Blog post by Mary, Marjorie, Justin, Samuel and Naima

Figure A: Title page. Created using Canva

Caught in complexity: Why EU Fisheries Rules Fail in Practice

If you talk to operators, authorities, and other stakeholders in the fishing sector, you will hear the same complaints: the regulatory framework governing the Common Fisheries Policy (CFP) is too complex, too unclear, and too inconsistently applied. Until the rules are simplified and better supported through cooperation, operators will continue to experience too much administrative burden. If the rules aren’t followed, the CFP will not be enforced.

Figure B: Why EU Fisheries Fail in Practice. Created using Canva

That’s where the European Fisheries Control Agency (EFCA) comes in. Since 2005, it has been responsible for coordinating inspections and supporting CFP enforcement across the EU. Operators and NGOs view EFCA’s work, particularly training, surveillance, and information sharing, as valuable. Nevertheless, there are a number of interrelated? issues that currently hold back the effective and efficient enforcement of the CFP:

  • Regulatory Complexity: Operators consistently highlight the complexity of the framework itself. Attempts to simplify fisheries control, particularly through the 2009 reform, have not gone far enough. The system remains difficult to navigate, with many provisions still requiring clarification. Take the landing obligation in Article 15 of the basic CFP. It sounds straightforward, fish subject to catch limits must be retained, recorded and landed. However, the provision spans over ten paragraphs which contain various exceptions and cross references to other Union documents, such as multi-annual plans adopted by the Commission. This seemingly straightforward obligation is therefore entangled in a complex legislative network.
  • Lack of Clarity: In practice, rules are often vague, open to interpretation, and applied differently across Member States. At the same time, the standards are also difficult to implement because of their rigidity. Operators have identified the following standards as particularly problematic:
    • weighing practices,
    • tolerances,
    • transport,
    • prior notification, and
    • transmission deadlines
  • Administrative Burdens: This vagueness and amount of obligations imposes much administrative burden on the operators, which in turn decreases compliance. While recent changes to the frameworks reduced 28% of administrative burdens to the operators, it must be noted that new obligations have also been imposed. For example, operators must now keep an electronic logbook of all fishing operations. As many vessels conduct several (and up to 20) operations a day, this requirement will increase error risk.

Ultimately, these concerns reflect one underlying issue: the rules are too complicated and insufficiently clear. This lack of understanding leads to continuous high infringement rates at around 10.5% and ineffective protection of fisheries. EFCA, being tasked with the implementation of the CFP, should take additional actions to:

  • enhance cooperation,
  • exchanging information, and
  • clarify applicable standards

Casting a wide net: Hard or Soft Law?

Figure C: Expansion of EFCA Powers. Created using Canva

How then to ensure the right bait is employed to improve the coherence and effectiveness of EFCA’s enforcement? Two approaches may be considered, overhaul EFCA’s formal powers through hard law, and or tackle the problem within the existing legal framework through soft law solution.         

Reeling in more direct enforcement powers for EFCA would require a revision to the EFCA regulation to increase their mandate and powers. Formal expansion of operational powers does not lie entirely in uncharted waters, a similar development can be observed in other EU agencies such as Frontex. Much like EFCA, Frontex started out with merely planning and coordination powers but was granted its own executive staff, resources and decision making powers following the 2015 refugee crisis. Importantly, they gained both supervisory and intervention powers giving the agency direct control over enforcement by national authorities.

Expanding powers through hard law seems attractive from an EU perspective since it can remove national disparities. This can in turn improve uniformity and compliance across Member States. However, this approach may catch EFCA swimming upstream. Revision of regulations requires political consensus, which might prove problematic when the division of powers between the EU and the Member States hangs in the balance. Additionally, the EU legislature seems to want to rely on national enforcement networks for the simple reason that powers are accompanied by resources which could put stress on the Union Budget. Of course, simplification of the CFP would also require such legislative reform which may again prove difficult in light of the attached procedures.

Alternatively, soft law instruments are not legally binding nor enforceable and are often written off as ineffective. However, the value of such instruments in the case of EFCA cannot be understated. After all, deterrence through sanctioning is not the only fish in the sea when it comes to compliance. In fact, pursuing enforcement based on positive support may better reflect the current reality regarding the CFP’s enforcement.

National authorities are struggling due to the technical nature of the enforceable norms. If the issue does not lie in opposition to the rules but rather inability to comply, direct enforcement would not incentivise national authorities to comply any more than a fish would be incentivised to bite a hook it cannot reach. Use of soft law must be navigated cautiously, overproduction of norms may cause more complexity than clarity. Nevertheless, as demonstrated below, when emphasis is put on clarification of norms to complement the CFP, EFCA may yet be able to provide operational guidance and improve accessibility through soft law instruments.

Fishing for answers: The ‘AI Act Service Desk’ and ‘Solvit’

AI Act Service Desk

One way to improve accessibility and operational guidance is to create an easy to use mechanism that increases the understanding people have of what their obligations are under the law. This can be done in a number of ways, but it is interesting to see how this issue is already tackled in other areas. For example, the AI Act is another law that is plagued by a large number of complicated rules that could negatively impact effective and consistent application. To increase effective implementation of the AI Act, mechanisms were created to provide information to those who encounter the AI Act in their work and lives. Even though the AI Act and the CFP are not completely similar, looking at how the issue is tackled in this area of EU law is a good source of inspiration.

The AI Act Service Desk was designed to aid stakeholders in navigating EU law requirements on AI. This provides the stakeholders with more legal certainty as to whether they are following the laws, which would ultimately benefit the AI market in the Union. Here, individuals and organizations can ask questions about the rules to experts in the field and get further assistance on their issues. Another part of this Service Desk is the Single Information Platform, which provides online interactive tools to understand the AI Act. For example, the AI Act Explorer allows people to intuitively search for information in the Act that is most important for them, and the Compliance Checker provides a way for people to check whether their AI system is in compliance with the rules in the Act.

Additionally, the Apply AI Alliance forum was created as a space for stakeholders and the Commission to share news, opinions, knowledge and recommendations. This so-called ‘Community Exchange Platform’ is open to everyone and provides a good opportunity for those working in the sector as well as lay-persons to learn about AI and the AI Act. This platform is more focused on innovations in the field of AI rather than on the AI Act itself. However, the idea of an exchange platform where experiences can be shared between those having experience with the legislation is a useful tool to educate people.

Overall, these AI mechanisms provide examples of ways in which people can interact with the EU rules to understand how they work in an easy and user-friendly way. One potential issue with such tools, however, is how to obtain the necessary funding and resources to create and maintain them. All of the examples provided above are managed by the Commission. It remains to be seen whether EFCA can manage to recreate its own tools within their funding or whether the Commission needs to lend a helping hand in this respect. Nonetheless, the tools do provide good examples on which EFCA can build its own framework to help people navigate the vast sea of legislation that is the CFP.

 

Figure D: AI Office Tools as Model for EFCA Framework Development. Created using Canva

Solvit

Another way through which compliance can be reached is the European Administrative Networks (EAN). One of these EANs is Solvit, an informal non-binding mechanism which handles misapplication of EU law by public authorities in cross-border movement. Solvit is a network of centres staffed by civil servants in every EU Member State, Norway, Liechtenstein, and Iceland. Its general objective is to deliver fast, effective and informal solutions to cross-border problems for citizens and businesses free of charge. This makes it an early problem-solving tool offering an alternative to Courts by bringing about changes in national administrations through exerting peer pressure to ensure compliance. At the same time, it prevents the delegation of national responsibility to supranational organisations.

Its main strength is that it is user-centric, pragmatic, and has an informal approach. Solvit has two faces: the first being a formal problem-solving network and the second being an informal network of member states engaging in discussion on the application of EU law. This shows a ‘network spirit’ where civil servants discuss matters beyond the cases and therefore become better equipped to make for an important government tool promoting compliance with the internal market. Solvit is also a strong source of information when it comes to the workings of the Single Market. This is because it also detects and monitors systemic issues in the Single Market due to these being flagged through complaints.

The power of such an EAN lies in the fact that it is a tool to close the gap between EU legislation and national implementation. By providing a middle-ground for networking interactions with a focus on joint problem solving, citizens and businesses are better equipped to use their rights and national administrations are better equipped to comply.

