I Overview

Three years after its launch in 2015, the Digital Single Market (DSM) strategy has been largely put into action. The Commission has presented all of the planned legislative proposals. Among these, the Open Internet Regulation (ending roaming charges), the Regulation on portability of online content services, the Regulation on unjustified geo-blocking and the General Data Protection Regulation (GDPR) have already been adopted and became directly applicable across the Union in 2017 and 2018.

Various proposals tabled in 2016 and in 2017 are expected to be adopted by the end of 2018 or in 2019, such as the European Electronic Communications Code, the Regulation on the free flow of non-personal data, the Audiovisual Media Service Directive (AVMSD), the ePrivacy Regulation and the Directive on copyright.

In July 2018, the Commission also issued a long-awaited decision concerning Google's alleged anticompetitive practices regarding Android mobile devices, which were sanctioned with the highest fine ever imposed under EU competition law (the runner up being the fine imposed on the same company in June 2017 for alleged anticompetitive practices implemented in the online search sector).

II REGULATION

i The regulators

The European Commission (Commission) is the most prominent regulatory body at the EU level. The Commission is equipped with a variety of regulatory and enforcement powers in areas related to TMT, including antitrust, privacy,2 online transactions, intellectual property3 and consolidation of the internal market for electronic communications.4 The regulatory framework for electronic communications adopted in 2009 increased the Commission's powers to oversee the measures proposed by national regulatory authorities (NRAs) to address problems relating to competition in telecommunications markets.

The BEREC Regulation5 established the Body of European Regulators for Electronic Communications (BEREC), which became fully functional in 2011. Its role is to guarantee consistent application of the EU regulatory framework by, for example, delivering opinions on NRAs' draft regulatory measures and, upon request, offering assistance to NRAs in carrying out their duties under EU law. The Commission turns to BEREC before adopting recommendations on relevant product and service markets, which guide NRAs when they define the relevant national markets. The Commission may also task BEREC with carrying out ad hoc market studies.

In September 2016, the Commission proposed an updated BEREC Regulation to transform BEREC into an agency.6 The new regime would create a management board capable of taking regulatory, administrative and financial decisions and would provide the agency with additional resources. BEREC would be entrusted with legally binding powers to ensure that the regulatory framework is applied consistently. The Commission also proposes to amend the governance of BEREC. At the moment, the Commission can only attend as an observer on the board of regulators; on the basis of the proposal, the agency's board would consist of one representative from each Member State, and two from the Commission. In a draft report presented on February 2017, the appointed rapporteur stated that the status quo is functioning well and suggested that there is no need to turn BEREC into an agency. In the final trialogue on this matter, held on 5 June 2018, the European Parliament and the Council agreed on a compromise regarding the legal personality of BEREC: the BEREC office will have legal personality, unlike BEREC itself, which would remain a body of national regulators.

ii Regulated activities

In 2002, the EU adopted a new comprehensive regulatory framework for ECNs and services, with the aim of fostering consistent regulation across the EU. In 2009, Directive 2009/140/EC,7 Directive 2009/136/EC8 and Regulation (EC) No. 1211/2009 were adopted to improve and revise the 2002 regulatory framework.

As part of the DSM strategy, in May 2015 the Commission announced a complete review of the framework for electronic communications. The consultation closed in December 2015. In the context of the 2016 annual State of the Union,9 the Commission presented the connectivity package, proposing to strengthen the role of BEREC and to recast four of the existing directives (the Framework, Authorisation, Access and Universal Service Directives) into a new European Electronic Communications Code.10

The new Code would overhaul the current EU rules on electronic communications by merging the four directives into a single piece of legislation. New rules on access to networks should create incentives to invest, especially in fibre. Moreover, the new rules would be based on the principle of same service, same rules, which aims at creating a level playing field for all players providing similar services (including OTT services).

On 6 June 2018, the Parliament and the Council provisionally agreed on the Code. The vote of the European Parliament in plenary session is provisionally scheduled for November 2018.Within the framework of the DSM strategy, on 14 September 2016 the Commission proposed new rules to modernise the EU copyright regime, including two regulations and two directives.11 This set of legislative proposals aims to ensure wider online access to content in the EU, and to reach new audiences, adapt certain exceptions to the digital cross-border environment and foster a well-functioning and fair copyright marketplace. The proposed measures should make it easier for content providers to improve their online offers across EU borders by introducing, inter alia, a legal mechanism to obtain authorisations more easily from right holders. Moreover, the improved copyright rules introduce four mandatory exceptions to copyright for the purposes of education, research, cultural heritage and inclusion of disabled people. Finally, the proposed measures should create a fairer online environment for creators of content and the press by reinforcing the position of right holders to negotiate remuneration for their creative content.

The legislative proposal has been under discussion in the Council since November 2016. After prolonged negotiations aimed to find a compromise between the Member States, the Council reached an agreement on a common position on 25 May 2018. On the Parliament side, the Directive on Copyright in the Digital Single Market was approved at the plenary session on 12 September 2018. It will enter trialogue discussions that are expected to conclude in January 2019.

Audiovisual content was previously regulated by the Television Without Frontiers Directive. With the last revision in 2007, the Directive was renamed the Audiovisual Media Services Directive (AVMS), which was then codified in 2010. In May 2016, the Commission tabled a proposal to reform the AVMS Directive (see Section V).12

In the framework of the DSM strategy, the Commission adopted a regulation on geo-blocking and other forms of discrimination based on nationality, residence or place of establishment, which targets unjustified geographically based restrictions to cross-border trade. The new regulation against unjustified geo-blocking entered into force on 22 March 2018 and will apply from 3 December 2018.13 The Regulation prohibits traders from discriminating against customers by denying them access to internet content on the basis of their location, and allows re-routing to a different version of a website only if a customer has given prior consent. It also prohibits discrimination of customers in relation to payments.

Geo-blocking measures also affect the portability of online services: users who have subscribed to certain online content (such as music, films, e-books and videogames) in their country are often denied access to the same content while travelling in another Member State. To address this issue, on 14 June 2017, the Parliament and the Council adopted the Regulation on cross-border portability of online content services, which applies from 1 April 2018.14 The regulation ensures that subscribers to online content services in the EU have the right to access and use these services while temporarily present in another Member State (e.g., in the case of holidays, business trips or learning periods).

