enemy ahead” or “turn left” — via radio or Telegram. What once required layers of approval could now happen in minutes. Satellite-connected messaging apps became the fastest way to transmit coordinates, imagery and targeting data. But on Feb. 10, Roskomnadzor, the Russian communications regulator, began slowing down Telegram for users across Russia, citing alleged violations of Russian law. Russian news outlet RBC reported, citing two sources, that authorities plan to shut down Telegram in early April — though not on the front line. In mid-February, Digital Development Minister Maksut Shadayev said the government did not yet intend to restrict Telegram at the front but hoped servicemen would gradually transition to other platforms. Kremlin spokesperson Dmitry Peskov said this week the company could avoid a full ban by complying with Russian legislation and maintaining what he described as “flexible contact” with authorities. Roskomnadzor has accused Telegram of failing to protect personal data, combat fraud and prevent its use by terrorists and criminals. Similar accusations have been directed at other foreign tech platforms. In 2022, a Russian court designated Meta an “extremist organization” after the company said it would temporarily allow posts calling for violence against Russian soldiers in the context of the Ukraine war — a decision authorities used to justify blocking Facebook and Instagram in Russia and increasing pressure on the company’s other services, including WhatsApp. Telegram founder Pavel Durov, a Russian-born entrepreneur now based in the United Arab Emirates, says the throttiling is being used as a pretext to push Russians toward a government-controlled messaging app designed for surveillance and political censorship. That app is MAX, which was launched in March 2025 and has been compared to China’s WeChat in its ambition to anchor a domestic digital ecosystem. Authorities are increasingly steering Russians toward MAX through employers, neighborhood chats and the government services portal Gosuslugi — where citizens retrieve documents, pay fines and book appointments — as well as through banks and retailers. The app’s developer, VK, reports rapid user growth, though those figures are difficult to independently verify. “They didn’t just leave people to fend for themselves — you could say they led them by the hand through that adaptation by offering alternatives,” said Levada Center pollster Denis Volkov, who has studied Russian attitudes toward technology use. The strategy, he said, has been to provide a Russian or state-backed alternative for the majority, while stopping short of fully criminalizing workarounds for more technologically savvy users who do not want to switch. Elena, a 38-year-old Yekaterinburg resident whose surname has been withheld because she fears government reprisal, said her daughter’s primary school moved official communication from WhatsApp to MAX without consulting parents. She keeps MAX installed on a separate tablet that remains mostly in a drawer — a version of what some Russians call a “MAXophone,” gadgets solely for that app, without any other data being left on those phones for the (very real) fear the government could access it. “It works badly. Messages are delayed. Notifications don’t come,” she said. “I don’t trust it … And this whole situation just makes people angry.” THE VPN ARMS RACE Unlike China’s centralized “Great Firewall,” which filters traffic at the country’s digital borders, Russia’s system operates internally. Internet providers are required to route traffic through state-installed deep packet inspection equipment capable of controlling and analyzing data flows in real time. “It’s not one wall,” Klimarev said. “It’s thousands of fences. You climb one, then there’s another.” The architecture allows authorities to slow services without formally banning them — a tactic used against YouTube before its web address was removed from government-run domain-name servers last month. Russian law explicitly provides government authority for blocking websites on grounds such as extremism, terrorism, illegal content or violations of data regulations, but it does not clearly define throttling — slowing traffic rather than blocking it outright — as a formal enforcement mechanism. “The slowdown isn’t described anywhere in legislation,” Klimarev said. “It’s pressure without procedure.” In September, Russia banned advertising for virtual private network services that citizens use to bypass government-imposed restrictions on certain apps or sites. By Klimarev’s estimate, roughly half of Russian internet users now know what a VPN is, and millions pay for one. Polling last year by the Levada Center, Russia’s only major independent pollster, suggests regular use is lower, finding about one-quarter of Russians said they have used VPN services. Russian courts can treat the use of anonymization tools as an aggravating factor in certain crimes — steps that signal growing pressure on circumvention technologies without formally outlawing them. In February, the Federal Antimonopoly Service opened what appears to be the first case against a media outlet for promoting a VPN after the regional publication Serditaya Chuvashiya advertised such a service on its Telegram channel. Surveys in recent years have shown that many Russians, particularly older citizens, support tighter internet