The enforcement of CFP could be heavily improved by this network approach. Just like a school of fishes swimming together for protection, this networking approach of best practices may fend off the non-compliant sharks in the water. This balance of having an informal network of Member States makes enforcement a less individualised matter, but benefits the whole. Not only through enforcement by itself, but through being an information system too. 

In summary, a similar approach as Solvit, would allow citizens and businesses to gain more access to information and allow for increased agency in order to comply with the CFP. An EAN that translates the CFP could close the gap between the legislation and its implementation. Essentially making for smooth sailing in the often choppy waters of enforcement of the CFP and anchoring Member States to cooperative problem-solving and shared responsibility. 

Reeling in the solution: Solving  EFCA’s inaccessibility

The current deficiencies with EFCA’s enforcement of the CFP can be largely attributed to its inaccessibility, particularly the disconnection between the provisions and those fishermen and operators who must carry them out. This is not particularly surprising – one look at the agency’s webpage will reveal that it is almost as complex to navigate as the Regulation setting out EFCA’s tasks and competences. The online page contains little information on the agency beyond its general mission and current activities, causing those working in the field who seek clarity on the implementation of certain provisions to feel like fish out of the water.

With this in mind, the following soft-law solution can be brought forward to remedy the agency’s inaccessibility. In light of the widely successful EU initiatives of ‘Solvit’ and the ‘AI Service Desk’, the EFCA could adopt some of these ideas and introduce a direct line of contact with legal experts through its webpage. Much like ‘Solvit’, the EFCA website should include an ‘Ask the Experts’ tab where those knowledgeable on how the implementation of the CFP works in practice can answer those who are less experienced in real time.

Figure E: ‘Ask the Experts’ framework. Created using Canva

One might reasonably wonder why this should be an EU matter. At first glance, it might seem that the EU has bigger fish to fry. Why should the EU offer a solution to what seems like a national implementation problem? The answer is simple – EFCA comprises almost 2000 Union inspectors and 3000 trained officials coming from all 27 Member States. As such, it contains a wider circle of experts than any national fisheries agency. An EU-wide ‘Ask the Experts’ line would therefore create a wide and diverse network of specialists in the field who can provide up-to-date information to any fisheries professional within the Union.

The bottom line is that, as proven by past EU-driven initiatives, the best way to ensure compliance with the agency’s complex rules is to bring these laws closer to the very people who are expected to implement them. By bringing industrial operators and fishermen into direct contact with legal experts who can easily answer their questions, EFCA will streamline the current national and individual compliance of the CFP. In doing so, the agency will strengthen the professional development of these individuals, ensuring the long-term sustainability of our waters and echoing the familiar proverb that “if you give a man a fish, you feed him for a day; if you teach him how to fish, you feed him (and our fisheries) for a lifetime.”

Accountability in EU pharmaceutical enforcement: the problem of many hands

By Oliwia, Kaloyan and Carolin

The problem and regulatory framework

Pharmacovigilance produces near-constant scrutiny of medicines on the EU market. Yet in the years since the EU gave itself the power to fine companies for pharmacovigilance failures, that power has been formally triggered once, and no fine has followed.

The EU monitors the safety of authorised medicines continuously. Companies must track and report adverse events, national authorities inspect their systems, and the European Medicines Agency (EMA) assesses the safety of centrally authorised products on an ongoing basis. Set against that volume of routine oversight, one figure stands out: since Regulation (EC) No 658/2007, the Penalties Regulation, empowered the EU to impose financial penalties for such failures, it has produced a single infringement procedure, and that procedure closed without a fine.

Why so much monitoring but so little penalising? Part of the answer is that enforcement power is divided. A national authority may detect a problem, the EMA investigates it, but the decision on penalties is taken elsewhere, by the European Commission. When responsibility for an outcome is split this way, it can become unclear who is answerable for the result.

This post uses two distinct ideas to explain that. The first is responsibility in Dennis Thompson’s sense: ownership of an outcome, that is, whose conduct produced it. The second is accountability in Mark Bovens’s sense: the obligation of an actor to explain and justify its conduct to a forum that can question it and pass judgement. The argument is that when many hands produce an enforcement outcome, responsibility for the overall result becomes diffuse, and no forum is positioned to hold that overall result to account.

The framework itself is extensive. Directive 2001/83/EC sets out the general rules for medicinal products. For authorised medicines distributed within the EU, Regulation (EC) No 726/2004 establishes the EMA’s role and powers. The Clinical Trials Regulation and the EU’s pharmacovigilance rules add further safety and monitoring obligations. What determines whether these rules matter in practice is how they are applied.

Pharmacovigilance rules  –  the legal requirements and guidelines ensuring that medicines are monitored for safety, so that their benefits continue to outweigh their risks.

 

In practice, enforcement is divided between actors, each with a defined role:

The EMA is central to supervision and investigation, but it cannot impose fines. Although penalties can reach 5% of a company’s EU turnover for certain infringements, the power to impose them rests with the Commission. This leaves a gap between investigating a breach and deciding what follows from it. When enforcement is shared across institutions, establishing accountability becomes harder.

Comparative perspective

Other EU agencies are built differently. The European Securities and Markets Authority (ESMA) and the European Central Bank (ECB) can investigate breaches and impose penalties directly. ESMA can supervise specific market actors and adopt binding decisions, including financial penalties, without depending on another institution; the ECB supervises banks and sanctions breaches of EU banking rules. In those models, the body that builds the case also owns the outcome. The EMA model separates the two.

How Enforcement Works in Practice

One procedure, nineteen medicines, no fine

The first and, to date, the only infringement procedure opened under the Penalties Regulation tells us less about wrongdoing than about how the system divides authority.

 

80 000+

REPORTS LEFT UNASSESSED

 

~5 years

FROM OPENING TO CLOSURE

 

€0

PENALTY IMPOSED

How it began

In 2012, a routine pharmacovigilance inspection by the UK’s MHRA, part of a coordinated European inspection programme, identified serious shortcomings in Roche’s pharmacovigilance system. Around 80,000 reports collected through a Roche-sponsored patient support programme in the United States had not been evaluated to determine whether they should have been reported to EU authorities as suspected adverse reactions. These included 15,161 reports of patient death. Whether the deaths had any causal link to the medicines was not known; under EU law the reports nonetheless had to be assessed, and they had not been.

The findings were referred to the European Commission, which asked the EMA to open a formal infringement procedure under the Penalties Regulation.

The procedure, step-by-step

2012

MHRA inspection identifies shortcomings. Some 80,000 unassessed reports found in Roche’s pharmacovigilance system. At the Commission’s request, the EMA opens an infringement procedure on 23 October 2012 under the Penalties Regulation.

2013

EMA finalises its benefit-risk safety review. No new safety concerns identified across the medicines concerned; this review is separate from, and without prejudice to, the infringement procedure. (EMA, 19 Nov 2013)

2014-2016

EMA builds the infringement case. Its initial report is finalised in April 2014 and passed to the Commission; the file returns to the EMA in 2015 for further inquiry; the EMA sends its final report to the Commission on 1 July 2016. The procedure concerns 19 centrally authorised products.

Dec 2017

Commission closes the procedure. Satisfied with Roche’s remedial actions, the Commission decides not to issue a statement of objections and closes the case. No fine is imposed. (Commission statement, 15 Dec 2017)

 

Who did what?

 

 

MHRA

identified the problem

Commission

asked EMA to act

EMA

investigated  

 

Commission

decided the outcome

 

How to read the outcome

Enforcement did happen. Roche implemented remedial measures, the EMA produced a detailed record of the failures, and the safety review found no impact on the benefit-risk balance of the medicines. Closing a case once a company has remediated is a recognised regulatory approach. In EU competition law, the Commission can resolve non-cartel cases through a commitments procedure without imposing a penalty. On this reading, enforcement here corrected behaviour rather than punishing it.

But the division of roles has a cost for visibility. The institution that built the case had no formal say in how it ended. The Commission, which decided, published only a brief statement of its reasons, namely that it was satisfied with Roche’s remedial actions, rather than a detailed, reasoned account of why remediation was preferred to a penalty.