The Commission also has extensive investigative powers in the area of antitrust. It cooperates with national competition authorities (NCAs) to prohibit concerted practices, agreements restricting competition and unilateral anticompetitive behaviour. The Commission has exclusive jurisdiction over mergers above certain thresholds, including in the area of TMT.15

iii Ownership and market access restrictions

In principle, EU undertakings and undertakings from non-EU States with reciprocity agreements can freely provide electronic communication services and networks. Under the Authorisation Directive,16 a prospective electronic communications provider needs an authorisation from the competent NRA. Obtaining this authorisation involves a procedure whereby an applicant notifies the NRA of its intentions and does not have to wait for approval by the NRA.17 The information that may be requested in such a notification must be limited to what is necessary to identify the provider. By contrast, the use of spectrum in telecommunications is subject to a licence granted by Member States. The Authorisation Directive lays down not only rules governing the procedures for granting general authorisations or rights to use RFs or numbers and the content of those authorisations, but also rules setting out the nature and scope of the financial payments related to those procedures that Member States may impose on electronic communications providers.18

III TELECOMMUNICATIONS AND INTERNET ACCESS

i Internet and internet protocol regulation

On 25 November 2015, the European Parliament and the Council adopted Regulation (EU) No. 2015/2120 (Open Internet Regulation).19

The Open Internet Regulation aims, first of all, to safeguard net neutrality. Within the EU, all internet traffic will be treated equally, subject to some specific public interest exceptions (e.g., those concerning network security and child pornography). Providers of internet access services must abstain from any discrimination, restriction or interference, irrespective of the sender and receiver, the content accessed or distributed, the applications or services used or provided, or the terminal equipment used.20 Blocking, throttling, degradation or discrimination of internet traffic by ISPs is prohibited. IAPs can still adopt different traffic management measures without being discriminatory, but only for 'objectively different categories of traffic' (e.g., services like e-medicine), rather than for commercial reasons.21

Traffic management measures that do not comply with the above requirements are allowed only under three specific exceptions: compliance with EU or national legislation that requires, for example, blocking of specific content, applications or services; protection of the integrity and security of the network; and prevention of network congestions that are temporary or occur in exceptional circumstances.

For a limited number of services, such as high-quality voice calling on mobile networks, linear (live) broadcasting IPTV services with specific quality requirements and real-time health services (e.g., remote surgery), for which an assured level of access is indispensable to deliver the service, the Regulation allows for the provision of fast lanes provided that network capacity is sufficient.22

In addition, the Regulation provides for the end of roaming charges, which became effective from 15 June 2017 through a gradual one-year phase-out process.23

ii Universal service

Under EU law, telecoms operators should provide to all citizens a basic set of fixed network ECSs irrespective of end users' location and profitability. Access to broadband internet has traditionally been considered outside the scope of universal service at the EU level.24 However, on 19 January 2016 the European Parliament welcomed a review of the Universal Service Directive to ensure the requirements of high-speed broadband internet access are fit for purpose to reduce the digital divide.25

The Commission's major contribution to achieve the goal of broadband for all is the adoption of:

  1. a 2010 Broadband Communication outlining a common framework within which EU and national policies should be developed to lower the costs of broadband deployment throughout the entire EU territory;
  2. a 2010 Recommendation on NGA networks (NGA Recommendation);
  3. a 2013 Recommendation on non-discrimination obligations and costing methodologies for access services (Access Recommendation); and
  4. 2013 guidelines for the application of state aid rules relating to the rapid deployment of broadband networks.26

On 11 June 2015, the European Court of Justice (CJEU) issued a judgment clarifying the scope of the Universal Service Directive.27 It remarked that the Directive expressly enacts an obligation to guarantee the connection at a fixed location to a public communications network. However, mobile communication services are excluded from the minimum set of universal services defined by the Universal Service Directive.

In the framework of the proposal for an Electronic Communications Code, the Commission proposed modernising the EU universal service rules. Pursuant to Article 79 of the Code, Member States would be under an obligation to provide affordable access to basic broadband and voice communications services at least at a fixed location. Broadband would be 'defined by referring to a functional internet access connection defined on the basis of a minimum list of online services available to end users', such as email, social media, instant messaging, calls and video calls.28

iii Restrictions on the provision of service

NGA Recommendation

The Commission adopted a recommendation on NGA networks on 20 September 2010.29 The NGA Recommendation seeks to provide NRAs with guidance to promote a common approach when deciding whether to impose obligations on incumbents in connection with NGA networks.

The Recommendation primarily covers remedies to be imposed on operators deemed to have significant market power. However, where it is justified on the grounds that duplication of infrastructure is economically inefficient or physically impracticable, NRAs may also impose obligations of reciprocal sharing of facilities on non-dominant undertakings, which would be appropriate to overcome bottlenecks in the civil engineering infrastructure and terminating segments.

The proposed European Electronic Communications Code reaffirms these principles, including the obligation for operators with significant market power to grant access to civil infrastructures, such as poles and ducts.30

Access Recommendation

After a long debate with BEREC and NRAs, the Commission published a recommendation on access remedies on 11 September 2013.31 The Access Recommendation relies on two pillars: ensuring equivalence of access and setting out a harmonised costing methodology.

As to the first pillar, the Commission suggests that equivalence of input (EoI) (i.e., the supply to competitors of the same access services enjoyed by a vertically integrated company's downstream units) is in principle the surest way to avoid non-price discrimination.32

As to the second pillar, according to former Commissioner Kroes, there is a 'need to lift price regulation of high-speed networks where it is not warranted, and make regulation of copper prices stable and consistent across the EU'33 to guarantee market stability and regulatory consistency, thus favouring broadband investments. Therefore, the Commission suggested the adoption of a common costing methodology (called bottom up – LRIC +) that, for copper-based local loop unbundling services, should have led to monthly tariffs within a defined price band.34

To enhance regulatory stability and market consistency, the Commission recommended that, once they have set tariffs within the mentioned price band, NRAs should not modify the costing methodology (and hence the tariffs) without a market-analysis procedure, and should avoid undue price fluctuations by ensuring stable access prices over at least two review periods (i.e., about six years).

The Commission has extensively relied on the Access Recommendation's principles to criticise NRA proposals that were inconsistent with the above-mentioned principles.35

The European Electronic Communications Code proposed by the Commission also makes reference to the costing methodology set out in the Access Recommendation.36

Monitoring and control of content

The Electronic Commerce Directive37 explicitly sets out that no intermediary should be obliged to engage in monitoring activities of a general nature (mere conduit rule).38 This was confirmed in the 2009 reform of the regulatory framework (see, in particular, Recital 30 of Directive 2009/136).

The interpretation of the mere conduit rule was probed in two cases before the CJEU, which concerned the possible responsibility of Scarlet (an ISP) and Netlog (a social networking website) for exchanges of allegedly unlawful content by its users.39 In essence, according to the CJEU, the EU framework does not require a hosting service provider to filter all information stored by users as a preventive measure.

However, the Court left open the question on the admissibility of injunctions against specifically determined copyright-infringing practices.

