05 Sep 2019

Response to ENISA consultation on EU ICT industrial policy

Executive summary

The EU Agency for Cybersecurity (ENISA) last July published a paper on EU industrial policyThe paper contextualises Europe’s position in the global ICT value chain and puts forward recommendations to guide the new European Commission and European Parliament.

In the following response to ENISA’s consultation, we share our views on the most important issues that Europe needs to tackle in order to ensure ongoing and future European leadership in ICT.


Responses to the consultation questions

Do you agree with the principles outlined in this paper? Please outline where you agree or disagree.

DIGITALEUROPE supports the paper’s goal of fostering European-originated ICT players that can compete and grow both across the EU and in the global market.

The paper identifies numerous factors that can explain Europe’s current ICT position vis-à-vis other world regions. These include but are not limited to: an overly burdensome regulatory environment that discourages growth and risk taking; EU companies’ relative reluctance to invest in new players with growth potential; and the EU’s existing fragmentation across national and language lines.

All these factors merit specific attention and have more to do with the EU’s own attitudes and policies than with external factors. In fact, we believe such factors play a greater role in explaining the current global marketplace as described in the paper. Unless these issues are tackled more decidedly, the EU’s global standing will not improve.

Europe’s ambition should be to become a worldwide hub for innovative technologies and services, being able to develop them here and trade them across the globe. Europe needs to develop capacities in key technologies, services and platforms, but it should also be able to choose freely between foreign alternatives. From this perspective, the term ‘digital sovereignty,’ which we find is not clearly defined in the paper, should avoid any binary connotation and recognise the reality of global supply chains and the overall globalised nature of the ICT industry.

‘Digital sovereignty’ is best understood as the ability to build and maintain technical and scientific expertise in critical digital technologies, in both the public and private sectors, while taking into account innovative technologies and the state of the art in a global market. ‘Digital sovereignty’ should therefore not be understood as an inward-looking, protectionist agenda but as a positive, outward-looking projection of European economic strength and values.

Do you think Europe should focus on developing the cybersecurity market? If yes what do you think are Europe’s competitive advantages and how do you envisage that these advantages will develop?

Cybersecurity has emerged as a key political and economic priority for the EU, and we support the EU’s efforts to strengthen the cybersecurity market in Europe and worldwide.

While some players can enjoy growth trading purely within Europe, European players developing cybersecurity solutions will enjoy further growth if they can operate and trade internationally. Real competitiveness for European players will only emerge in the latter scenario and it is therefore important to identify areas where Europe has a competitive advantage.

At present we see opportunities for Europe to emerge competitive in the global cybersecurity market through emerging technologies such as artificial intelligence and machine learning, particularly in the digital transformation of traditional industrial sectors, as well as competitive hardware security products (e.g. secure elements).

Moreover, it is important to keep in mind that Europe is home to globally leading companies in the telecommunications equipment market, and this leadership continues from GSM to EU-developed 4G and now EU-led 5G. Leading in the development of globally harmonised standards will in this context continue to be key to ensuring Europe’s global competitiveness.

Do you think competition policy and/or legislation or the interpretation thereof needs to be changed in respect of the European ICT and cybersecurity markets? Please explain.

Effective competition policy is vital in sustaining a healthy market where competition, innovation and growth can coexist. From this perspective, a correct understanding of ICT markets and clear evidence of harm are necessary lest competition action diminish innovation or limit European success stories in the longer term.

As stated in the paper, Europe has been at the forefront in this space, and overall we find that existing analytic tools are up to the task of addressing anticompetitive behaviour.

The paper suggests that a specific review of merger rules may be needed to stimulate the growth of European ICT businesses. However, and without expressing a view on specific merger cases or markets, we note that the paper also explicitly recognises (p. 8) that ‘European ICT businesses typically neither grow by means of mergers nor acquisitions’ not because mergers are blocked but because of a ‘lack a strong entrepreneurial culture’ and ‘conservative attitudes in European companies.’ As we argue in our response to Question 1, we believe tackling similar issues more decidedly might be more important in improving the EU’s global standing.

Do you agree a more thorough market analysis needs to be carried out to identify where Europe has a competitive advantage in cybersecurity/ICT?

We concur with the paper’s findings (p. 2) that Europe cannot try to excel at everything but should instead ‘gather the necessary evidence to identify the correct market segment and pursue a specific strategic approach.’