KEY OBSERVATION

The EMA carries the investigative burden; the Commission carries the decisional authority. The framework does not clearly require either institution to explain publicly how investigative findings translate into the final decision.

 

This design is deliberate. Under Regulation 658/2007, the EMA initiates and conducts the inquiry while the Commission takes the final decision. What the Roche case shows is not merely how one procedure unfolded, but how decisional power is distributed, and how that distribution affects whether responsibility for the outcome is visible.

What are the sanctions for?

Whether the absence of a fine is a problem depends on what a penalty is supposed to do. If its role were purely restorative (to repair an undesirable situation), then the outcome looks adequate: Roche overhauled its reporting systems, the outstanding reports were assessed, and the safety review found no effect on the benefit-risk balance of the medicines. The system was, in that narrow sense, repaired.

The harder questions concern the other functions. A penalty also has a deterrent and preventive role, signalling to every marketing authorisation holder that failing to assess tens of thousands of safety reports carries a real cost, and an expressive one, marking publicly that an obligation central to patient safety was breached. Remediation after the fact does little for either. This is why the accountability concern here does not depend on the claim that Roche deserved a fine. The concern is that a discretionary choice with system-wide signalling effects was made without a reasoned public justification. The problem is the unexplained exercise of discretion, not the absence of a penalty as such.

Who is responsible?

The Roche case exposes a recurring difficulty: when several institutions each follow their own rules correctly, yet the overall outcome is still open to question, it becomes unclear who bears responsibility for that outcome. This is the “problem of many hands.”

Dennis Thompson named the difficulty that arises wherever a task is divided among many actors:

“Because many different officials contribute in many ways to decisions and policies of government, it is difficult even in principle to identify who is morally responsible for political outcomes.” 

Dennis Thompson (1980), p.905
Fig. 1 – The “hot potato” of responsibility diffusion (based on Dennis Thompson (1980); created with Canva by Carolin).

Many hands, or many eyes?

A reader might object that this is really a case of the “problem of many eyes” rather than many hands. Bovens draws both, and the distinction is worth stating precisely. Many hands describes the actor side: a forum faces several potential actors and cannot easily determine who contributed what, or who can be called to account. Many eyes describes the forum side: a single actor answers to many forums at once, each applying its own criteria. Many eyes is a problem of forum surplus (Bovens, “Public Accountability,” 2007, 182–208).

On the many-eyes reading, the accountable actor is Roche, facing a divided set of overseers: the MHRA, national authorities, the EMA and the Commission. That reading is coherent, but it answers a different question from the one this post asks. The concern here is not how Roche answers to its overseers; it is who owns the enforcement outcome, that is, the decision to close the case without a penalty or a reasoned justification. On that question the case fits the many-hands pattern: the MHRA, the EMA and the Commission each acted within their powers, yet responsibility for the combined result is not clearly attributable to any of them.

And it comes with a twist. Many eyes is a problem of too many forums; the difficulty here is the opposite. There is no forum at which the overall enforcement outcome must be justified. The case sits between the two: many hands on the actor side, and a forum gap, rather than a forum surplus, on the accountability side.

Applying this to EU pharmaceutical enforcement

In the Roche case, the EMA, the Commission and the MHRA each performed their role within their legal powers, and enforcement did take place: the failures were identified, investigated and remedied. But because the steps are carried out by different actors, no single institution oversees the process end to end. When the procedure closed without a fine and without a detailed public justification, it became difficult to identify who was responsible for that outcome. This is not the failure of any one institution but a feature of the system: responsibility is diffused across the stages of enforcement rather than attributable to a single actor.

Where responsibility sits, and where it does not

Political oversight does not generally focus on individual enforcement decisions, and where no formal sanction is imposed, judicial review may be unavailable, raising a concern under Article 47 of the Charter of Fundamental Rights, which guarantees the right to an effective remedy.

Accountability and design

On Bovens’s account, accountability is a relationship between an actor and a forum: the actor must explain and justify its conduct, the forum can question it and pass judgement, and the actor may face consequences. In the Roche procedure, there is no point at which the overall enforcement outcome must be justified in this way. Individual steps can be reviewed, but the combined result is not clearly subject to any single accountability forum. Accountability is missing precisely where responsibility is hardest to locate, which is how diffused responsibility (many hands) becomes an accountability gap.

Fig. 2 – The missing accountability forum (author’s own illustration, inspired by Mark Bovens’s accountability framework; created with Figma AI by Carolin).

Unlike the EMA, ESMA and the ECB can investigate and sanction directly, so the institution that builds the case also owns the outcome.

The issue, then, is not that enforcement is absent but that responsibility for it is not clearly visible. Addressing this need not mean redesigning the system. Granting the EMA limited sanctioning powers, on the ESMA model, would close the gap between investigation and outcome. Requiring the Commission to publish reasoned decisions when it closes such cases would make the exercise of its discretion visible to Parliament, courts and the public. As enforcement increasingly runs through shared structures, making responsibility visible is a precondition for accountability to function at all.

Fig. 3 – The problem of many hands: how responsibility becomes difficult to identify in EU enforcement (created with Figma AI by Carolin).

The European Defence Agency: All Vision, No Bite?  

Europe is spending more on defence than ever, but rising budgets have not been matched by greater coordination. This blog post explores the economic rationale behind the EDA, its historical development, and how its role may need to evolve in today’s shifting geopolitical landscape.

By Martin, Alexandra, Gillis and Julia
Visualisation: Author

While defence is and has always been a national responsibility of each European Union (EU) Member State, defence coordination and efficiency is now more important than ever. The European Defence Agency (EDA) was founded in 2004 to promote defence collaboration in the EU and to support integration within the EU’s Common Security and Defence Policy (CSDP) between Member States. Although defence spending has gone up in Member States, the collaborative procurement benchmark has consistently gone unmet, not because the EDA has failed as such, but because Member States have not made sufficient use of it for their joint procurement. The Agency can facilitate cooperation; it cannot compel it. This is why it has often been criticised for lacking teeth.

This blog post will therefore explore the economic reasoning of collaborative procurement behind the EDA and its historical development, after which the current geopolitical context will be analysed and how the EDA could and should react to this. This blog post argues that the EDA could be redesigned, by implementing several reforms and aligning its tasks with the current geopolitical context.

Spending More, Wasting Less

Europe is arming up. The EU’s 27 Member States spent €343 billion on defence in 2024 alone. But more money does not automatically buy more security. Part of the challenge is efficiency: turning each euro into more real military capability. Yet efficiency is only one side of the picture. European security depends at least as much on whether Member States are politically willing to use the capabilities they hold, as the response to Russia’s war in Ukraine has made clear. Even the best-equipped forces add little to collective security without the shared political will to deploy them. The EDA can help make spending more efficient, but it cannot manufacture that political will, which remains firmly with the Member States.

Source: EDA Data

Efficiency can be achieved through quicker procurement, fewer duplicated national projects, and forces that can work together when it matters. That is the core economic argument for European defence cooperation. If Member States keep spending, buying, and developing in parallel, a great deal of that money risks being lost to fragmentation and inefficiency instead of being turned into usable collective strength.

At its core, the idea is straightforward, cooperation can help Member States to get more value from every Euro they spend. Defence equipment is extremely costly to research, produce, maintain, and upgrade. When each State follows its own path, defence orders stay small, due to limited national demand and technical standards that differ. Furthermore, national forces may end up utilizing systems that do not work well together within cross-border integrated forces. Economists describe this as a problem of fragmentation and the loss of economies of scale. In simple terms, the Member States individually, without coordinating their efforts, can end up paying more for less.

Source: AI-generated image created by the author using ChatGPT (OpenAI), April 2026.

Defence can also be described as a special market. Governments do not buy ammunition, tanks or missile systems the way consumers buy groceries, phones or cars. National security concerns, political sensitivities, and domestic industrial interests often keep procurement focused and protected within national borders. This makes coordination harder, but also more necessary. The more procurement remains nationally fragmented, the greater the risk of duplication, incompatibility, and inefficient spending. The European Commission has repeatedly argued that a more integrated European defence market would support larger-scale production, stronger innovation, and more efficient procurement outcomes across borders.