On 27 March 2014, the CJEU held that an ISP may be ordered to block its customers' access to a copyright-infringing website (UPC Telekabel).40 The CJEU provided guidance on the correct interpretation of Article 5, Paragraphs 1 and 2, Letter b), and Article 8, Paragraph 3, of the Copyright Directive,41 as well as some of the fundamental rights enshrined in EU law. Specifically, the Court held that Member States must ensure a fair balance among the fundamental rights at stake. Therefore, the fundamental rights concerned do not preclude an injunction on two conditions: the measures taken by the ISP do not unnecessarily deprive users of the possibility of lawfully accessing the information available; and those measures have the effect of preventing unauthorised access to the protected material or, at least, of making it difficult to achieve, and seriously discouraging users from accessing, the material that has been made available to them through breach of the intellectual property right.

In September 2016, the CJEU provided an interpretation of the mere conduit rule in a case concerning the liability of free Wi-Fi network providers for copyright infringements committed by its users (Mc Fadden).42 The CJEU stated that, under the mere conduit rule, the provider of a free Wi-Fi connection cannot be held responsible for the download of unlawful content by its users. However, the copyright holder can seek an injunction ordering such open Wi-Fi to be protected with a password, as this would prevent future infringements by requiring users to reveal their identity.

Article 13 of the proposed Directive on Copyright in the Digital Single Market43 appears to be more far-reaching than the mere conduit rule, as it requires information society service providers to take appropriate and proportionate measures to ensure copyright protection also through effective content recognition technologies, thus introducing, to a certain extent, an obligation to monitor.

Another crucial aspect concerning the role of ISPs relates to the right to be forgotten. On 13 May 2014, the CJEU held that, by searching systematically for information published on the internet, indexing websites, and recording and making them available, the operator of a search engine is processing personal data within the meaning of Article 2(b) of Directive 95/46/EC (Google Spain).44

The Court did not describe such processing as unlawful, but clarified that even initially lawful processing of accurate data may become incompatible with the Directive 'where those data are no longer necessary in the light of the purposes for which they were collected or processed [. . .] in particular where they appear to be inadequate, irrelevant or no longer relevant, or excessive in relation to those purposes and in the light of the time that has elapsed'.45

The CJEU will address the extent of the right to be forgotten in a pending case referred by the French Council of State.46 Two main issues are at stake: whether the right to be forgotten should be absolute - that is, automatic removal is required when the content involves sensitive personal data, such as political affiliations or a criminal record; and whether the right to be forgotten should apply globally, beyond the boundaries of Europe.

On 28 September 2017, the Commission presented guidelines for online platforms to tackle illegal content47 aimed at improving the prevention, detection and effective removal of illegal content inciting terrorist propaganda and racist speech, and also preventing its reappearance through automatic tools.

Building upon the guidelines, on 1 March 2018 the Commission proposed a recommendation48 containing a set of operational measures to be taken by companies and Member States to remove illegal online content, such as the creation of fast-track procedures for trusted flaggers (i.e., individuals or entities considered by a hosting service provider to have particular expertise and responsibilities for the purposes of tackling illegal online content). In particular, terrorist content should be removed within one hour following a referral by Europol or other competent authorities.

Finally, in April 2018 the Commission adopted a communication calling upon platforms to increase their efforts to tackle online disinformation and the spread of fake news.49 In particular, platforms should improve the scrutiny of advertisement placements, ensure transparency about sponsored content and close fake accounts more efficiently.

iv Security

Privacy and data retention

On 27 April 2016, the European Parliament and the Council adopted the General Data Protection Regulation (GDPR)50 together with the Police and Criminal Justice Data Protection Directive.51 On 25 May 2018, the GDPR entered into force. It replaced the EU Data Protection Directive52 and harmonised the processing of personal data by companies and public authorities across the EU.

Member States had to implement the Criminal Justice Data Protection Directive by 6 May 2018.

The Council and the Parliament made important changes to the Commission's proposal, remarking that, inter alia:

  1. data protection is not an absolute right and must be weighed against other fundamental rights;53
  2. data portability is restricted to data provided by individuals and does not apply if it adversely affects the rights and freedoms of others;54
  3. automated decision-making, including profiling, is permitted for fraud and tax evasion monitoring and prevention purposes, and to ensure the security and reliability of a service provided by a controller;55 and
  4. sanctions are to be proportionate.56

The new rules principally advantage small and medium-sized enterprises by reducing unnecessary administrative requirements such as notification requirements for companies. The right to be forgotten has been reinforced, and a right to data portability facilitates transfer of personal data between service providers. Furthermore, the Regulation provides that market operators established outside Europe will have to apply the same rules when offering services in the EU, and it brings forward a one-stop shop for companies and users, who will only have to deal with one single supervisory authority, facilitating cross-border operations and business in the EU. The Regulation also ensures stronger protection against data breaches, as it provides that a company experiencing a breach has to report it to the relevant data protection authority within 72 hours.

In line with the Data Protection Directive previously in force, Article 45 of the GDPR provides that the transfer of personal data from the EU to a country outside the EU or EEA may take place if that third country ensures an adequate level of protection of the data. The Commission has the power to determine whether a third country ensures an adequate level of protection, taking into account the relevant domestic legislation, respect for human rights and fundamental freedoms, and the international agreements that the third country concerned has entered into.

In 2000, under the regime previously in force, the Commission adopted a decision on the adequacy of the protection provided by the safe harbour privacy principles with regard to the US (Safe Harbor Adequacy decision).57 On 6 October 2015, the CJEU invalidated the 2000 Safe Harbor decision.58

In February 2016, the Commission put forward a successor agreement (known as the EU–US Privacy Shield).59 As in the case of the former Safe Harbor Agreement, the Privacy Shield is intended to enable personal data of EU citizens to be transmitted to and processed in the United States. The final draft of the Privacy Shield, which was adopted by the Commission on 11 July 2016 by majority vote of the Member States, includes privacy principles that stipulate improved data protection requirements compared with the safe harbour with which US companies must comply if they want to be certified under the Shield. Following criticism of the first draft of the Privacy Shield, in a revised draft the Commission endeavoured to assuage, in particular, the concerns expressed recently by the Article 29 Working Party, the independent advisory body on data protection and privacy that comprises representatives from national data protection authorities in Europe.

On 12 July 2016, the Commission adopted the Privacy Shield Adequacy Decision,60 certifying that this measure ensures an adequate level of protection for the transfer of personal data in the US. On 16 September 2016, Digital Rights Ireland brought an action for annulment before the CJEU against the Commission's adequacy decision,61 challenging in particular the legality of the mass recording of personal data by US public authorities, which remains possible under the Shield. On 22 November 2017, the General Court dismissed as inadmissible the action brought by Digital Rights Ireland.

On 9 January 2018, the Commission issued a notice stating that, as of the date of the UK's withdrawal from the European Union, the UK will be treated as a third country within the meaning of GDPR rules on the transfer of personal data. Accordingly, it will not be automatically granted the status of a safe third country.