regulation, often citing fraud, extremism and online safety. That sentiment gives authorities political space to tighten controls even when the restrictions are unpopular among more technologically savvy users. Even so, the slowdown of Telegram drew criticism from unlikely quarters, including Sergei Mironov, a longtime Kremlin ally and leader of the Just Russia party. In a statement posted on his Telegram channel on Feb. 11, he blasted the regulators behind the move as “idiots,” accusing them of undermining soldiers at the front. He said troops rely on the app to communicate with relatives and organize fundraising for the war effort, warning that restricting it could cost lives. While praising the state-backed messaging app MAX, he argued that Russians should be free to choose which platforms they use. Pro-war Telegram channels frame the government’s blocking techniques as sabotage of the war effort. Ivan Philippov, who tracks Russia’s influential military bloggers, said the reaction inside that ecosystem to news about Telegram has been visceral “rage.” Unlike Starlink, whose cutoff could be blamed on a foreign company, restrictions on Telegram are viewed as self-inflicted. Bloggers accuse regulators of undermining the war effort. Telegram is used not only for battlefield coordination but also for volunteer fundraising networks that provide basic logistics the state does not reliably cover — from transport vehicles and fuel to body armor, trench materials and even evacuation equipment. Telegram serves as the primary hub for donations and reporting back to supporters. “If you break Telegram inside Russia, you break fundraising,” Philippov said. “And without fundraising, a lot of units simply don’t function.” Few in that community trust MAX, citing technical flaws and privacy concerns. Because MAX operates under Russian data-retention laws and is integrated with state services, many assume their communications would be accessible to authorities. Philippov said the app’s prominent defenders are largely figures tied to state media or the presidential administration. “Among independent military bloggers, I haven’t seen a single person who supports it,” he said. Small groups of activists attempted to organize rallies in at least 11 Russian cities, including Moscow, Irkutsk and Novosibirsk, in defense of Telegram. Authorities rejected or obstructed most of the proposed demonstrations — in some cases citing pandemic-era restrictions, weather conditions or vague security concerns — and in several cases revoked previously issued permits. In Novosibirsk, police detained around 15 people ahead of a planned rally. Although a small number of protests were formally approved, no large-scale demonstrations ultimately took place. THE POWER TO PULL THE PLUG The new law signed last month allows Russia’s Federal Security Service to order telecom operators to block cellular and fixed internet access. Peskov, the Kremlin spokesman, said subsequent shutdowns of service in Moscow were linked to security measures aimed at protecting critical infrastructure and countering drone threats, adding that such limitations would remain in place “for as long as necessary.” In practice, the disruptions rarely amount to a total communications blackout. Most target mobile internet rather than all services, while voice calls and SMS often continue to function. Some domestic websites and apps — including government portals or banking services — may remain accessible through “whitelists,” meaning authorities allow certain services to keep operating even while broader internet access is restricted. The restrictions are typically localized and temporary, affecting specific regions or parts of cities rather than the entire country. Internet disruptions have increasingly become a tool of control beyond individual platforms. Research by the independent outlet Meduza and the monitoring project Na Svyazi has documented dozens of regional internet shutdowns and mobile network restrictions across Russia, with disruptions occurring regularly since May 2025. The communications shutdown, and uncertainty around where it will go next, is affecting life for citizens of all kinds, from the elderly struggling to contact family members abroad to tech-savvy users who juggle SIM cards and secondary phones to stay connected. Demand has risen for dated communication devices — including walkie-talkies, pagers and landline phones — along with paper maps as mobile networks become less reliable, according to retailers interviewed by RBC. “It feels like we’re isolating ourselves,” said Dmitry, 35, who splits his time between Moscow and Dubai and whose surname has been withheld to protect his identity under fear of governmental reprisal. “Like building a sovereign grave.” Those who track Russian public opinion say the pattern is consistent: irritation followed by adaptation. When Instagram and YouTube were blocked or slowed in recent years, their audiences shrank rapidly as users migrated to alternative services rather than mobilizing against the restrictions. For now, Russia’s digital tightening resembles managed escalation rather than total isolation. Officials deny plans for a full shutdown, and even critics say a complete severing would cripple banking, logistics and foreign trade. “It’s possible,” Klimarev said. “But if they do that, the internet won’t be the main problem anymore.”