Seen from this perspective, the economic rationale behind the EDA is not simply about “more Europe”. It is about reducing costs, overcoming coordination problems, and helping Member States turn rising defence budgets into stronger, more compatible, and more efficient capabilities.

The European Defence Agency

The EDA was established in 2004, at a time when European governments were becoming increasingly aware of a growing contradiction in their defence policies. On the one hand, security challenges were becoming more complex and often required collective responses. On the other hand, defence remained highly fragmented, with each Member State planning, spending, and procuring largely on its own.

This fragmentation was not a new problem, but it became more visible in the early 2000s. The EU’s experience in the Balkans during the 1990s exposed limitations in Europe’s ability to act cohesively in crisis situations. At the same time, global developments such as the September 11 attacks reinforced the need for more coordinated approaches to security and defence. European countries were also facing increasing pressure to do more with limited resources, while still maintaining a wide range of national military capabilities.

In light of these developments, the EDA was established to help address a key question: how can European countries cooperate more effectively in defence without giving up control over their own armed forces?

The Agency’s original legal basis was set out in a 2004 Joint Action under the EU’s Common Foreign and Security Policy. Its role was later formalised in the Treaty of Lisbon, where Article 45 of the Treaty on European Union defines its main tasks. These include identifying capability gaps, encouraging cooperation between Member States, supporting defence research and industry, and evaluating whether agreed commitments are being followed. Its current structure and functioning are further detailed in Council Decision (CFSP) 2015/1835.

Notably, the EDA was not designed as a powerful central authority. Instead, it was conceived as a facilitator, an institution that could bring Member States together, provide expertise, and promote cooperation, without overriding national sovereignty. In other words, it reflects a broader EU approach to defence: improving coordination rather than centralising control.

Academic observations highlight this balancing act. Some scholars argue that the EDA represents a pragmatic solution, allowing states to work more closely together while keeping ultimate authority at the national level. Others point out that this same design also limits its impact, as cooperation ultimately depends on whether Member States choose to follow through on shared priorities.

In this context, the creation of the EDA was less about transforming European defence overnight, and more about managing an existing tension: the need for collective action in a policy area that remains deeply tied to national sovereignty. This tension continues to shape both the Agency’s role and its limitations today.

A New Geopolitical Era

After Russia’s invasion of Ukraine, which led to ammunition shortages in the Ukraine and the EU, supply-chain pressure and wider uncertainty about European security, Member States have faced pressure to procure their military goods as quickly and efficiently as possible. The last years have however shown that this increase in urgency has not led to increased cooperation and that Member States still often value their sovereignty more than collectively procuring military goods. This may lead to duplication and over-reliance on non-EU suppliers.

This is also shown by the EDA’s collaborative procurement benchmark, set since 2007. As mentioned previously in this blog post, this benchmark has never been met. While the EU has estimated that the total EU defence expenditure has reached €381 billion in 2025, this increased spending has not been accompanied by a proportional increase in joint procurement among Member States.

An example of this is the French and German Future Combat Air System (FCAS), EU’s next generation fighter jet program, which aimed to improve the EU’s strategic autonomy and increase cooperation. While this could have been a great way to enlarge collaborative procurement among Member States, the FCAS has been described as potentially collapsed after Germany chose to purchase United States’ F-35 combat aircrafts instead of developing and procuring these via the FCAS-program.

The European Defence Agency 2.0

As described above, the geopolitical context in which the EDA operates has changed significantly since its establishment in 2004. Defence procurement has grown and become more urgent, but not necessarily more coordinated. While the industry grows, the economic inefficiencies, as described in section I, remain. This is where the redesigned role of the EDA comes in. By increasing coordination along the procurement chain, the EDA can address inefficiencies. Putting this into practice, requires structural rethinking the role of the EDA.

Any case for a stronger EDA has to be made against the institutional reality that the most supranational role in European defence is currently played not by the EDA but by the Commission. It is a question this section returns to below.

According to André Denk, EDA’s chief executive, the desire from Member States to do more on defence at EU level in line with the EU’s Defence Readiness 2030 programme, has increased. Denk introduced the redesigned role of the EDA in response to this call from Member States and the current turbulent geopolitical times. While the EDA’s traditional role remains, in essence, to coordinate rather than to centralise control, the amount of Member States in favour of expansion of the EDA’s mandate is rising. Denk called on Member States to: “use us to take forward the projects that one member state cannot.”

This call for a redesign of the EDA was also supported by former Estonian Prime Minister and current High Representative of the Union for Foreign Affairs and Security Policy, Kaja Kallas. Kallas made a statement on the inefficiencies in EU defence procurement. She spoke about the lack of complementary procurement, the focus on national interest, and persisting fragmentation. Kallas concluded that the EDA needs to lead, not just facilitate, thereby expressing her vision for a stronger EDA.

Source: European Defence Agency

Coming back to the EDA’s core tasks, these were designed as open norms. The redesign therefore does not change the Agency’s architecture so much as the use Member States are prepared to make of it. As defence ministers increasingly speak with a sense of urgency, the space for the EDA to coordinate widens accordingly. In other words, a revised role for the EDA does not require a new agency; it requires Member States to make fuller use of the one they already have.

Two caveats follow from this. First, this is a willingness to procure together, which is not the same as a willingness to act together: even a Europe that buys efficiently and fields interoperable forces contributes little to its own security if Member States are unwilling to deploy what they own, as the halting response to Russia’s war in Ukraine has shown. A stronger EDA can close a capability gap; it cannot close a resolve gap. Second, the EDA is not the only candidate for that coordinating role.

The EDA proposed five revised lines of action:

  1. Scaling up research;
  2. Consolidating EDA’s central capability role;
  3. Support joint procurement;
  4. Secure resources;
  5. Leveraging existing partnerships.

Apart from increasing budgets for already existing competences, the EDA’s goal is to take a more prominent role in the supply chain. In practice, this results in the EDA to target shared requirements for joint acquisition before contracts are put to market. This strategy can improve efficiency in concrete ways. When demand is aggregated earlier and common requirements are established at the EU level, Member States can benefit from larger production runs, reduced unit costs, and greater leverage with suppliers. Furthermore, existing partnerships with, for example, Ukraine, Turkey and Canada are to be strengthened under the EDA procurement framework. This redesigned EDA is stepping beyond pure facilitation and increasingly towards centralisation, answering the Member States’ calls.

Important to note is that the EDA operates within fixed structural limits. It does not control national defence budgets, cannot compel Member States to procure jointly, and works alongside existing frameworks such as NATO. Any case for a stronger EDA must also be placed in its wider institutional setting. In recent years, the most visibly supranational role in European defence has been played not by the EDA but by the European Commission. The Commission has increasingly shaped defence policy through funding and joint procurement instruments, from the European Defence Fund to more recent readiness and common procurement initiatives, despite the Treaties providing no defence specific legal basis for the Commission to do so. As Meershoek has shown, this expansion has been built largely on internal market and industrial policy competences rather than on any defence mandate proper, which makes the Commission’s authority in this field real but legally awkward. A more powerful EDA would therefore not be filling an empty space; it would have to be positioned alongside the Commission, raising a genuine question of institutional balance. Either way, the shift towards a modern, strategic EDA 2.0 depends not on institutional reform alone but on genuine political willingness among Member States to use the EDA for the projects that no single country can advance on its own and on clarifying how its mandate fits with the role the Commission has already assumed.

Coordination Is No Longer Enough

The EDA exists to help EU Member States coordinate and work together more effectively in defence: the idea is simply that cooperation can help countries avoid duplication and waste, save money, and build capabilities that work better together. But the EDA was never given strong powers of its own: it was designed to support and coordinate, not to force Member States to act. As this blog post has argued, the collaborative procurement benchmark has gone unmet not because the Agency has failed, but because Member States have not chosen to use it, and that has become harder to defend as spending rises fast while joint procurement remains limited. A stronger, more strategic EDA could help close this gap. Efficiency is not the same as security: even a well-funded, well-coordinated Europe adds little to its own defence if Member States lack the political will to use their capabilities when it counts. The EDA is not the only supranational actor in this space, the European Commission has increasingly driven European defence policy, so the real question is one of institutional balance rather than a simple case for a bigger EDA. A stronger EDA is therefore worth pursuing, but only if it is matched by genuine political will among Member States and by clarity about how its role fits alongside the Commission’s.

