Analyzing upcoming EU regulations on data, cloud, and responsible AI, our strategic foresight assesses their impact on sovereignty, security, and sustainability efforts.Read the full Strategic Foresight on the EU’s digital policies.
Our Strategic Foresight paper provides unparalleled insights from EU institutions, Nordic decision-makers, and security specialists on upcoming EU initiatives for sovereignty, security, and sustainability.
The value of data is well understood in the Nordic countries. Companies and public bodies are looking to increasingly put their data in good use with the help of innovative technologies. In the meanwhile, the growing legal maze governing the use of data, cloud and artificial intelligence (AI) is often cited as a key obstacle for organisations looking to deploy innovative technologies. With new major EU regulatory initiatives under preparation, it is now more important than ever for organisations to proactively analyse and consider the impact of upcoming legislation in their data, cloud and AI strategies. One of the major regulations is the EU Artificial Intelligence Act (AI Act) setting a global standard through a risk-based classification and regulation of AI systems.
Organisations should proactively assess their use of AI from ethical and sustainability perspectives. By doing so, they can prepare themselves for upcoming regulations, such as AI Act, and develop policies and user guidance for the responsible AI use."
The Commission of Ursula von der Leyen aims to strengthen European digital sovereignty by enhancing Europe's control over its data and digital capabilities. Simultaneously, the Commission promotes innovation within the continent. The focus on data, cloud services, and the regulation of artificial intelligence (AI) reflects these sovereignty objectives. With the end of the von der Leyen Commission approaching in 2024, no new initiatives are expected. However, navigating the evolving policy landscape has been challenging for users of data and cloud services, leading to uncertainty around transatlantic data flows and cloud transformation under European Union privacy rules. Understanding the policy landscape is crucial for those working in these areas.
After the landmark Schrems II ruling in 2020 and the looming risk of foreign authorities’ access to critical data, Nordic organisations have experienced a degree of uncertainty. Specifically, this uncertainty revolves around transfers of personal data. The EU Commission is currently looking to relieve these uncertainties with a new data pact between the EU and the US (Data Privacy Framework). At the same time, the EU is preparing initiatives to enhance Europe’s digital sovereignty, most notably, through security labelling of cloud services and new risk-based rules on AI products and services. Organisations can adapt to the changes proactively by exploring multi-cloud solutions for different types of data and assessing the ethical and security risks associated with the use of AI.
With new major EU level regulatory initiatives under preparation, it is now more important than ever for organisations to proactively analyse and consider the impact of upcoming legislation on their data, cloud, and AI strategies."
Estimated timeline for key digital sovereignty related EU regulatory initiatives. (Click to enlarge)
Organisations should consider adopting sovereign cloud solutions for processing and storage of their most sensitive data. This approach ensures enhanced security and compliance with upcoming regulations, such as the EUCS sovereignty requirements."
Security landscape in Europe has changed dramatically after the Russian invasion of Ukraine in February 2022, accelerating the development of new regulation on cybersecurity and critical infrastructures. While security needs are urgent, new legislation takes years to prepare and finalise. It is therefore no longer sufficient for organisations to merely react to new legislation; they should proactively consider their role and responsibilities in the security landscape, preparing for new laws in the making, such as the Cyber Solidarity Act (CSA) and the Critical Entities Resilience Directive (CER).
Organisations should proactively consider their roles and responsibilities in the security landscape, preparing for upcoming legislation, such as the Cyber Solidarity Act (CSA) and the Critical Entities Resilience Directive (CER) currently under development."
Estimated timeline for key security related regulatory initiatives. (Click to enlarge)
Sustainability considerations are increasingly impacting the use of data and AI in Nordic organisations. Furthermore, sustainability considerations are influencing their choice of cloud service providers. Currently, the industry and self-regulation are in the driver’s seat when it comes to sustainability standards applied to digitalisation and data centres. However, the EU is ramping up its efforts to increase sustainability of these sectors through regulation. The most notable development – the EU Sustainable Finance Taxonomy – divides economic activities into green and non-green categories based on technical criteria laid down in legislation, requiring companies to disclose the percentage of their business that meets these criteria. The Taxonomy framework will be implemented in segments, with parts of it already applicable and reporting requirements gradually growing. Organisations should proactively invest in the collection and analysis of their non-financial data, thereby preparing for the tightening regulation seizing the opportunity to utilise sustainability data for business growth.
As sustainability reporting requirements, such as ESG reporting, are increasing, companies should invest in real-time sustainability data collection and data governance. Companies can act as pioneers in the change toward a more sustainable processes and supply chain."
Estimated timeline for key sustainability related regulatory initiatives. (Click to enlarge)
With new EU regulations on the horizon, organisations are expected to proactively analyze and incorporate the upcoming legislation into their strategies for data, cloud native, and responsible AI. Our Strategic Foresight Report provides invaluable insights from EU institutions, Nordic decision-makers, and security specialists on sovereignty, security, and sustainability.
At Tietoevry Tech Services, we are dedicated to driving enterprise-wide digital transformation. We help organisations and companies with their cloud, data, and AI strategies, enabling them to capitalize on new opportunities in today's dynamic business environment. Our expertise lies in modernizing the digital landscape of our customers, empowering them to stay ahead in an ever-evolving market.
Wenche is passionate about creating value for our customers and enabling growth with attractive service offerings. She has near twenty years of experience in the IT business with different roles within management and advisory, bringing new services to the market.
In her current role as Head of Strategic Differentiation Programs at Tietoevry Tech Services, she is leading a global team of experts and managers.