Hackers from the Kremlin have mounted a “large-scale global cyber campaign” targeting civil servants, military personnel and other notable figures via messaging applications WhatsApp and Signal, Dutch intelligence services warned on Monday. The Russian operation aims to trick victims into revealing PIN codes for secure messaging apps Signal and WhatsApp, the Netherlands’ military intelligence service and domestic intelligence agency said in a joint public advisory. The bulletin did not indicate when the deception campaign began. Hackers are posing as a fake Signal support chatbot to persuade users to share their codes, allowing them to take over an account to read incoming communications and group chats. The culprits were also found to have exploited the “linked devices” feature of the apps, which lets them connect another device to the victim’s account and quietly monitor messages. The campaign has targeted government personnel as well as individuals of interest to the Russian government, including journalists, the Dutch authorities said. They also emphasized that individual accounts have been compromised, not the messaging apps as a whole. Signal is used widely by public officials as a secure and independent communications channel, and has been the recommended application for EU officials to use for external comms since 2020. “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information,” said the director of the Dutch military intelligence service, Peter Reesink. United States Secretary of Defense Pete Hegseth and other top U.S. officials came under fire last year for using the app to exchange classified information in an incident known as Signalgate. WhatsApp’s communication director, Joshua Breckman, said the company continues “to build ways to protect people from online threats ,” adding that users should never share their six-digit code with others. Signal did not immediately respond to a request for comment. The Russian government did not immediately respond to a request for comment.

Russian authorities have launched a criminal investigation into Telegram founder Pavel Durov over allegations his messaging platform facilitated terrorist activity, sharply escalating the Kremlin’s long-running standoff with the tech billionaire. State-run Rossiyskaya Gazeta and Kremlin-friendly tabloid Komsomolskaya Pravda reported Tuesday that investigators are examining whether Telegram was used to coordinate attacks, including the 2024 Crocus City Hall massacre, as well as the killings of Darya Dugina — daughter of nationalist ideologue Aleksandr Dugin — and General Igor Kirillov. Both outlets, citing Russia’s Federal Security Service (FSB), claimed Telegram has been used in more than 153,000 crimes since 2022, including roughly 33,000 cases involving sabotage, terrorism or extremism. The reports also accused Durov of ignoring more than 150,000 takedown requests from Russia’s media regulator Roskomnadzor. Kremlin spokesperson Dmitry Peskov piled the pressure on, telling reporters Tuesday that authorities had recorded “a large number of violations” and Telegram’s “unwillingness … to cooperate.” The probe marks the latest chapter in Moscow’s decade-long battle with Durov. Russia attempted to block Telegram in 2018 after the company refused to hand over encryption keys — a ban that ultimately failed. Authorities have since intermittently throttled the service while also targeting other foreign platforms, including WhatsApp. Durov, who left Russia in 2014, has repeatedly framed the pressure as politically motivated. Earlier in February, he warned Moscow was trying to push users toward a state-controlled messaging app “built for surveillance and political censorship,” adding: “Telegram stands for freedom of speech and privacy, no matter the pressure.” The tech entrepreneur, however, has been in trouble outside Russia over the platform. In 2024, he was arrested in France and temporarily banned from leaving the country after being charged with several organized crime offenses. Prosecutors claimed he refused to cooperate with authorities’ attempts to combat illegal content, including child pornography, on Telegram. Durov denied any wrongdoing. Telegram, which launched in 2013, has become a central information hub inside Russia and across the Ukraine war zone, used by officials and opposition figures — as well as Ukrainian leaders, including President Volodymyr Zelenskyy. The platform says it now has roughly 1 billion active users worldwide. Responding to the news with a post on X, Durov said, “Each day, the authorities fabricate new pretexts to restrict Russians’ access to Telegram as they seek to suppress the right to privacy and free speech. A sad spectacle of a state afraid of its own people.” This article has been updated.