Following in AMLA’s footsteps: is direct enforcement the way to go for wandering ENISA?

By Arailym, Patrick and Sondra

The road to what might be called regulatory maturity is often a long one. In EU cybersecurity regulation, a culture of vertical and horizontal collaboration is optimistic but seemingly ineffective. It likely leaves the European Union Agency for Cybersecurity (ENISA) feeling somewhat envious of the centralised enforcement powers recently vested in the Anti-Money Laundering Authority (AMLA). How feasible would it be for ENISA to follow in AMLA’s footsteps? This blog post examines whether there is regulatory space, or even a solid legal basis for such an evolution. Due to the differing contexts of financial crime prevention and cybersecurity, the limits of an analogy between the trajectories of the two agencies will become clear.

What is ENISA?

ENISA – the European Union Agency for Cybersecurity, previously known as the European Network and Information Security Agency, was established in 2004 by Regulation No 460/2004. It was reformed by Regulation No 526/2013, which was later repealed by the Cybersecurity Act.

The Cybersecurity Act granted ENISA a permanent mandate along with increased responsibilities, transforming it from a “Cinderella” agency into a key cybersecurity entity in the EU. ENISA aims to achieve a high common level of cybersecurity across the Union. Its main tasks include:

  • Supporting EU legislation implementation and the development of EU-wide cybersecurity standards
  • Enhancing operational cooperation and coordination among Member States, Union institutions and private sector actors
  • Managing cybersecurity certification schemes to increase trust in information and communication technology (ICT)

                                   Photo credits: ENISA website

The Emergence of AMLA

The evolution of the EU’s anti-money laundering framework has seen notable advancements, starting from the initial anti-money laundering Directive (AMLD1) in 1990 to the latest updates with AMLD6, Anti-Money Laundering Regulation (AMLR), and Anti-Money Laundering Authority Regulation (AMLAR). This development signifies an expanding regulatory focus that originally targeted drug trafficking in the 1990s, evolving into a robust framework that addresses intricate financial crimes like cyber-enabled money laundering. A significant shift occurred with AMLD3, which embraced risk-based approaches for customer due diligence (CDD). The enactment of AMLD4 improved transparency by creating mandatory central registers for beneficial ownership information, a refinement further augmented by AMLD5 (2018), which required public accessibility. The recent introductions of AMLR, AMLAR, and AMLD6 establish centralised oversight while adapting to technological advancements by creating a unified supervisory body across the EU, effectively standardising anti-money laundering initiatives among member states and confronting new technological hurdles. This evolution exemplifies direct enforcement and is a new form of functional spillover that arises from internal pressure and functional necessity, rather than from external crises. This indicates that achieving the established policy goals necessitates the expansion and uniform application of EU law. Below, we delve into why and how direct enforcement is essential for ENISA to attain a high common level of cybersecurity throughout the EU.

Why should ENISA follow the same trajectory as AMLA?

The increasing frequency and sophistication of cyber threats pose significant risks to economic activities, public services, and citizens’ privacy. In recent years, the EU has implemented several legislation addressing cybersecurity, such as the Cybersecurity Act, NIS 2 Directive, Cyber Resilience Act, and Cyber Solidarity Act.

These legislations have expanded ENISA’s capacities, but they are insufficient for the EU’s ambition to enhance cybersecurity across the Union, as the success of EU cybersecurity policies relies on implementation by Member States. For example, the NIS 2 Directive has so far been transposed by only four Member States, prompting the European Commission to open infringement proceedings against 23 Member States. This presents a real risk of fragmentation across the EU, which hinders effective cybersecurity. From a functional spillover perspective, the increasing cybersecurity threats and divergent approaches among Member States suggest that ENISA’s role may need to evolve beyond its original advisory and coordinative function towards enforcement powers.

The situation facing ENISA mirrors AMLA’s earlier context – both agencies emerged in response to fragmented national practices and cross-border threats that require unified, robust responses. However, while AMLA was granted limited enforcement powers due to the ineffectiveness of the previous decentralised approach and the lack of cooperation among national AML/CFT supervisors, ENISA remains confined to coordination and advisory functions. To some extent, one could argue that ENISA’s case resembles AMLA, and granting ENISA enforcement powers would ensure compliance with EU cybersecurity standards and achieve a high common level of cybersecurity across the Union.

However, this might be an impossible mission or one that lies in the fairly distant future… Direct enforcement for the wandering ENISA faces a steep climb, blocked by the EU’s limited competences in security matters, an area still fiercely guarded by the Member States.

How this trajectory can be beneficial

As referred to above, the sole competence of Member States in matters of public and national security (recognised under Article 4(2) TEU) currently limits ENISA’s ability to gain direct enforcement powers; there is, however, precedent for derogation from the national security exemption, as can be observed in the Privacy International case (paragraph 44) in relation to the e-privacy Directive.

For now though, we must not jump ahead but instead envisage some preliminary steps that may take ENISA some distance down AMLA’s beaten path. A prerequisite of any centralisation is an unequivocal delineation of the agency’s role in a crowded regulatory environment. The elaboration of the EU cybersecurity landscape in recent years has led to a blurring of the lines between the competences of the entities involved, particularly with the emergence of several networks and centres at the EU level aiming to prepare for, respond to, or analyse cybersecurity threats and incidents. Although the notion of collaboration seems to be favoured in EU cybersecurity policy, the lack of exclusive specialisation on ENISA’s part would undermine any future enforcement remit for the agency. Thus, policymakers should pinpoint the tasks and responsibilities the execution of which would allow ENISA to contribute most optimally to the improvement of EU cybersecurity. This prioritisation of tasks would enable ENISA to enhance its operational efficiency, and ultimately its reputation, potentially paving the way for a transition to a more substantively empowered role.

 

 

ENISA

AMLA

Legal basis

Cybersecurity Act (2019) & NIS2 Directive

AML/CFT Regulation (2024) & AMLD6

Enforcement powers

No direct enforcement (supports national authorities)

Direct enforcement

(40+ high-risk financial entities (crypto, cross-border institutions))

Sector focus

All critical sectors (energy, health, transport, digital infra)

Financial sector priority, limited non-financial oversight

Enforcement tools

Technical enforcement i.e., cybersecurity certification, Vulnerability reporting; Operational Tools i.e., Cyber Exercise Platform for crisis simulations, CSIRT Network coordination; Compliance Leverage i.e., National strategy evaluation toolkit Biennial risk trend reports to EU institutions

Corrective measures i.e., operations restrictions, government structures; Financial sanction i.e., fines; Investigative powers.

Dispute resolution

Non-binding recommendations through Cooperation Group

Binding arbitration in cross-border supervisory conflicts

 

Still Relevant After 50 Years: A Reality Check for Cedefop

By Maria, Guilherme, Emilie and Chris

Source: https://www.cedefop.europa.eu/en

Still Relevant After 50 Years: A Reality Check for Cedefop

Cedefop turns 50!

Source: Pinterest

In a world where labour markets are evolving rapidly, driven by digital transitions, demographic shifts, and green ambitions, it is vital that EU education and skills development is set up for success. Marking its 50th anniversary in 2025, the European Centre for the Development of Vocational Training (Cedefop) has been a cornerstone of EU cooperation in education and skills development. Some critics might question the effectiveness of Cedefop, pointing to its lack of enforcement powers as a barrier to achieving its goals. But when one looks at these goals, the role of Cedefop remains relevant and important in achieving the mission to enhance cooperation and knowledge-sharing among Member States in the field of vocational education and training (VET).

Is ‘soft power’ enough to shape the future of work?

Cedefop’s mandate is broad, and it relies solely on soft powers to achieve this. The term ‘soft power’ usually describes an ability to influence others through shared values, consensus, and cooperation, rather than through legislation or formal authority.

Source: Cedefop website

In practice, Cedefop has focused on two main goals: enhancing transparency in qualifications and facilitating transferability of learning outcomes across Member States. These goals support freedom of movement for learners and workers, so that credentials in one country are understood and accepted in another. This naturally raises the question about whether Cedefop has effectively fulfilled these goals.