The adoption of the GDPR also affects the ePrivacy Directive,62 which is lex specialis for the electronic communications sector. The review is overdue, because most of the articles of the current Directive apply to traditional telecoms companies but not to the growing number of OTT providers (that is, providers using the internet to deliver content).63

Thus, on 10 January 2017, the Commission presented a proposal for a 'Regulation concerning the respect for private life and the protection of personal data in electronic communications' (ePrivacy Regulation), which would replace the ePrivacy Directive.

The proposed ePrivacy Regulation would apply not only to traditional telecom operators, but also to OTT service providers (such as Whatsapp, Facebook and Skype) that currently do not fall within the scope of the ePrivacy Directive. It would also apply to non-EU operators that provide services to users located in the EU.

The new rules place great emphasis on end users' consent. Service providers must obtain users' consent to process electronic communications content and metadata, such as data on the location of where a phone call was made. The Regulation would introduce more user-friendly methods to obtain such consent (e.g., appropriate settings of a browser or other application). The proposed Regulation also addresses the privacy concerns raised by tools that allow tracking of the online activities of users, such as cookies, by requiring a clear affirmative action to express consent to their use.

In April 2017, the Article 29 Working Party and the European Data Protection Supervisor released their opinion on the proposal, advocating for more effective rules, such as a general prohibition on tracking practices and privacy by default settings for software and applications. The new regulation should be adopted by end of 2018.

Cybersecurity

On 6 July 2016, the Parliament and the Council approved the Network and Information Security (NIS) Directive,64 also known as the Cybersecurity Directive, which was developed within the framework of the Commission's EU Cybersecurity Strategy.65 The Directive aims to ensure a high common level of network and information security across the EU through a set of wide-ranging measures that will generate cooperation and information-sharing mechanisms, and set minimum requirements for a broad range of public and private players.66 In January 2018, the Commission adopted an implementing regulation laying down rules for the application of the NIS Directive.67

On 13 September 2017, the Commission and the High Representative for Foreign Affairs and Security Policy launched the cybersecurity package, a set of measures aimed at improving the EU response to cyberattacks and crime, which includes proposals for the institution of the European Cybersecurity Agency and for a directive on the combatting of fraud and counterfeiting of non-cash means of payment.68

Free flow of data and cloud computing

The DSM Strategy calls for a European free flow of data initiative to promote the free movement of data and encourage innovation in the EU, while protecting personal data.69

In April 2016, the Commission launched the European Cloud Initiative,70 which includes a series of initiatives concerning the certification of cloud services to allow users to benefit from secure and high-quality services, the switching of cloud service providers and the development of a European Open Science Cloud for European researchers. The Cloud Initiative also provides for the creation of a European data infrastructure. On 16 February 2017, the European Parliament adopted by a large majority a resolution on the European Cloud Initiative.

This is considered a key initiative, as estimates of the cost of an incomplete DSM for cloud computing are between €31.5 billion and €63 billion per year.71 On the other hand, it was estimated that cloud computing can potentially contribute a total of €450 billion to the EU's GDP between 2015 and 2020 and lead to the creation of an additional one million jobs and 300,000 companies in the EU throughout all sectors of the economy.72

On 11 January 2018, the Commission published its proposal for a regulation establishing the European High Performance Computing Joint Undertaking,73 a legal entity that would pool European resources to develop supercomputing infrastructure for European scientific and industrial users. At the moment, the top 10 supercomputers depend on non-European technology, and this creates risks for the EU in terms of competitiveness and innovation.

On 10 January 2017, the Commission adopted a communication on building a European data economy74 aimed at identifying unjustified restrictions on the free movement of data, such as data location restrictions.

In September 2017, the Commission adopted a proposal for a Regulation on the free flow of non-personal data in the EU.75 The proposal aims to achieve a more competitive and integrated internal market for data storage and other processing services and activities so as to unlock the potential of new digital technologies (e.g., cloud computing, big data, artificial intelligence and the IoT). The new Regulation would address certain obstacles preventing the free movement of data within the EU for companies, public administrations and citizens. Inter alia, the proposal would remove unjustified or disproportionate national rules that hamper or restrict companies in choosing a location for storage or processing of their data; ensure that competent authorities have access to data stored or processed in another Member State to perform their tasks in line with their regulatory mandate, just as they do when the data is stored in their own territory; and encourage the development of self-regulatory codes of conduct to make it easier to switch cloud service providers (e.g. , by informing users about the terms and conditions under which they can port data outside their IT environments).

On 19 December 2017, the Council adopted its position, supporting the possibility for Member States to impose data localisation requirements only when justified on grounds of public security. The first trialogue was held on 14 June 2018; during the second trialogue, held on 19 June 2018, the Parliament, the Council and the Commission reached an agreement on the proposal for a new Regulation. The Parliament's vote on the proposal in plenary is scheduled for 1 October 2018.

IV SPECTRUM POLICY

The DSM strategy considers a European spectrum policy to be necessary to boost investment, as some countries were slow in allocating the 800MHz band used for mobile communications, and lagged behind in rolling out 4G technology for mobile networks as a result.76 On the other side, some Member States have already outpaced EU regulation (e.g., Germany started auctioning spectrum from the 700MHz band for mobiles in May 2015).

On 9 June 2015, the Commission presented the outcome of a public consultation on the September 2014 Pascal Lamy report concerning the UHF band.77 The report discusses how the scarce spectrum resource in the UHF broadcasting band should be used in future. The results of the consultation suggest that there is general backing for spectrum-efficient technologies for DTTV equipment.

Accordingly, on 2 February 2016 the Commission presented a proposal for a Decision of the Parliament and the Council on the use of the 470–790MHz frequency band in the Union.78 On 17 May 2017, the Parliament and the Council adopted such decision,79 stating that Member States have to allow the use of the 700MHz frequency for wireless broadband ECSs by 30 June 2020.

The Commission also proposed measures to improve spectrum management across the EU in the framework of the new Electronic Communications Code. This objective should be achieved by giving preference to the use of radio spectrum under general rather than individual authorisations, by granting long-term licences (at least 25 years) and by coordinating the timing of assignments of spectrum across the EU.80

On 23 October 2017, the Commission published a study on spectrum assignment for the deployment of 5G in the EU,81 which considers the approaches currently used across the Member States for authorising and assigning spectrum. The study suggests that longer licence durations attract larger investments and a wider network roll-out.

V MEDIA

The AVMSD provides for a minimum harmonisation of certain aspects of national legislation related to audiovisual media services (e.g., advertising, protection of minors and promotion of European works) with a view to facilitating the circulation of audiovisual services in the internal market on the basis of the country-of-origin principle. According to this principle, audiovisual media service providers must abide only by the rules of the Member State with jurisdiction over them.