When the Franco-German summit concluded in Berlin, Europe’s leaders issued a declaration with a clear ambition: strengthen Europe’s digital sovereignty in an open, collaborative way. European Commission President Ursula von der Leyen’s call for “Europe’s Independence Moment” captures the urgency, but independence isn’t declared — it’s designed. The pandemic exposed this truth. When Covid-19 struck, Europe initially scrambled for vaccines and facemasks, hampered by fragmented responses and overreliance on a few external suppliers. That vulnerability must never be repeated. True sovereignty rests on three pillars: diversity, resilience and autonomy. > True sovereignty rests on three pillars: diversity, resilience and autonomy. Diversity doesn’t mean pulling every factory back to Europe or building walls around markets. Many industries depend on expertise and resources beyond our borders. The answer is optionality, never putting all our eggs in one basket. Europe must enable choice and work with trusted partners to build capabilities. This risk-based approach ensures we’re not hostage to single suppliers or overexposed to nations that don’t share our values. Look at the energy crisis after Russia’s illegal invasion of Ukraine. Europe’s heavy reliance on Russian oil and gas left economies vulnerable. The solution wasn’t isolation, it was diversification: boosting domestic production from alternative energy sources while sourcing from multiple markets. Optionality is power. It lets Europe pivot when shocks hit, whether in energy, technology, or raw materials. Resilience is the art of prediction. Every system inevitably has vulnerabilities. The key is pre-empting, planning, testing and knowing how to recover quickly. Just as banks undergo stress tests, Europe needs similar rigor across physical and digital infrastructure. That also means promoting interoperability between networks, redundant connectivity links (including space and subsea cables), stockpiling critical components, and contingency plans. Resilience isn’t theoretical. It’s operational readiness. Finally, Europe must exercise authority through robust frameworks, such as authorization schemes, local licensing and governance rooted in EU law. The question is how and where to apply this control. On sensitive data, for example, sovereignty means ensuring it’s held in Europe under European jurisdiction, without replacing every underlying technology component. Sovereign solutions shouldn’t shut out global players. Instead, they should guarantee that critical decisions and compliance remain under European authority. Autonomy is empowerment, limiting external interference or denial of service while keeping systems secure and accountable. But let’s be clear: Europe cannot replicate world-leading technologies, platforms or critical components overnight. While we have the talent, innovation and leading industries, Europe has fallen significantly behind in a range of key emerging technologies. > While we have the talent, innovation and leading industries, Europe has fallen > significantly behind in a range of key emerging technologies. For example, building fully European alternatives in cloud and AI would take decades and billions of euros, and even then, we’d struggle to match Silicon Valley or Shenzhen. Worse, turning inward with protectionist policies would only weaken the foundations that we now seek to strengthen. “Old wines in new bottles” — import substitution, isolationism, picking winners — won’t deliver competitiveness or security. Contrast that with the much-debated US Inflation Reduction Act. Its incentives and subsidies were open to EU companies, provided they invest locally, develop local talent and build within the US market. It’s not about flags, it’s about pragmatism: attracting global investments, creating jobs and driving innovation-led growth. So what’s the practical path? Europe must embrace ‘sovereignty done right’, weaving diversity, resilience and autonomy into the fabric of its policies. That means risk-based safeguards, strategic partnerships and investment in European capabilities while staying open to global innovation. Trusted European operators can play a key role: managing encryption, access control and critical operations within EU jurisdiction, while enabling managed access to global technologies. To avoid ‘sovereignty washing’, eligibility should be based on rigorous, transparent assessments, not blanket bans. The Berlin summit’s new working group should start with a common EU-wide framework defining levels of data, operational and technological sovereignty. Providers claiming sovereign services can use this framework to transparently demonstrate which levels they meet. Europe’s sovereignty will not come from closing doors. Sovereignty done right will come from opening the right ones, on Europe’s terms. Independence should be dynamic, not defensive — empowering innovation, securing prosperity and protecting freedoms. > Europe’s sovereignty will not come from closing doors. Sovereignty done right > will come from opening the right ones, on Europe’s terms. That’s how Europe can build resilience, competitiveness and true strategic autonomy in a vibrant global digital ecosystem.