When outcomes are seen as beneficial, rather than being forced, there is generally less pushback from governments and other actors. For many EU countries, vocational education and training has a direct influence on efforts to reduce unemployment, especially for people who may lack skills relevant to changing labour markets.

Source: https://www.cedefop.europa.eu/en/tools/vet-toolkit-tackling-early-leaving/resources/vet-toolkit-upskilling-pathways/best-practices/role-vet-society

 

This figure shows the support from EU citizens to the statement: “Vocational education and training play an important role in reducing unemployment in your country”.

The skills puzzle: solving labour gaps through EU cooperation

Zooming into cooperation, there is still room for improvement. Cedefop’s effectiveness in VET partly depends on how closely it works with Member States, social partners, the European Commission, and the European Parliament. By gathering data and sharing knowledge, Cedefop encourages different national and EU-level actors to align strategies in addressing skills mismatches.

During the European Year of Skills 2023, particular emphasis was placed on upskilling and reskilling, lifelong learning, and fostering both innovation and competitiveness. These aims also support people and businesses in meeting green and digital objectives. Recognising the importance of collective efforts, and in celebrating 50 years of activity, Cedefop joined the  Eurofound, the European Agency for Safety and Health at Work (EU-OSHA), the European Training Foundation (ETF) and the European Labour Authority (ELA), in hosting a major event. This gathering highlighted how the five agencies contribute to enhancing skills development.

In discussions with the Parliament and Commission, Cedefop presented its latest report: Skills in transition – the way to 2035. The report’s key message was that Europe is facing urgent labour shortages, especially in science, technology, engineering, mathematics (STEM) and IT fields. Green and digital transitions are rapidly reshaping Europe’s labour market. To remain competitive and resilient, Europe needs well-targeted policy decisions and a fresh approach to skill-building.

Navigating duplication risks and collaborative leadership

Questions arise about overlapping responsibilities between EU agencies. Cedefop, Eurofound, and EU-OSHA share certain priorities, including improving working conditions and aligning skills with the needs of evolving economies. Nevertheless, Cedefop’s soft-power strategies continue to offer added value. It promotes collaboration by disseminating research, guiding Member States on reskilling, and working closely with other agencies to produce policy recommendations that address real-world challenges. Together, they act as “political entrepreneurs,” pushing Europe’s skills agenda forward.

Still, as Cedefop cannot compel countries to adopt its insights, progress depends on politicians and policymakers embracing them. This reality often leads to uneven outcomes; some countries quickly integrate Cedefop’s recommendations, while others may hold back. Another common concern is “duplication risk,” where different agencies might be seen as doing the same work. Cedefop’s defenders point out that each EU agency has a specific focus: Cedefop zeroes in on vocational training, Eurofound studies broader social and work conditions, and EU-OSHA looks at safety and health. Where their work converges, they aim to coordinate rather than compete.

Inconsistent Adoption of Cedefop’s Recommendations Across EU Member States

Cedefop has made recommendations for improving access to skills development and adult learning, particularly for marginalised groups. One approach Cedefop endorses is the use of financial assistance for vulnerable learners. However, the adoption of these recommendations has been far from uniform across EU Member States, with progress varying widely.

For example, Germany offers support through the National Skills Strategy for low-qualified adults who may otherwise struggle, and France has a similar program, Compte Personnel de Formation, allowing individuals, including those from disadvantaged backgrounds, to access training. Both initiatives align with Cedefop’s goals at making upskilling more accessible.

In contrast,  Bulgaria remains in the early stages of reforming their VET system. Although there are positive indications, reforming VET can take time as it often faces challenges like legislative changes and budgetary allocations which slow the pace of progress. Romania records one of the lowest levels of adult learning participation in the EU, raising concerns about whether people there can adapt to ongoing economic and technological changes.

These discrepancies highlight the need for a more consistent approach to improving skills development across Europe. However, they also indicate that responsibility does not rest with Cedefop. Given the number of EU citizens who agree that VET plays an important role in reducing unemployment, it should be clear there is incentive to work with Cedefop in improving VET.

Shaping the future

Cedefop’s impact is greatest when stakeholders recognise the tangible benefits and engage with Cedefop’s contributions to VET development. By continuing to promote advancements to VET systems, Cedefop reinforces its central role in building a competitive, forward-looking EU workforce. These efforts show that lacking enforcement powers does not necessarily limit an agency’s ability to make a difference.

Even if Cedefop’s goals remain aspirational, its contributions to policy debates and collaborative initiatives show that progress is possible despite the constraints of soft power. With half a century of experience rooted in research, collaboration, and policy, Cedefop remains committed to making VET and skills development accessible to everyone, always keeping a future-oriented perspective.

In the end, the lack of direct enforcement powers reflects the EU’s decision to preserve Member State sovereignty over education. As labour markets continue to evolve, vocational education will likewise transform, and a central EU-level body devoted to coordinating these changes seems likely to remain important. It is still an open question whether exclusive reliance on soft powers is the most effective long-term strategy for shaping vocational education, training, and skills policies, but the work of Cedefop over the past 50 years provides plenty of evidence that such an approach can achieve significant results.

www.wordsandquotes.com

 

 

Greenwashing in the EU: How to Spot It — and How Brussels Is Fighting Back

By Alexandra, Helena, Gennaro and Isabella

“Eco-friendly”.“Sustainable”.“Natural” These words are everywhere — on packaging, websites, and ad-campaigns. But are they always representing the truth? Being an environmentally friendly business is increasingly popular, but not every company does what it claims to do. In fact, many companies use misleading green claims, just to appear sustainable when in reality they are not. This act of pretending is what we call greenwashing. It threatens real progress on climate goals. In this post, we break down what greenwashing is, its impact, how to recognize it, and an example of how the EU is ‘fighting back’.

Source: United Nations

What is Greenwashing?

Greenwashing refers to the practice of misleading consumers about the environmental practices of a company or the environmental benefits of a product or service. This can involve false claims, exaggerations, vague language, selective disclosure, and even visual manipulation like overusing green colors or nature imagery.

It is a practice of making misleading and false claims, convincing the public to think that the company is contributing to the protection and preservation of the environment.

But it’s not just about outright lies — it can also involve greenhushing, or the omission of relevant environmental harms while promoting minor or unrelated “green” efforts.

“In 2021, 42% of the online claims from various businesses were exaggerated, false or deceptive” according to a screening conducted by the European Union and National Consumer Authorities.

Greenwashing can take many different forms, but it usually happens when a company seeks to promote its products or services. Businesses use misleading labels, or unclear language, such as calling their product “eco-friendly” without explaining what it actually means. Some produce false data to improve their image, or selectively highlight one “green” effort to look good, while hiding their other practices that are harmful to the environment. Others rely on misleading visuals and graphics, such as using pictures of nature or overusing the color green.

Our Role in the Green Fight: A practical Guide

Source: The Choice

So how can you, as a consumer, spot greenwashing? Here is a breakdown of some tips that may be useful:

1. Start by checking for reliable third-party certifications, such as the EU Ecolabel. Be cautious of fake or self-invented eco-labels, which companies may use to simulate credibility. For example, in the “Six Sins of Greenwashing” report TerraChoice, 2007 highlights common deceptive tactics, including “the sin of the imaginary friend”, using fake third-party endorsements.

2. Be cautious of vague and unclear terminology

Terms like “eco-friendly” or “green” without clear explanations or evidence might signal greenwashing. Genuine sustainable brands usually specify exactly why and how their products or services are environmentally friendly.

3. Look beyond attractive slogans and carefully evaluate transparency

Real sustainability means companies provide thorough and detailed information about their overall environmental impact—not just selectively highlighting one minor positive action. Furthermore, truly sustainable businesses back up their environmental claims with solid evidence and detailed reports. Information about emissions or resource usage should be easily accessible and clearly documented. But this isn’t mandatory yet. Full supply chain disclosure is not required until the Corporate Sustainability Due Diligence Directive (CSDDD) comes into force. Finally, remember that visuals can also be deceptive. Overusing green colors or nature-themed imagery might make products appear more sustainable than they actually are. Such tactics are common strategies used to distract consumers from examining the company’s true environmental impact.

