The Milltown Tech Policy Conversation: January 2025
Digital policy shifts show the EU and UK both doubling down on platform regulation - albeit in different ways - while US political changes could threaten EU-US data transfer stability.
Image generated using DeepAI
Key updates
The UK and EU are both strengthening their approaches to platform regulation, but seemingly in different ways. The EU is integrating an updated, voluntary hate speech code into the Digital Services Act (DSA), as a way for platforms to demonstrate DSA compliance by mid-February. In contrast, the UK is taking a more direct regulatory approach through Ofcom's new age verification guidelines under the Online Safety Act. These guidelines mandate "highly effective" age checks for pornographic content by July, setting what could become a broader precedent for content access controls.
There is also some divergence in approaches to competition policy. The EU is maintaining a firm stance on digital market regulation, with the European Commission confirming continued strict enforcement of the Digital Markets Act (DMA). They're also considering expanding scope to cloud services and examining AI's role within core platform services, though any formal changes won't come before the May 2026 review. Meanwhile, the UK is signaling a potential shift in its competition approach with the replacement of the Competition and Markets Authority (CMA) chair with a former Amazon executive. This change, coupled with government pressure regarding economic growth, has raised concerns about the future strength of UK competition enforcement, despite assurances that the Digital Markets Unit will be protected from planned staff cuts.
Cross-border data flows are facing uncertainty with the EU-US Data Privacy Framework under pressure following the Trump administration's actions affecting the Privacy and Civil Liberties Oversight Board. While the framework remains valid, its long-term stability is uncertain.
Finally, the UK is trying to position itself as bullish on AI development with its new AI Opportunities Action Plan, featuring 50 recommendations and concrete delivery timelines for Spring 2025, including new supercomputing facilities and AI Growth Zones.
EU
EC and EBDS update Code of conduct on countering illegal hate speech under the DSA (link)
On 20 January 2025, the European Commission and the European Board for Digital Services (EBDS) welcomed the integration of the updated ‘Code of conduct on countering illegal hate speech online+’ into the framework of the Digital Services Act (DSA). The revised Code aims to strengthen how platforms handle content that European and national laws define as illegal hate speech, and facilitates compliance with and effective enforcement of the DSA.
EU-US data transfers under threat from Trump administration (link) (link)
The EU-US Data Privacy Framework, which allows EU businesses to use US cloud providers, faces challenges, as members of the Privacy and Civil Liberties Oversight Board (PCLOB) received letters from the Trump administration demanding their resignation, and resigned on 24 January 2025. The Framework isn't automatically overridden by Trump's actions and remains valid. It is up to the European Court of Justice to decide whether the Framework still ensures adequate data protection for transfers from Europe, once a case is brought before the Court.
EC talks about the future of the DMA and inclusion of Cloud and AI (link)
The European Commission has confirmed that it will continue to strictly enforce the Digital Markets Act (DMA), despite recent reports suggesting that the Commission was considering pausing ongoing investigations. An official has provided further explanation regarding the potential designation of cloud and AI under the DMA, saying if AI is used as part of one of the core platform services, then the DMA may apply (e.g. if generative AI is used to power results in a search engine).
UK
Government removes UK Competition and Markets Authority chair, replaced by former Amazon executive (link) (link)
Markus Bokkerink has stepped down as Chair of the Competition and Markets Authority (CMA), a role he’d occupied since 2022. He will be replaced by Doug Gurr on an interim basis. Gurr is currently the Director of the Natural History Museum and formerly the Country Manager of Amazon UK and President of Amazon China. Some business groups have welcomed Bokkerink’s departure, while other businesses - alongside antitrust lawyers and competition advocates - have expressed concern about a possible weakening of competition enforcement in the UK, especially as regards the UK’s new digital markets regime.
UK Department for Science, Innovation and Technology publishes AI Opportunities Action Plan (link)
The Department for Science, Innovation and Technology (DSIT) has published the AI Opportunities Action Plan. The report makes 50 recommendations to the Government to support the growth of the UK’s AI sector, drive adoption of AI across the economy to boost growth and improve products and services. Specific delivery timelines have been set, with key milestones in Spring 2025 including the construction of a new supercomputing facility, the creation of the first “AI Growth Zone” in Culham, and a commitment to setting out its wider approach to AI in the Industrial Strategy's Digital and Technologies Sector Plan.
UK safety regulator Ofcom sets out its industry guidance on highly effective age assurance under the Online Safety Act (link)
Ofcom has published its long-awaited guidance for industry setting out how sites will have to ensure “highly effective” age assurance under the Online Safety Act, particularly with regard to restricting access to pornographic content. All apps, sites and services that allow pornographic content will have until July 2025 to ensure that “highly effective” age assurance practices are in place. Ofcom expects services to take a proactive approach to compliance, and is opening an age assurance enforcement programme, focused primarily on services that display or publish their own pornographic content, to advise on new obligations.
It would be shocking if the possible changes in US tech policy give organisations a reason not to invest in trust and safety.