BRUSSELS — A fresh proposal by European Commission President Ursula von der Leyen to reform digital laws on Wednesday was welcomed by lawmakers on the right but shunned on the left. It signals a possible repeat of a pivotal parliamentary clash last week in which von der Leyen’s center-right European People’s Party sided with the far right to pass her first omnibus proposal on green rules — sidelining the centrist coalition that voted the Commission president into office last year. The EU executive on Wednesday presented plans to overhaul everything from its flagship General Data Protection Regulation to data rules and its fledgling Artificial Intelligence Act. The reforms aim to help businesses using data and AI, in an effort to catch up with the United States, China and other regions in the global tech race. Drafts of the plans obtained by POLITICO caused an uproar in Brussels in the past two weeks, as everyone from liberal to left-leaning political groups and privacy-minded national governments rang the alarm. Von der Leyen sought to extend an olive branch with last-minute tweaks to her proposal, but she’s still a long way away from center-left groups. The Progressive Alliance of Socialists and Democrats, Greens and The Left all slamming the plans in recent days. Tom Vandendriessche, a Belgian member of the far-right Patriots for Europe group, said the GDPR is not “untouchable,” and that there needs to be simplification “to ensure our European companies can compete again.” He added: “If EPP supports that course, we’re happy to collaborate on that.” Charlie Weimers a Swedish member of the right-wing European Conservatives and Reformists, welcomed the plan for “cleaning up overlapping data rules, cutting double reporting and finally tackling the cookie banner circus.” Weimers argued von der Leyen could go further, saying it falls short of being “the regulatory U-turn the EU actually needs” to catch up in the AI race. Those early rapprochements on the right are what Europe’s centrists and left fear most. The digital omnibus “should not be a repetition of omnibus one,” German Greens lawmaker Sergey Lagodinsky told reporters on Wednesday. Lagodinsky warned EPP leader Manfred Weber that “there should be no games with anti-democratic and anti-European parties.” BIG REFORMS, SMALL CONCESSIONS The Commission’s double-decker digital omnibus package includes one plan to simplify the EU’s data-related laws (including the GDPR as well as rules for nonpersonal data), and another specifically targeting the AI Act. A Commission official, briefing reporters without being authorized to speak on the record, said the omnibus’ impact on the GDPR was subject to “intense discussion” internally in the run up to Wednesday’s presentation, after its rough reception from some parliament groups and privacy organizations. Much in the EU executive’s final text remained unchanged. Among the proposals, the Commission wants to insert an affirmation into the GDPR that AI developers can rely on their “legitimate interest” to legally process Europeans’ data. That would give AI companies more confidence that they don’t always have to ask for consent. It also wants to change the definition of personal data in the GDPR to allow pseudonymized data — where a person’s details have been obscured so they can’t be identified — to be more easily processed. The omnibus proposals also aim to reduce the number of cookie banners that crop up across Europe’s internet. To assuage privacy concerns, Commission officials scrapped a hotly contested clause that would have redefined what is considered “special category” data, like a person’s religious or political beliefs, ethnicity or health data, which are afforded extra protections under the GDPR. The new cookie provision will also contain an explicit statement that website and app operators still need to get consent to access information on people’s devices. SEEKING POLITICAL SUPPORT The final texts will now be scrutinized by the Parliament and Council of the European Union. Von der Leyen’s center-right EPP welcomed the digital simplification plans as a “a critical boost for Europe’s industrial competitiveness.” Parliament’s group of center-left Socialists and Democrats came out critical of the reforms. Birgit Sippel, a prominent German member of the group, said in a statement the Commission “wants to undermine its own standards of protection in the area of data protection and privacy in order to facilitate data use, surveillance, and AI tools ‘made in the U.S.’” On the EPP’s immediate left, the liberal Renew group cited “important concerns” about the final texts but said it was “delighted” that the Commission backtracked on changing the definition of sensitive data, one idea in the leaked drafts that triggered a backlash. Renew said it would “support changes in the digital omnibus that will make life easier for our European companies.” If von der Leyen goes looking for votes for her digital omnibus among far-right groups, she will find support but it might not be a united front. German lawmaker Christine Anderson of the Alternative for Germany party, part of the far-right Europe of Sovereign Nations group, warned the digital omnibus could end up boosting “the ability to track and profile people.” Weaker privacy rules would “enable enhanced surveillance architecture,” she said, adding her party had “always opposed” such changes. “On these issues, we find ourselves much closer to the groups on the left in the Parliament,” she said. Pieter Haeck contributed reporting.