The AVMSD applies to all audiovisual media services, whether linear (traditional television) or non-linear (VOD), irrespective of the technology used to deliver the content (the principle of technological neutrality).82

The Commission's DSM strategy envisages a regulatory fitness evaluation of the AVMSD to gauge whether it still represents a satisfactory regulatory regime, taking account of technological advances, and whether it is effective in attaining its objectives. Namely, the evaluation will assess the current material and geographical scope of the Directive as well as the system of graduated regulation (i.e., the difference in regulatory treatment between linear and non-linear services).

In May 2016, the Commission announced a proposal to amend the existing AVMSD that aims, inter alia, to introduce a uniform regulatory framework for TV broadcasters and VOD service providers. The proposal includes a liberalisation of rules for traditional services, stricter rules for non-linear services (e.g., the two-tier approach, based on lighter regulation for VOD compared with TV broadcasting with regard to protection of minors is replaced by common rules valid for all audiovisual media services providers without distinction), changes in the definition of audiovisual media services (including for first-time video-sharing platforms) and geographical scope.83

In May 2017, the Council adopted its position, opening the way for an inter-institutional trialogue. A political agreement was struck on 6 June 2018; a vote on the new rules at the plenary of the Parliament to adopt the new rules is scheduled for 2 October 2018.

VI THE YEAR IN REVIEW

i Communication on artificial intelligence

In the mid-term review of the Digital Single Market strategy published in May 2017,84 the Commission stressed the importance for the EU of being in a leading position in the development of artificial intelligence (AI) technologies, platforms and applications.

On 25 May 2018, the Commission adopted a Communication on Artificial Intelligence for Europe.85 The Commission envisages a European Initiative on AI, based on three pillars: increasing public and private investments; preparing for socioeconomic changes brought about by AI; and ensuring an appropriate ethical and legal framework. In this regard, the Commission proposes a set of measures to boost the development of AI. First, the Commission is increasing investments in the development of AI to around €1.5 billion by the end of 2020 (which represents an increase of around 70 per cent). The Commission will also adopt measures to prepare for the socioeconomic changes in the labour market caused by the emergence of automation and robotics. This entails helping citizens to develop basic digital skills, assisting workers who perform jobs that are likely to disappear due to automation and training more specialists in AI. Finally, the Commission intends to propose several legislative and non-legislative measures to create a technical and legal framework for AI, including ethics guidelines to be developed by the end of 2018.

ii The .eu top level domain name

On 27 April 2018 the Commission adopted a proposal for a Regulation on the implementation and functioning of the .eu top level domain name86 aimed at and repealing the .eu Regulations.87 The .eu domain name is the specific domain name of the European Union, which allows European companies and citizens to participate on the internet and, at the same time, creates a European online identity for their websites and email addresses.

The proposal aims to modernise the existing legal framework by replacing the current regulations with a more efficient legal instrument; and create new eligibility criteria to allow EU citizens to register a .eu domain name, regardless of their place of residence, in order to ensure a wider use of the .eu top level domain name.

iii Proposal for a regulation on promoting fairness and transparency for users of online intermediation services

An increasing number of small and medium-sized companies nowadays use online marketplaces to sell their services and products to end users. Following its commitment in the mid-term review of the DSM Strategy to address the issue of unfair contractual clauses and trading practices in platform-to-business relationships, on 26 April 2018 the Commission presented a proposal for a Regulation on promoting fairness and transparency for business users when dealing with online platforms.88

The new rules aim at increasing transparency by requiring the providers of online intermediation services to make their terms and conditions for professional users understandable and easily available. This includes:

  1. setting out in advance the possible reasons why a professional user may be blocked or suspended from a platform;
  2. respecting a reasonable minimum notice period for implementing changes to contractual terms;
  3. stating clearly what data generated through their services can be accessed, by whom and under what conditions;
  4. describing how they treat their own goods or services compared to those offered by other professional users; and
  5. indicating the general algorithm that determines how goods and services are ranked in search results.

In terms of dispute solving, the providers of online intermediation services are required to create an internal system to handle complaints and to indicate in their terms and conditions the qualified and independent mediators that will work to settle the dispute.

iv Merger and antitrust control in telecommunication markets

A significant number of mergers involving telecommunications operators were cleared by the Commission between June 2017 and July 2018.

On 6 February 2018, the Commission cleared the acquisition of Scripps by Discovery.89 The parties are US media companies that provide pay-TV channels to TV broadcasters in the EU, especially in the UK and Poland. The Commission concluded that the transaction would raise no competition concerns in the UK given the limited overlap between the parties' activities. In Poland, however, where Scripps is active via the Polish company TVN, the proposed transaction risked increasing Discovery's market power in relation to TV distributors, given that certain channels provided by TVN were considered essential for the Polish audience. The transaction was cleared subject to Discovery's commitment to make such channels available to TV distributors in Poland for a reasonable fee for seven years.

Pursuant to Article 14(2) of the EU Merger Regulation, on 24 April 2018 the Commission imposed a fine of €124.5 million on Altice, a telecommunications company based in the Netherlands, for gun jumping, as the firm had implemented its acquisition of the Portuguese telecommunications operator PT Portugal before notification and approval by the Commission.90

In its fining decision, the Commission noted that certain provisions of the purchase agreement resulted in Altice acquiring veto rights over decisions concerning PT Portugal's ordinary business, and that Altice had actually exercised decisive influence on PT Portugal, for example by giving instructions on how to carry out a marketing campaign and by receiving commercially sensitive information about the company.

The transaction was notified to the Commission and cleared subject to conditions in April 2015. At the time of the notification, Altice's Portuguese subsidiaries competed with PT Portugal in Portugal in the market for fixed telecommunications. The Commission had concerns that the transaction would lead to higher prices for Portuguese clients; thus, it authorised the concentration subject to Altice's commitment to divest its Portuguese subsidiaries.

On 12 June 2018, the Commission opened an in-depth investigation to assess the proposed acquisition of Tele2 NL by T-Mobile NL (two of the largest operators in the Dutch retail mobile telecommunications market).91 The transaction would reduce the number of MNOs in the Netherlands from four to three and, according to the Commission, it could lead to higher prices on the retail market or less choice in mobile services for Dutch consumers. The Commission also fears that the reduction in the number of players may increase the likelihood that the three remaining players would coordinate their behaviour. At the time of writing, the Commission is carrying out its Phase two investigation and has to take a decision by 17 October 2018.