Moreover, consumers often lack the climate literacy needed to interpret sustainability reports, even when made available. A recent study shows that more information doesn’t necessarily lead to better understanding or choices.

Still, the abovementioned three quick steps have been summarized below: 

When Green Turns Grey: How Greenwashing Harms the EU

The consequences of greenwashing are felt at every level—from individual consumers to the broader European economy and regulatory frameworks.

Source: U4 Anti-Corruption Resource Centre

Environmental Consequences

Greenwashing has severe environmental consequences, undermining the progress towards the European Green Deal and the Paris Agreement goals to transition to a low carbon economy. It diverts attention and resources from genuinely sustainable initiatives, as consumers become disillusioned and may allow companies to prosper by pretending that they’re green—without doing the work.

Consumer Deception

Greenwashing not only impacts the environment—it also misleads consumers. When companies falsely claim to be “green” or “eco-friendly,” it becomes more challenging for people to distinguish which products or brands are truly sustainable. As a result, the meaning of these terms becomes weaker and more confusing. Additionally, when consumers realise that despite their efforts, they were misled by a company it also erodes their trust. They may feel discouraged, frustrated, skeptical or even stop trying to make environmentally responsible choices which may halt meaningful change.

Distorts Financial Markets

Greenwashing isn’t just bad PR—it’s bad for markets. Investors may want their money to align with their environmental values. But when companies falsely market their goods or operations as “green”, trust disappears. This creates uncertainty, discourages sustainable investing, and destabilizes financial markets. As a result, capital may flow to undeserving companies, while those that are truly working towards sustainability struggle to compete. In the long run, this risks destabilising efforts to fund the green transition – an effort that relies not only on central banks, but also on public investment, private capital markets, and citizen engagement. According to European Commission estimates, achieving the EU’s 2030 climate and energy targets will require additional annual investments of approximately €620 billion, mobilised through a combination of national budgets, EU funding instruments (such as InvestEU and the Innovation Fund), and private financing.

From Claims to Consequences: The EU’s Legal Response to Greenwashing

Source: Didier Reynders, and Virginijus Sinkevicius, European Commissioners, on measures against misleading environmental claims and on the right to repair. [European Union, 2023 Copyright Source: EC – Audiovisual Service]

Among the many legislative instruments adopted by the EU in the context of the “Green deal”, one of the most recent is the Greenwashing Directive which amends the Unfair Commercial Practice Directive (UCPD) and is central for consumers. It introduces specific rules on companies’ sustainability claims, with the aim to contribute to the EU’s green transition by empowering consumers to make informed purchases using reliable sustainability information about products and traders.  The Directive includes a list of claims that are in any event considered “unfair” and prohibited, such as the use of “sustainability” labels that are not based on an independent, third-party certification scheme. This Directive is a noteworthy advancement as it will have a significant impact on how companies communicate their environmental efforts, thereby increasing safeguards for consumers.

However, even more ambitious is the Green Claims Directive which goes a step further by introducing detailed requirements for the substantiation and verification of voluntary environmental claims. Under this proposal, companies will be required to carry out scientific assessments and undergo third-party verification before making environmental claims about their products or services.

…So, the next time you see a product labeled “green,” ask yourself: is it really? Together, through awareness and accountability, both policy and public pressure can turn the tide against greenwashing – for good.

 

Europol’s processing of biometric data: how much security is too much until it becomes surveillance?

Balancing Security Requirements and Fundamental Rights Protection

By Rebekah, Miruna, Mihai and Vesa

The EU Commission’s 2023 proposal to increase Europol’s authority, especially concerning the systematic processing of biometric data, aims to improve security regarding serious crimes. However, it also raises serious legal concerns for individuals. This blog post critically explores the tension that biometric data poses between increasing surveillance power and fundamental rights under the Charter, which questions: Can this expansion of enforcement powers be justified under the principles of necessity and proportionality, or does it risk going too far?

Source: Wired

The Commission proposed a complementary Regulation for Europol regarding migrant smuggling and trafficking in human beings. The proposal aims to improve the coordination between Europol and the Member States regarding sharing information. This entails Member States providing Europol with citizens’ data to effectively address crimes.

But what kind of data does an agency such as Europol need to process? Europol processes biometric data. The EU has defined biometric data as personal information that can be attributed to unique human physical characteristics, such as facial features and fingerprints. Biometric data has been used by law enforcement authorities in the EU through technological advancements to surveil citizens in public spaces. Citizens have raised concerns that the EU provides law enforcement authorities with the right to interfere with citizens’ fundamental rights and freedoms.

Source: European Union Agency for Fundamental Rights

How does Europol’s processing of biometric data place it at the center of fundamental rights concerns?

When Europol becomes involved with biometric data, it is concerned about being thrown into the deep end of some of the EU’s most sensitive fundamental rights. Article 7 of the Charter protects our private and family life, while Article 8 gives us a fundamental right to personal data protection. These two fundamental rights are shaped by how the EU needs to handle individuals’ privacy and data protection in practice. Europol is not subject to different rules and must also respect them.

Biometric data became significant with the establishment of the GDPR and the Law Enforcement Directive. This is because biometric data falls under a “special category” of data due to its sensitivity, which means it cannot be handled lightly. Europol can only process this type of data when it is necessary for law enforcement, like preventing or solving serious crimes, and even then, only with solid legal safeguards as outlined by the respective regulations.

Source: Shutterstock

Over the years, the Court has made it clear that interfering with fundamental rights is only allowed if it is in accordance with the principles of necessity and proportionality. That means that Europol needs to provide justification for why biometric data is truly essential for carrying out their work and ensure they are not over-collecting or casting too wide a net.

Because without tight rules and accountability, data processing can start to look a lot like surveillance. And that is especially concerning when the individuals being monitored are not even suspects, just non-suspect individuals who might get caught in the digital sweep.

Enhancing security but challenging privacy?

Proponents argue that allowing Europol to process biometric data is crucial in modernising law enforcement and bolstering our security. They claim that by tapping into advanced technologies, such as AI-powered facial recognition systems and machine learning algorithms, Europol can quickly identify and track criminal networks involved in migrant smuggling and human trafficking. This, they argue, helps prevent crimes before they escalate. For everyday citizens, this might mean faster responses during emergencies and more efficient coordination between national police forces across the EU; at the same time, it also raises legitimate concerns regarding individual privacy and data protection.

Source: Biometric Update

This approach is similar to the rationale behind the landmark ruling, where the Court underscored the need for a careful balance between state security and individual rights. While that case focused on mass data retention, it highlights the broader principle that privacy interference must be necessary and proportionate.

However, without mandatory measures like independent oversight by the European Data Protection Supervisor (EDPS), robust data retention rules, and enforceable accountability mechanisms, the 2023 proposal risks creating a surveillance apparatus that goes far beyond its intended scope.

How can Europol balance security requirements with fundamental rights, then? 

In contrast to the previous framework, the proposal mandates that Member States consistently provide Europol with biometric data, with no clear limitations on volume, purpose or retention.

The EDPS has raised concerns, stressing that mass collecting of biometric data such as fingerprints or facial scans without proper safeguards and guidelines could interfere with fundamental rights under the Charter. Such concerns have also been raised by citizens as, according to a survey conducted by the EU Agency for Fundamental Rights, only 17% of Europeans are willing to provide their facial photographs to public authorities for identification purposes. The findings also reveal significant differences among the Member States in countries such as Germany and Austria, who show greater resistance to the sharing and processing their biometric data, while others, such as Portugal and Spain, show a more open approach.  Additionally, the  Biometrics Institute’s 2023 Industry Survey found that 54% of participants consider privacy and data protection significant challenges when developing biometric technologies.

As Europol’s powers expand, how do we protect our fundamental rights?

Source: AML Intelligence

A path forward should come with precise safeguards, not shortcuts. In balancing Europol’s powers on processing large sensitive data such as biometric data with fundamental rights, it is necessary to amend the Europol Regulation by adding more explicit criteria on how biometric data is collected, stored and used. Furthermore, provisions guaranteeing more transparency to avoid misuse of such data or profiling individuals with no criminal links. Lastly, carrying out an independent fundamental rights impact assessment before adopting new powers defines when biometric data can be used and how long it should be strictly limited to migrant smuggling and human trafficking. 