The European Union’s law enforcement agency wants to speed up how it gets its hands on artificial intelligence tools to fight serious crime, a top official said. Criminals are having “the time of their life” with “their malicious deployment of AI,” but police authorities at the bloc’s Europol agency are weighed down by legal checks when trying to use the new technology, Deputy Executive Director Jürgen Ebner told POLITICO. Authorities have to run through data protection and fundamental rights assessments under EU law. Those checks can delay the use of AI by up to eight months, Ebner said. Speeding up the process could make the difference in time sensitive situations where there is a “threat to life,” he added. Europe’s police agency has built out its tech capabilities in past years, ranging from big data crunching to decrypting communication between criminals. Authorities are keen to fight fire with fire in a world where AI is rapidly boosting cybercrime. But academics and activists have repeatedly voiced concerns about giving authorities free rein to use AI tech without guardrails. European Commission President Ursula von der Leyen has vowed to more than double Europol’s staff and turn it into a powerhouse to fight criminal groups “navigating constantly between the physical and digital worlds.” The Commission’s latest work program said this will come in the form of a legislative proposal to strengthen Europol in the second quarter of 2026.  Speaking in Malta at a recent gathering of data protection specialists from across Europe’s police forces, Ebner said it is an “absolute essential” for there to be a fast-tracked procedure to allow law enforcement to deploy AI tools in “emergency” situations without having to follow a “very complex compliance procedure.” Assessing data protection and fundamental rights impacts of an AI tool is required under the EU’s General Data Protection Regulation (GDPR) and AI Act. Ebner said these processes can take six to eight months.  The top cop clarified that a faster emergency process would not bypass AI tool red lines around profiling or live facial recognition. Law enforcement authorities already have several exemptions under the EU’s Artificial Intelligence Act (AI Act). Under the rules, the use of real-time facial recognition in public spaces is prohibited for law enforcers, but EU countries can still permit exceptions, especially for the most serious crimes. Lawmakers and digital rights groups have expressed concerns about these carve-outs, which were secured by EU countries during the law’s negotiation. DIGITAL POLICING POWERS Ebner, who oversees governance matters at Europol, said “almost all investigations” now have an online dimension.   The investments in tech and innovation to keep pace with criminals is putting a “massive burden on law enforcement agencies,” he said. European Commission President Ursula von der Leyen has vowed to more than double Europol’s staff and turn it into a powerhouse to fight criminal groups. | Wagner Meier/Getty Images The Europol official has been in discussions with Europe’s police chiefs about the EU agency’s upcoming expansion. He said they “would like to see Europol doing more in the innovation field, in technology, in co-operation with private parties.”  “Artificial intelligence is extremely costly. Legal decryption platforms are costly. The same is to be foreseen already for quantum computing,” Ebner said. Europol can help bolster Europe’s digital defenses, for instance by seconding analysts with technological expertise to national police investigations, he said. Europol’s central mission has been to help national police investigate cross-border serious crimes through information sharing. But EU countries have previously been reluctant to cede too much actual policing power to the EU level authority.  Taking control of law enforcement away from EU countries is “out of the scope” of any discussions about strengthening Europol, Ebner said. “We don’t think it’s necessary that Europol should have the power to arrest people and to do house searches. That makes no sense, that [has] no added value,” he said.   Pieter Haeck contributed reporting.