On 15 June 2018, the Commission unconditionally approved the acquisition of Sky by Comcast, a US media, technology and entertainment company, which owns Universal Pictures and operates TV channels.92 The Commission found that the proposed transaction would have led to only a limited increase in Sky's shares of the market for the acquisition of TV content, as well as of the market for the wholesale supply of TV channels in the relevant Member States. The Commission's assessment focused on whether Comcast would be able to prevent or limit access by Sky's competitors to its films, other TV content or TV channels; whether Sky would have the incentive to stop purchasing content from Comcast's competitors; and whether Sky could prevent competing channels from accessing its platform. Based on the results of its market investigation, the Commission concluded that Sky would have no incentive to cease purchasing content from Comcast's competitors, as this would reduce the quality of its offering; Comcast would not be able to prevent or significantly limit access by Sky's competitors to films and other TV content, because pay-TV distributors would continue to have access to multiple alternative channels provided by Comcast's competitors; and Sky would not be able to prevent competing channels from accessing its platform, because competitors are either contractually protected for a sufficient period of time or are not dependent on Sky's retail platform in the relevant Member States. On this basis, the Commission cleared the transaction.

Finally, on July 9 2018, the Commission unconditionally cleared the acquisition of UPC Austria (mainly active in the market for fixed telecommunications) by T-Mobile Austria (mainly active in mobile telecommunications).93 The Commission concluded that, notwithstanding the fact that both companies are active in the provision of internet access for residential customers in Austria, UPC's fixed internet access products are very different from T-Mobile's mobile broadband products and do not compete with the latter. In addition, the merged entity would have continued to face significant competition from other players in the provision of internet access for residential customers.

As to antitrust enforcement, in July 2018 the Commission concluded its long-lasting investigation in the Google Android case.94 The Commission imposed a fine of €4.34 billion on Google for having adopted illegal restrictions in its relationship with Android device manufacturers and MNOs to consolidate its dominant position in general internet searches. This is by far the highest fine ever imposed on a single firm under EU antitrust rules.

The Commission held that Google was dominant in the following markets: the national markets for general internet search services, due to the extremely high market shares held by Google (exceeding 90 per cent in most EEA Member States) and the presence of high barriers to entry; the worldwide market (excluding China) for licensable smart mobile operating systems, due to the share exceeding 95 per cent held by Google and the presence of high barriers to entry, and also as a result of indirect network effects and the need for significant resources; and the worldwide market (excluding China) for app stores for the Android mobile operating system, where Google holds a share exceeding 90 per cent, which is also protected by high barriers to entry.

The Commission contested three separate practices: the tying of Google Search, Google's Chrome browser and Google's app store (the Play Store); the grant of payments conditional on exclusive pre-installation of Google Search; and the obstruction of the development and distribution of competing Android operating systems.

In particular, according to the Commission, Google offered its mobile apps and services to device manufacturers as a bundle, which included Play Store, Google Search and Chrome. The Commission found that Play Store was a 'must-have' app, as users expect to find it pre-installed on their devices (and also because they cannot lawfully download it themselves). In this scenario, Google allegedly tied Play Store to two additional products: Google Search and Chrome. The tying of the products concerned ensured that Google Search and Chrome were pre-installed on practically all Android devices sold in the EEA. The Commission also noted that pre-installation can create a status quo bias, as users who find search and browser apps pre-installed on their devices are likely to stick to these apps. Accordingly, Google's practice reduced both the incentives of manufacturers to pre-install competing search and browser apps, and the incentives of users to download such apps.

Secondly, according to the Commission, Google granted significant financial incentives to some of the largest device manufacturers and MNOs on condition that they exclusively pre-installed Google Search across their entire portfolio of Android devices. This significantly reduced their incentives to pre-install competing search apps. The Commission held that a rival search engine would have been unable to compensate a device manufacturer or MNO for the loss of the revenue share payments made by Google across all devices and still make profits. The decision made reference to the recent Intel judgment of the Court of Justice,95 according to which, in the assessment of loyalty inducing incentives, the Commission has to consider, among other factors, the conditions under which the incentives were granted, their amount, the share of the market covered by the agreements and their duration.

Finally, according to the decision, Google prevented device manufacturers from using any alternative version of the Android operating system developed by third parties and not approved by Google (Android forks). To be able to pre-install on their devices Google's proprietary apps, including Play Store and Google Search, manufacturers had to commit not to develop or sell devices running on an Android fork. This limited the development of devices running on Android forks and related apps and services.

The Commission concluded that the three above-mentioned practices were part of an overall exclusionary strategy, which allegedly consolidated Google's traditional dominance in general internet search services at a time when the importance of mobile internet was growing significantly, prevented other mobile browsers from competing effectively with Chrome and obstructed the development of Android forks.

The Commission is still investigating other practices implemented by Google. In particular, in 2016 the Commission adopted a statement of objections concerning the AdSense search advertising service.96 The Commission alleges that Google would have prevented third-party websites from sourcing search adverts from other ad search providers through clauses providing for exclusivity, quantity requirements and preferred placement. The case is still pending.

VII CONCLUSIONS AND OUTLOOK

In the past year, the TMT sector has experienced significant developments, and also due to the entry into force of the Regulation on cross-border portability of online content services (1 April 2018) and, more importantly, of the GDPR Regulation (25 May 2018). The first ensures that subscribers to online content services in the EU can access and use these services while being temporarily present in another Member State; the second one has drastically changed the way businesses and public authorities collect, store and use customers' data, in order to reinforce EU citizens' control over personal data and to guarantee that their information is effectively protected.

As affirmed by President Juncker in his speech at the 2017 State of the Union, the main priority in the EU agenda concerns now the development of cybersecurity measures. This prompted the Commission to propose a cybersecurity package to protect European companies from cyberattacks, which also include a proposal for the creation of an EU Cybersecurity Agency.

Finally, antitrust enforcement in the period under review – namely, the Commission's decision in the Google Android case, which fined Google with the highest sanction ever imposed under EU competition law – confirms that the main focus of the Commission is to prevent anticompetitive practices by large firms active in high-tech markets that may further strengthen their dominant position and raise strategic barriers to entry.


Footnotes

1 Marco D'Ostuni is a partner, Gianluca Faella is counsel and Manuela Becchimanzi is an associate at Cleary Gottlieb Steen & Hamilton LLP.

2 See Section III.iv.

3 See Directive 2001/29/EC of 22 May 2001, OJ 2001 L 111/16.

4 See Directive 2002/21/EC of 24 April 2002, OJ 2002 L 108/33.

5 See Regulation (EC) No. 1211/2009 of 25 November 2009, OJ 2009 L 337/1.

6 Proposal for a Regulation of the European Parliament and of the Council establishing the Body of European Regulators of Electronic Communications (BEREC) – COM(2016)591 (available at https://ec.europa.eu/digital-single-market/en/news/proposed-regulation-establishing-body-european-regulators-electronic-communications-berec).