We believe that one of the EU’s missions should be to identify how Europe can seek a competitive advantage in cybersecurity products. A solid grounding in evidence will be necessary in order to pursue an effective industrial strategy that recognises the reality of global supply chains and the overall globalised nature of the ICT industry.

Which body or bodies do you think would be most appropriate to carry out this market analysis? Please explain.

The European Commission and ENISA, with support from a recognised market research company and the necessary industry input, would be best suited to conduct an independent and unbiased analysis.

What do you think could be done to improve the financial standing and ability to grow/expand of European cybersecurity undertakings?

We believe that the paper identifies some key issues that the EU will need to tackle in order to improve competitiveness and access to funding for European companies. These include:

  • Reducing barriers for cross-border funding, by strengthening the European venture capital, financial and loan markets;
  • Reducing administrative burden, which disproportionately affects small businesses;
  • Improving support services and access to capital for innovative SMEs;
  • Increasing the effectiveness of funding opportunities, avoiding fragmentation at both EU and Member State level that leads to inefficiencies and lost potential;
  • Strengthening the academic spin-off model and focusing on skills and education as a priority.

The ENISA consultation also rightly points to public procurement as an important factor in stimulating the EU ICT industry and cybersecurity. With more than 250,000 public authorities in the EU spending 14% of EU GDP each yearthe public procurement market very much has the ability to drive innovation rather than what may in the short term appear as the lowest cost. ENISA could helpfully work with the European Commission in developing something akin to the Handbook for Green Procurement for cybersecurity as well as contribute to related policy debates around public procurement.

14%

% of GDP coming from public procurement in the EU (around €2 trillion per year)

Most importantly, Europe should look to further strengthen its efforts to achieve a true digital single market. European companies will only be able to grow coherently in Europe, as opposed to having to migrate outside the EU when they are successful (see p. 14 of the paper), if they are presented with the necessary pan-European scale and addressable market.

Are there any other initiatives that could be put in place to stimulate the European cybersecurity/ICT market?

Industrial and trade policies go hand in hand. A strategic coordination of these two key policy areas is vital and entails that any policy action considers the reciprocal impact on the other.

The paper correctly identifies practices of third countries, such as state subsidies, that distort competition and dump products on the EU market at prices that do not reflect production costs. As such, the EU needs appropriate tools – and to leverage existing ones – to address these behaviours.

European policymakers should coordinate their policy goals, objectives and principles of trade regulation closely with international partners to promote global alignment with rules and standards in order to avoid a fragmented policy landscape for businesses. The current rise of protectionism should urge the EU to take international leadership and defend the rules-based multilateral trade system.

Are there any other issues that you would like to raise to contribute to this debate?

We welcome ENISA’s contribution to the discussion on the EU’s future ICT industrial policy. A deeper understanding of how EU policies and initiatives can strengthen Europe’s competitiveness and global standing is desperately needed.

We share many of the proposals contained in the study – particularly those around removing fragmentation, improving pan-European access to venture capital and carrying out an evidence-based analysis of Europe’s competitive advantage – but urge caution on others.

Notably, we note that the paper conflates ICT as a whole with cybersecurity. This link is not a direct one and should be more carefully construed.

Strengthening the EU’s global standing in ICT markets is important, but focusing on origin does not in and of itself improve security. This instead requires effective practices throughout a product’s lifecycle, irrespective of origin – design and development, planning and ordering, sourcing and manufacture, delivery, use and end of life.

Similarly, the location of manufacturing (assembly) is not in itself a determining factor. Europe needs to excel in ICT developments, but the country of manufacturing is secondary. For example, there is virtually no ‘ICT manufacturing’ on US soil.

We look forward to future engagement with ENISA, the EU institutions and the Member States to further explore these issues and suggestions for EU policy action.

For more information, please contact:
Alberto Di Felice
Senior Policy Manager for Infrastructure, Privacy and Security
Back to Cybersecurity
View the complete Policy Paper
PDF
Our resources on Cybersecurity
Policy Paper 01 Sep 2019
DIGITALEUROPE and ESIA response to the Office of State Commercial Cryptography Administration Draft Cryptography Law
Policy Paper 19 Jul 2019
Joint industry letter on Cybersecurity Vulnerabilities Administrative Regulation Response to MIIT published draft for comments
Press Release 10 Apr 2019
Cybersecurity Act gives Europe a new framework to increase trust in a digitising world
Hit enter to search or ESC to close