BRUSSELS — A website set up by an unknown Dane over the course of one weekend in August is giving a massive headache to those trying to pass a European bill aimed at stopping child sexual abuse material from spreading online. The website, called Fight Chat Control, was set up by Joachim, a 30-year-old software engineer living in Aalborg, Denmark. He made it after learning of a new attempt to approve a European Union proposal to fight child sexual abuse material (CSAM) — a bill seen by privacy activists as breaking encryption and leading to mass surveillance. The site lets visitors compile a mass email warning about the bill and send it to national government officials, members of the European Parliament and others with ease. Since launching, it has broken the inboxes of MEPs and caused a stir in Brussels’ corridors of power.  “We are getting hundreds per day about it,” said Evin Incir, a Swedish Socialists and Democrats MEP, of the email deluge. Three diplomats at national permanent representation offices said they too have received a large number of emails.  Joachim’s website has stoked up an already red-hot debate around the CSAM proposal, which would give police the power to force companies like WhatsApp and Signal to scan their services for the illegal content. Critics fear the bill would enable online state surveillance. Elon Musk’s X said Monday that the bill could enable “government instituted mass surveillance,” and encrypted chat app Signal said last weekend it would pull out of Europe if the bill passed. Meta’s WhatsApp also came out against Denmark’s proposal — backing Europe’s privacy groups, which have railed against the bill ever since its conception. EU countries are split into two camps. One side broadly backs the bill’s measures as a way to stop predators from sharing illegal content of children; the other says it would create a surveillance state and be ineffective. Denmark proposed a new version on its first day holding the presidency of the Council of the EU in July. Danish diplomats hope to get an agreement at a meeting of ministers in Luxembourg next week, and for that, the proposal needs to get past EU ambassadors on Wednesday. MILLIONS OF EMAILS Joachim himself declined to provide his last name or workplace because his employer does not want to be associated with the campaign. POLITICO has verified his identity. Joachim said his employer has no commercial interest in the legislation, and he alone paid the costs associated with running the website. Joachim’s mass email campaign is unconventional as a lobbying tool, differing from the more wonky approach usually taken in Brussels. But the website’s impact has been undeniable. The Polish government responded directly to the campaign in a statement last month, reassuring Poles it’s against mass scanning of messages. A Danish petition, pushed by the Fight Chat Control campaign, now has more than 50,000 signatures, meaning it can be discussed in parliament. Irish national lawmakers asked questions in parliament in September about “Chat Control,” the name for the legislation adopted by its critics and used by Joachim. As of early October, nearly 2.5 million people had visited his website, Joachim said, with most coming from within the EU. The emails are sent from visitors’ own email clients, meaning Joachim doesn’t know how many have been sent, but he estimated that it has triggered several million emails. The campaign has irked some recipients. “In terms of dialog within a democracy, this is not a dialog,” said Lena Düpont, a German member of the European People’s Party group and its home affairs spokesperson, of the mass emails. Joachim’s campaign is blocking more traditional lobbyists and campaigners, too, they said. Mieke Schuurman, director at child rights group Eurochild, said the group’s messages are no longer reaching policymakers, who “increasingly respond with automated replies.”  Joachim, who said he has not paid to promote the site, said it is “regrettable” that child rights campaigners’ emails have received automated responses. But the flood of emails sent by his website visitors is “a quite clear indication that people really care about this … I would actually argue this is as democratic as it gets,” he said. CAPITALS ON EDGE The European Commission presented its original proposal on CSAM in 2022 as an effort to stem the spread of the illegal content. Since then, police authorities have warned the problem has gotten worse, in part because platforms have increasingly enabled privacy technologies and encrypted messaging across some of the most popular services. The rise of artificial intelligence-generated content has added to the problem, authorities have warned. National governments are attempting — for the fifth time, at least — to hash out a compromise on the EU proposal. Countries first need to adopt their own position before negotiations with the European Parliament can take place.  One EU diplomat said some EU member countries are now more hesitant to support Denmark’s proposal, at least in part because of the campaign: “There is a clear link.” Ella Jakubowska, head of policy at digital rights group EDRi, said “This campaign seems to have raised the topic high up the agenda in member states where there was previously little to no public debate.” But Danish Justice Minister Peter Hummelgaard, one of the loudest proponents of tough measures to get child abuse material off online platforms, said in a statement that his proposal is far more balanced than the Commission’s original version and would mean that scanning would only happen as a last resort. “This has nothing to do with ‘chat control,’ as the sponsors of the citizens’ initiative claim,” he said.