7 See Directive 2009/140/EC of 25 November 2009, OJ 2009 L 337/1.

8 See Directive 2009/136/EC of 25 November 2009, OJ 2009 L 337/1.

9 See State of the Union 2016: Commission paves the way for more and better internet connectivity for all citizens and businesses (available at http://europa.eu/rapid/press-release_IP-16-3008_en.htm).

10 Proposal for a Directive establishing the European Electronic Communication Code – COM(2016) 590 final (available at https://ec.europa.eu/digital-single-market/en/news/proposed-directive-establishing-european-electronic-communications-code).

11 See Regulation laying down rules on the exercise of copyright and related rights applicable to certain online transmissions of broadcasting organisations and retransmissions of television and radio programmes – COM(2016) 594 (available at https://ec.europa.eu/digital-single-market/en/news/proposal-regulation-laying-down-rules-exercise-copyright-and-related-rights-applicable-certain); Regulation on the cross-border exchange between the Union and third countries of accessible format copies of certain works and other subject-matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired or otherwise print disabled – COM(2016) 595 (available at https://ec.europa.eu/digital-single-market/en/news/proposed-regulation-cross-border-exchange-between-union-and-third-countries-accessible-format); Directive on copyright in the Digital Single Market – COM(2016) 593 (available at https://ec.europa.eu/digital-single-market/en/news/proposal-directive-european-parliament-and-council-copyright-digital-single-market); Directive on certain permitted uses of works and other subject-matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired or otherwise print disabled and amending Directive 2001/29/EC on the harmonisation of certain aspects of copyright and related rights in the information society – COM(2016) 596 (available at https://ec.europa.eu/digital-single-market/en/news/proposal-directive-permitted-uses-works-and-other-subject-matter-protected-copyright-and).

12 Directive 2010/13/EU of 10 March 2010, OJ 2010 L 95/1. On this reform see Section V.

13 See Regulation of the European Parliament and the Council (EU) 2018/302 of 23 February 2018 on addressing unjustified geo-blocking and other forms of discrimination based on customers' nationality, place of residence or place of establishment within the internal market.

14 See Regulation of the European Parliament and of the Council (EU) 2017/1128 of 14 June 2017 on cross-border portability of online content services in the internal market (available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2017.168.01.0001.01.ENG).

15 The respective competences of the Commission and NCAs to assess mergers are defined on the basis of the turnover of the undertakings concerned (See Article 1.2 of Council Regulation (EC) No. 139/2004 (Merger Regulation), OJ 2004 L 24/1–22). However, a Member State may also review a concentration that falls within the competence of the Commission and adopt the measures needed to protect certain legitimate interests, including the plurality of the media (see Article 21.4 of the Merger Regulation).

16 Directive 2002/20/EC of 7 March 2002, OJ 2002 L 108/21.

17 Article 5 of the Authorisation Directive.

18 See, e.g., the CJEU judgment of 17 December 2015, C-454/13, Proximus, Paragraph 19.

19 Regulation (EU) No. 2015/2120 of 25 November 2015, OJ 2015 L 310/1.

20 Regulation (EU) No. 2015/2120, Article 3.

21 Regulation (EU) No. 2015/2120, Paragraph 9.

22 The Regulation also includes a number of transparency measures for providers to ensure customer awareness of open internet access, and provides that national regulatory authorities have to monitor providers' compliance with the minimum service quality standards. Regulation (EU) No. 2015/2120, Articles 4 and 5.

23 On the end of roaming charges, see Section VI of the eighth edition of this publication.

24 See Directive 2002/22/EC of 7 March 2002, OJ L 108. See Commission Communication of 23 November 2011, COM(2011) 795 final, available at http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2011:0795:FIN:EN:PDF. In March 2014, the Commission started the fourth review of the scope of universal service. In July 2014, BEREC provided a report including the views of NRAs. See http://berec.europa.eu/eng/document_register/subject_matter/berec/reports/4479-ec-questionnaire-on-the-implementation-and-application-of-the-universal-service-provisions-8211-a-synthesis-of-the-results.

25 See European Parliament resolution of 19 January 2016 on Towards a Digital Single Market Act (2015/2147(INI)) Paragraph 56 (www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN &reference=P8-TA-2016-0009).

26 Communication from the Commission, EU Guidelines for the application of State aid rules in relation to the rapid deployment of broadband networks (2013/C 25/01).

27 Case C-1/14, Base Company NV and Mobistar NV v. Ministerraad.

28 See Proposal for a Directive establishing the European Electronic Communications Code, p. 11.

29 Commission Recommendation of 20 September 2010, OJ 2010 L251/35.

30 See Article 70 of the Proposal for a Directive establishing the European Electronic Communication Code.

31 Commission Recommendation 2013/466/EU of 11 September 2013 on consistent non-discrimination obligations and costing methodologies to promote competition and enhance the broadband investment environment, OJ L 251. The measure follows Commissioner Kroes' policy statement of July 2012 (available at http://europa.eu/rapid/press-release_MEMO-12-554_en.htm?locale=en).

32 The EoI model ensures that the incumbent's and competitors' downstream access products use exactly the same physical upstream inputs (e.g., same tie cables, same electronic equipment, same exchange space). Conversely, the equivalence of output model ensures that the access products offered by the incumbent to alternative operators are comparable to the products it provides to its retail division in terms of functionality and price, but they may be provided by using different systems and processes.

33 Idem.

34 BEREC issued its Report on the Regulatory Accounting in Practice 2013, according to which data from NRAs generally confirmed the trend toward an increasingly consistent approach to regulatory accounting obligations among NRAs. The Report on the Regulatory Accounting in Practice 2017 confirms that the degree of consistent application of methodologies continues to be high among NRAs.

35 See for example the recommendation issued against Italy on 11 December 2013.

36 See Paragraph 179 of the Proposal for a Directive establishing the European Electronic Communications Code.

37 Directive 2000/31/EC.

38 See Section 4, Articles 12 to 15.

39 Cases C-70/10, Scarlet Extended v. SABAM; and Case C-360/10, Sabam v. Netlog NY. For more details on these judgments, see this chapter in the seventh edition of this publication.

40 Case C–314/12 UPC Telekabel Wien GmbH v. Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft mbH.

41 Directive 2001/29/EC, OJ 2001 L 167, p. 10.

42 Case C-484/14, Mc Fadden v. Sony Music.

43 See footnote 11.

44 Case C-131/12, Google Spain SL, Google Inc/Agencia Española de Protección de Datos, Mario Costeja González, Paragraphs 28 and 41. For more details on these judgments, see this chapter in the seventh edition of this publication.

45 The Directive grants individuals the right to obtain from the controller rectification, erasure or blocking of personal data (Article 12(b)) and to object to processing on compelling legitimate grounds (Article 14). The Court affirmed that these rights can also be invoked against search engines since 'it is the search engine operator which determines the purposes and means of that activity and [. . .] must, consequently, be regarded as the 'controller' in respect of that processing pursuant to Article 2(d)' (Paragraph 33).

