EUs

“Collaborative Efforts: Open Source Foundations Unify to Establish Shared Standards for the EU’s Cybersecurity Resilience Act”

Gettyimages 1473057239 E1712083727562
Seven open source foundations are coming together to create common specifications and standards for Europe’s Cyber Resilience Act (CRA), regulation adopted by the European Parliament last month. And this is what the seven open source foundations are coming together for now. By coming together as one, this should go some way toward treating open source software development as a single “thing” bound by the same standards and processes. Throw into the mix other proposed regulation, including the Securing Open Source Software Act in the U.S., and it’s clear that the various foundations and “open source stewards” will come under greater scrutiny for their role in the software supply chain. “The open source community and the broader software industry now share a common challenge: legislation has introduced an urgent need for cybersecurity process standards.

Data Protection Rules Breached: EU’s Utilization of Microsoft 365 Unveiled

Gettyimages 1354846583
A lengthy investigation into the European Union’s use of Microsoft 365 has found the Commission breached the bloc’s data protection rules through its use of the cloud-based productivity software. Announcing its decision in a press release today, the European Data Protection Supervisor (EDPS) said the Commission infringed “several key data protection rules when using Microsoft 365”. The regulator, which oversees’ EU institutions’ compliance with data protection rules, opened a probe of the Commission’s use of Microsoft 365 and other US cloud services back in May 2021. Yet use of Microsoft 365 routinely results in data flowing back to Microsoft’s servers in the US. Over the last few years, Microsoft has responded to amped up EU regulatory risk attached to data transfers by expanding a data localization effort focused on regional cloud customers — in an infrastructure it’s branded the “EU Data Boundary for the Microsoft Cloud”.

DMA Gatekeepers: Adapting to the EU’s Latest Competition Regulations – Firsthand Accounts

Gettyimages 1031626648
How DMA gatekeepers are responding to the EU’s new competition rules — in their own wordsThe compliance deadline for the six tech giants regulated under the European Union’s Digital Markets Act (DMA) expired yesterday. The first batch of gatekeeper compliance reports — aka the non-confidential versions — have been published on the Commission’s DMA website. The length is at least justified: Reflecting the fact a full eight of its products are designated as core platform services. For handy reference, we’ve rounded up links to the gatekeepers’ first batch of public-facing DMA compliance reports below. If you’re looking for an analytic overview of the DMA, its aims and early impacts, check out our earlier explainer.

“Unleashing Supercomputer Power: EU’s Plan to Boost AI Startup Training”

Gettyimages 578578380
The plan is for “centers of excellence” to be set up to support the development of dedicated AI algorithms that can run on the EU’s supercomputers, they added. AI startups are more likely to be accustomed to using dedicated compute hardware provided by US hyperscalers to train their models than tapping the processing power offered by supercomputers as a training resource. Using its supercomputing resources to fire up AI startups specifically has emerged as a more recent strategic priority after the EU president’s announcement of the compute access for AI model training program this fall. It’s still early days for the EU’s ‘supercompute for AI’ program so it’s unclear whether there’s much model training upside to report off of dedicated access as yet. But the early presence of Mistral in the EU’s supercomputing access program may suggest an alignment in the thinking.