BRUSSELS — The president of the European Commission auto-deletes messages from her phone in part to save storage space, the EU executive said this week. Tech experts have but one question: Really? Deleting messages to save space “sounds cute but also hard to believe. Let’s not be silly here, it’s not the 1990s,” said Lukasz Olejnik, senior research fellow at King’s College London and a cybersecurity expert. “A text message barely takes any room on a modern phone. Like, you would need to get hundreds of thousands of text messages for it to actually make a difference,” Belgian ethical hacker Inti De Ceukelaire said, calling the Commission’s explanation “a non-argument.” “Why doesn’t she change to a phone with more storage?” asked Francisco Jeronimo, vice president for data and analytics at technology market research firm IDC in Europe. Ursula von der Leyen is in the hot seat over a text message she received from French President Emmanuel Macron last year urging her to block the EU-Mercosur trade deal, as first reported by POLITICO. The message was subsequently deleted from von der Leyen’s phone, the Commission said in response to an access to documents request filed by Follow the Money reporter Alexander Fanta. The Commission told its staff in 2020 to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications. | Thomas Fuller/SOPA Images/LightRocket via Getty Images On Wednesday Commission spokesperson Olof Gill told reporters: “The messages are auto-deleted after a while, just for space reasons.” He jokingly added: “Otherwise, the phone would go on fire.” Another spokesperson, Balazs Ujvari, added it also helped prevent security breaches, but doubled down on the idea that it was a means of saving space: “On the one hand, it reduces the risk of leaks and security breaches, which is of course an important factor … And also, it’s a question of space on the phone, so, effective use of a mobile device.” To be sure, many Europeans have struggled with overloaded phone storage. But for most it’s a matter of home videos and reams of family pictures that are clogging devices. “Messages take up a lot of space if we are talking about videos, voice recordings,” IDC’s Jeronimo said, whereas text-based messages “take nearly nothing from the storage.” The Commission told its staff in 2020 to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications. The institution recommended using the app’s disappearing messages functionality in a 2022 guidance called “Checklist to Make Your Signal Safer.” For security purposes it makes sense, Jeronimo said. “If someone like [von der Leyen] loses her phone, or if the phone is hacked … there’s a very high risk” that her communications will be compromised. But the Macron text again trains the spotlight on the EU executive’s policies regarding keeping a public record of its leader’s communications, following a scandal dubbed “Pfizergate” in which von der Leyen’s text exchanges with Pfizer CEO Albert Bourla over Covid vaccine contracts were never archived. The European Ombudsman continues to investigate Pfizergate, and this week announced it had opened an investigation into last year’s text from Macron. According to Olejnik, “the truth is that [auto-deleting messages] is great for security, not so [much] for public transparency or accountability.” Gerardo Fortuna contributed reporting.

LONDON — The British government has dropped its demand for Apple to provide “backdoor” access to user data, U.S. Director of National Intelligence Tulsi Gabbard said Tuesday.  “Over the past few months, I’ve been working closely with our partners in the UK, alongside [the president and vice president] to ensure Americans’ private data remains private and our constitutional rights and civil liberties are protected,” Gabbard wrote on X.   Apple took the unprecedented step of removing its highest level of end-to-end encryption software — known as Advanced Data Protection — from the U.K. market in February after the Home Office issued a Technical Capability Notice to access the data under the Investigatory Powers Act, dubbed the “Snooper’s Charter” by critics. The company then filed a complaint with the Investigatory Powers Tribunal challenging the Home Secretary’s powers to issue such a notice.   The dispute has been a sticking point in negotiations for a tech cooperation pact between London and Washington. The Financial Times reported last month that senior Washington officials, including Vice President JD Vance, were pressuring the U.K. to drop its fight with Apple.   The U.S. State Department’s annual assessment of countries’ human rights records published last month raised concerns about U.K. “government regulation to reduce or eliminate effective encryption (and therefore user privacy) on platforms,” though appeared to confuse the Online Safety Act with the Investigatory Powers Act.