46 C-136/17, G C and Others (Déréférencement de données sensibles).

47 Communication on Tackling Illegal Content Online – Towards an enhanced responsibility of online platforms – COM (2017) 555 (available at https://ec.europa.eu/digital-single-market/en/news/communication-tackling-illegal-content-online-towards-enhanced-responsibility-online-platforms).

48 See Recommendation on measures to effectively tackle illegal content online - C (2018) 1177, available at https://ec.europa.eu/digital-single-market/en/news/commission-recommendation-measures-effectively-tackle-illegal-content-online.

49 Communication on Tackling online disinformation: a European Approach, COM (2018) 236, available at https://ec.europa.eu/digital-single-market/en/news/communication-tackling-online-disinformation-european-approach.

50 Regulation (EU) No. 2016/679 of 27 April 2016, OJ 2016 L 119/1.

51 Directive (EU) No. 2016/680 of 27 April 2016, OJ 2016 L 119/1.

52 Directive (EC) No. 1995/46 of 24 October 1995, OJ L281/1 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

53 See Recital 4 of Regulation (EU) No. 2016/679 of 27 April 2016, OJ 2016 L 119/1.

54 See Article 20 of Regulation (EU) No. 2016/679 of 27 April 2016, OJ 2016 L 119/1.

55 See Recital 71 of Regulation (EU) No. 2016/679 of 27 April 2016, OJ 2016 L 119/1.

56 See Recital 152 of Regulation (EU) No. 2016/679 of 27 April 2016, OJ 2016 L 119/1.

57 Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.

58 Case C-362/14, Maximillian Schrems v. Data Protection Commissioner. For more details on this judgment, see this chapter in the seventh edition of this publication.

59 In the meantime, Article 26 of Data Protection Directive applies. The latter provides for some alternative grounds on which specific data transfers may take place absent an Article 25 adequacy decision. In particular, transfers may be carried out where the entity responsible for determining the purposes and means of the processing of personal data adduces appropriate safeguards, including contractual clauses binding the exporter and the importer of the data.

60 Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU–US Privacy Shield.

61 Case T-670/16, Digital Rights Ireland v. Commission.

62 Directive (EU) No. 2002/58 of 12 July 2016, OJ 2002 L201/1.

63 Commission's DSM strategy, Pillar II, Action 12.

64 Directive (EU) No. 2016/1148 of 6 July 2016, OJ 2016 L194/1.

65 Joint communication on cybersecurity strategy of the European Union – JOIN(2013) 1 final (available at www.europarl.europa.eu/meetdocs/2009_2014/documents/join/com_join (2013)0001_/com_join(2013)0001_en.pdf).

66 Paul Waszin, Nauta Dutilh, 'Network and information security NIS: EU Strategy and Directive' (available at www.lexolosv.com/librarv/detail.asox?s=fbOffQ7d-09c8-4add-aa58-7daf780eSd6f).

68 Joint Communication to the European Parliament and the Council - Resilience, Deterrence and Defence: Building strong cybersecurity for the EU, available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52017JC0450&from=EN

69 Commission's DSM Strategy, Pillar III, action 14.

70 See the Digitizing European Industry Q&A of 19 April 2016, available at http://europa.eu/rapid/press-release_MEMO-16-1409_en.htm.

71 European Parliament Research Service, Mapping the cost of Non-Europe, 2014–19.

72 The International Data Corporation, Uptake of Cloud in Europe: Follow-up of IDC Study on Quantitative estimates of the demand for Cloud Computing in Europe and the likely barriers to take-up, 2015.

73 Proposal for a Council Regulation on establishing the European High Performance Computing Joint Undertaking, COM (2018) 8, available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2018:8:FIN.

74 See Communication on Building a European Data Economy (available at https://ec.europa.eu/digital-single-market/en/news/communication-building-european-data-economy).

75 Proposal for a Regulation on a framework for the free flow of non-personal data in the European Union – COM(2017) 495 final (available at http://ec.europa.eu/transparency/regdoc/rep/1/2017/EN/COM-2017-495-F1-EN-MAIN-PART-1.PDF).

76 Commission's DSM strategy, Pillar II, Action 9.

77 Summary report, Brussels, 9 June 2015 DG CONNECT/B4.

78 Proposal for a Decision on the use of the 470-790MHz frequency band in the Union – COM(2016) 043 final (available at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2016%3A43%3 AFIN); see also the Commission press release available at http://europa.eu/rapid/press-release_IP-16-207_en.htm.

79 Decision of the European Parliament and of the Council of 17 May 2017 on the use of the 470–790MHz frequency band in the Union (available at http://data.consilium.europa.eu/doc/document/PE-5-2017-REV-1/en/pdf).

80 See Articles 48, 49 and 53 of the Proposal for a Directive establishing the European Electronic Communication Code.

82 Article 1(1)(a) and the explanatory note provided by the Commission.

83 Proposal for a Directive amending Directive 2010/13/EU on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the provision of audiovisual media services in view of changing market realities – COM(2016) 287 final (available at https://ec.europa.eu/transparency/regdoc/rep/1/2016/EN/1-2016-287-EN-F1-1.PDF).

84 See Communication on the Mid-Term Review on the implementation of the Digital Single Market Strategy, COM (2017) 228, available at ttps://eur-lex.europa.eu/resource.html?uri=cellar:a4215207-362b-11e7-a08e-01aa75ed71a1.0001.02/DOC_1&format=PDF.

85 See Communication on Artificial Intelligence for Europe, COM (2018) 237, available at https://ec.europa.eu/digital-single-market/en/news/communication-artificial-intelligence-europe.

86 See Proposal for a Regulation of the European Parliament and the Council on the implementation and functioning of the .eu Top Level Domain name, COM (2018) 231, available at https://ec.europa.eu/digital-single-market/en/news/regulation-implementation-and-functioning-eu-top-level-domain-name.

87 Regulation No. 733/2002 and Regulation No. 874/2004.

88 See Proposal for a Regulation of the European Parliament and the Council on promoting fairness and transparency for business users of online intermediation services, COM (2018) 0112, available at https://ec.europa.eu/digital-single-market/en/news/regulation-promoting-fairness-and-transparency-business-users-online-intermediation-service.

89 Case M. 8665, Scripps/Discovery.

90 Case M. 7993, Altice/PT Portugal.

91 Case M. 8792, Tele 2 NL/T-Mobile NL.

92 Case M. 8861, Comcast/SKY.

93 Case M. 8808, T-Mobile Austria/UPC Austria.

94 Case 40099, press release available at http://europa.eu/rapid/press-release_IP-18-4581_en.htm.

95 Court of Justice, C-413/14 P, Intel v. Commission.