26 Sep 2022

DIGITALEUROPE's Position on Autonomous Controls


The current state of play of EU recast Regulation 821/2021 continues to cause concern to the digital technology Industry, in particular with regards to autonomous controls in article 5, 9 and 10. DIGITALEUROPE would like to remind stakeholders that the implementation of the recast regulation should be fit to address the challenges of today without unintentionally undermining European industry’s capacity to survive and prosper on the global market.


Expected publication of guidelines on cybersurveillance controls

Delay in publishing guiding principles on cybersurveillance and human rights due diligence sustains the lack of clarity of the new controls and creates a basis for diverse interpretation by EU Member States and exporters risking to unlevel the playing field and in turn make the new controls ineffective.

Call for a harmonised EU-wide list of excluded parties and/or countries of concern

Nevertheless, guidelines cannot replace a clear definition of applicable export licensing criteria. They will not be sufficient to account for automation and enhanced due diligence on the part of the exporters which may be obliged to engage vendors and intelligence service providers to get necessary information. At the very least guidance to exporters should reflect a large span of scenarios addressing different sales channels such as components, indirect and channel distribution models but also more ambiguous customer sectors such as public health, telecommunication service providers etc. They also create a high risk of divergent interpretation by the competent authorities across the EU member states. The European Commission should also strive to be consistent with other regulatory initiatives in this area as to limit the complexity of compliance burden for the industry.

Avoid multiplication of legal instruments

Currently, the EU is addressing these concerns on several fronts. There are proposed or upcoming regulations not only in the area of mandatory supply chain human rights due diligence[1] but also on responsible and ethical AI under the Artificial intelligence Act. We ask that Trade F4 consider these initiatives carefully to avoid overlap, inconsistencies and unnecessary complexity and burden.

Clear alignment with international control regimes on controlled items

We continue to urge stakeholders to work further towards ensuring a level playing field both within Europe and globally, through a clear alignment with the international control regimes such as the Wassenaar Arrangement. The latter have a proven track record of introducing export controls at the global level, including those aimed at addressing human rights concerns. Indeed, a unilateral regime risks harming the global competitiveness of European industry, as well as undermining existing international export control regimes.

EU MS and Commission should work together in Commission Expert Groups (EG) to identify any relevant non listed items and prepare Wassenaar Arrangement proposals to be submitted, advocated for and supported by all MS. On listing additional items with regards to cybersurveillance and Emerging technologies we would like to point out the following:

Item evaluation and selection criteria

To be impactful, goods and technologies to be controlled should be evaluated and selected according to the well-known following criteria:

  • the foreign availability of the item outside the EU;
  • the ability to make a clear and objective specification of the item;
  • the ability to effectively control the export of the goods.

Cybersurveillance items

Any new list controls on cybersurveillance items should be selected and drafted according to above criteria. We would also recommend considering the following elements:

  • The positive human rights impacts of the item, including on the rights to privacy and personal security. I.e.: increase online safety and security for users.
  • The likelihood of the item to be misused should be taken into consideration in cases where sound product risk analysis shows that although the item or features may present a risk, the likelihood it would actually be used for these reasons is very low as more efficient solutions and options are available to meet the intended effect.

Finally, we would like to elaborate on commercial applications that may be using features that could be regarded as cybersurveillance and how they do not entail a risk of end use in connection with internal repression, nor with the commission of serious violations of human rights and international humanitarian law. Currently the recast regulation identifies the items used for purely commercial applications such as billing, marketing, quality services, user satisfaction or network security. This list of exclusions should be updated following the expansion of commercial implementation.

Emerging technologies

In the same way that recitals on cybersurveillance items acknowledges that commercial items used for purely commercial applications do not present a risk, it should be acknowledged that certain Emerging technologies are not at risk for military-civil fusion. For instance, AI systems with specific transparency obligations should be excluded from any additional controls as they would present a more limited risk to safety or fundamental rights.

Stakeholder consultation periods

Any new controls should be subject to stakeholder consultation with sufficient time provided for analysis and comment to ensure control criteria are understood and implementable by exporters. This consultation could be public or in the context of enhanced engagement in expert groups as described below.

Consistency with other legal instruments

Any additional control should be considered in light of requirements and safeguards from other relevant legal instruments.

General Export authorisations

EU and Member States should consider complementing any new controls with general export authorisations to address export scenarios where the associated risk would remain low.

Avoid over expansion of controls

As export controls compliance frameworks are already complex, EU MS and Commission should also pursue removal of controls where possible. Continuing to control technologies that are now globally available would prevent controls from being effective and listed technologies should be regularly evaluated and removed.

Other multilateral cooperation

Recent cooperation and alignment between the EU and other partners through the EU and US Trade and technology council as well as Coalition response in sanctioning Russia for invading Ukraine have proven to facilitate compliance and have been welcomed by compliance professionals.

Commission should seek to conduct local impact assessment before adopting other countries’ unilateral controls. Any new European control should come with comprehensive outreach and capacity building by all participating parties. This would allow to explicit benefits and remaining obligations for European exporters.

This month we set out further recommendations on EU-US TTC opportunities to strengthen cooperation on export controls.

Enhanced cooperation and stakeholder engagement

Enhanced Member State and industry cooperation in STEG/ETEG

It is imperative that the Commission is able to draw on experience and gather input from national competent authorities and industry to paint a complete picture of how controls will work in practice.

We recommend that Member States dedicate relevant resources to participate in these groups. Additionally, industry should be kept abreast of current undertakings and ongoing work. Public sessions could be organised on an ad-hoc basis to keep wider stakeholders informed and allow for public consultation and constructive feedback.

Structured stakeholder engagement and dialogue

We recommend that the Commission EG should be formally composed of representatives from industry and Government representing diverse points of view on the concerns of the exporting community. Such expert groups would be responsible for advising the Commission on the technical parameters for export controls applicable to dual-use commodities and technology and on the administration of those controls on a regular basis. This could be achieved through borrowing from global best-practices such as the United States Bureau of Industry and Security’s Technical Advisory Committee, granting a variety of stakeholders the opportunity to apply for a mandate to provide input to ongoing and upcoming initiatives via confidential sessions.


DIGITALEUROPE is ready to continue working constructively with policymakers to make sure Europe can provide a legally sound and operational export control regime for its ICT industry to remain globally competitive whilst still achieving the overall goals of national security and regional stability, protecting citizens from serious violations of human rights, and enabling secure utilization of today’s digital tools.


[1] Corporate due diligence and corporate accountability directive


Luke Makris
Manager for Member State Outreach
Back to Digital trade
View the complete Policy Paper
Our resources on Digital trade
30 Apr 2024 Position Paper
Contribution to public consultation on white paper on export controls
09 Feb 2024 resource
The Download: The EU's Economic Security Strategy
10 Nov 2023 resource
Key policies for digitalization during the Spanish Presidency: The AI Act and the Data Act
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.