Hence, with clearly defined safeguards in place, the EU and law enforcement agencies, such as Europol, could strike a balance between technological developments and the protection of fundamental rights.

Matching Enforcement to Market Reality: AMLA and the Regulated Industry

By Yasemin, Lanqin, Exuan and Shuhua

Figure: AMLA’s new headquarter will be in Frankfurt (Image: AMLA Official Website)

Money laundering is a global crime that undermines economies and causes corruption, crime and terrorism. The European Union (EU) has long implemented international standards and legislative frameworks to combat money laundering and terrorist financing within its territory. However, the scandals highlight that the legislative frameworks without the right enforcement cannot overcome the problem. This blog post shows why the enforcement model should align in terms of the anti-money laundering (AML) industry and whether the creation of the new Anti-Money Laundering Authority (AMLA) can better enhance this mission.

Spotlighted dilemma and its extended approach

Money laundering is the process of hiding funds from illegal activities because criminals want their money to look clean. This is generally divided into three steps. First, criminals put the illicit gains into the financial system. Then, they move money around to hide its origin. Finally, they bring the money back as if it had been earned legitimately. Money laundering is very threatening, which helps to support crimes such as terrorism, fraud, and corruption, and reduces people’s trust in banks and financial systems.

Over the past decade, many money laundering scandals have occurred in the EU. In 2018, Denmark’s largest bank- Danske Bank, was involved in a huge money laundering case in which $236 billion was laundered through its Estonian branch. Lately, Rabobank is about to face prosecution because it failed to prevent money laundering. From the Danske Bank scandal to the recent Rabobank case, there are not isolated failures but symptoms of weaknesses in the EU’s decentralized AML enforcement structure.

Now, the EU has decided to fight back with a new EU agency- AMLA (the proposal was tabled in 2021, and the regulation was adopted in 2024). Through EU-level supervision, AMLA will support national supervisors and financial intelligence units (FIUs), and enhance cooperation and coordination among member states. But there is another question: Does this new EU agency fit the industry it supervises?

National enforcement wasn’t enough

The current AML mechanism is based on national authorities, with European Banking Authority (EBA) advice and policy-setting. Financial intelligence units (FIU) collect unusual transactions from entities with an obligation to report, analyse them and share them with law enforcement and security agencies as necessary, and exchange information with FIUs worldwide. The concern is that the ‘insufficient detection of suspicious transactions and activities by FIUs, particularly in cross-border cases, limits their capacity to suspend transactions and to disseminate relevant information to competent authorities’. Due to a lack of coordination and information sharing among FIUs, cross-border suspicious transactions are often not identified and responded to in a timely manner’.

For instance, in the Netherlands, Dutch banks are required to report unusual transactions to the FIU-Nederland. DNB supervises the effective fulfilment of the banks’ compliance obligations under the Anti-Money Laundering and Counter-Terrorist Financing Act (Wwft) and the enforcement of sanctions. In 2024, the recent Dutch AML cases, including Volksbank and Rabobank, indicate weaknesses in national enforcement, like a dysfunctional system that generates alerts about customers and their transactions and inadequate action following an alert.

Besides, ‘the application of AML/CFT rules across EU is both ineffective and insufficient’ is hard to ignore according to the impact assessment. There are differences in the formulation and enforcement of AML regulations among member states, leading to unclear rules and inconsistent standards, which affects the uniformity and effectiveness of the entire framework. Besides, the inconsistency of regulatory resources and methods across countries has left some industries and subjects in the regulatory blind spot for a long time, especially in the non-financial sector.

Europe’s new watchdog: AMLA

As one manifestation of the AML’s enforcement model transferring from prominently relying on member states’ authorities to the institution at the EU level, AMLA is further empowered to deal with challenges such as the lack of effectiveness and insufficiencies of the contemporary AML framework.

As an integrated system composed of itself and national authorities, AMLA is entrusted with more direct and indirect supervision powers compared to the more advisory or policy-making role assumed by EBA. For instance, in terms of governing selected obliged entities in the financial sector, national supervisors participate in selecting, listing, and reviewing the entities by the joint supervisory teams in charge of AMLA. Meanwhile, AMLA can exercise direct supervision, such as by adopting binding decisions and especially pecuniary administrative sanctions. In terms of governing non-selected obliged entities, while AMLA enforcement power relies on member states, in which national supervisors retain full responsibility and accountability for direct supervision, AMLA actively coordinates national authorities to help them increase their enforcement effectiveness. With these powers entrusted, AMLA is expected to enhance AML enforcement through the centralization of certain tasks, responsibilities and powers within such a central authority. Nevertheless, diversity and disparity in AML enforcement among member states still have chances to occur.

Figure: Evolving AML supervision in the EU (Image: AI-generated)

The Industry Matters: AMLA ensures the security of the industry and consumers

Money laundering is not just a local issue; it is international. The threat of money laundering and financial crime is cross-border and involves high risk. Because of these characteristics of money laundering, prevention needs to be a priority before non-compliance occurs. If it is detected, authorities need to move faster and take effective action.

However, there has to be the right enforcement mechanism to prevent it. Because good laws can only be better implemented with the right hands. If the regulated industry is highly concentrated and international, as previously pointed out with the recent scandals, national authorities may fail to implement such successful rules. Unmatching the enforcement model with the regulated industry can create problems not just for the market actors but also for the safety and trust of EU citizens.

To illustrate this challenge, consider the analogy of housing design. Imagine living in a detached house with a concrete exterior and buying quality paint perfect for your walls. It might be the ideal solution for your home alone, but what if it is part of a larger complex? Suddenly, it might not fit in with everything else. The best results will not come from acting alone but from a shared decision to harmonize the whole complex. It is the same with anti-money laundering enforcement; it cannot be expected to work effectively if each Member State paints its own house, because the regulated AML industry is not a house but an integrated complex. AMLA is a new EU agency that ensures that Member States are on the same page when it comes to supervising money laundering. Its centralized powers and EU-wide reach aim to sustain a better and risk-free industry in the future.

Figure: AMLA as an EU agency fits the regulated industry’s characteristics (Image: AI-generated)

The EU is moving AML enforcement to Brussels by establishing a centralized enforcement model: AMLA. With AMLA stepping into the role of Europe’s central watchdog, the EU is aligning its enforcement with the regulated industry characteristics. The next challenge will be ensuring AMLA’s effectiveness and adaptability in a fast-evolving risk landscape.

Europol’s Accountability: Tension Between Secrecy and Supervision

By Elisabeth, Furat, Joseph and Matthew

Europol’s Accountability: Tension Between Secrecy and Supervision

This blogpost addresses the tension between effective policing and democratic oversight in the context of Europol’s extensive data collection used for ‘predictive policing’. This practice raises questions about the balance between security and individual privacy rights in the digital age. This blogpost provides an oversight of Europol’s powers and corresponding accountability, with the goal in mind of asking whether the Joint Parliamentary Scrutiny Group’s (JPSG) supervisory powers are sufficient to ensure robust and effective oversight of Europol’s operations. It’s important to note that while Europol’s role involves information collection and sharing, it’s distinct from predictive policing, a specific approach that relies on information to anticipate criminal activity. Predictive policing is not widely used in many European countries, and its relationship with Europol’s functions is complex.

A Brief Introduction to Europol:

Europol was created by the Treaty of Maastricht, which established a “Union-wide system for exchanging information within a European Police Office.” Initially, Europol’s role was limited to coordinating cross-border drug investigations. Despite its limited powers, the agency faced accountability concerns from the start, falling within the Maastricht treaty’s third pillar concerning police and judicial cooperation. Crucially, this domain was insulated from judicial review, meaning the Court of Justice had no means of ensuring Europol’s (admittedly limited) policing activities complied with fundamental rights.

Europol’s role has gradually expanded throughout the years, becoming a full EU agency in 2010. As an agency, Europol is tasked with additional responsibilities such as the collection and analysis of intelligence. However, with increased responsibility came the need for enhanced accountability.

The Treaty of Lisbon, brought an end to the pillar system which had kept Europol ‘at arm’s length’ from the Court’s oversight under Maastricht. For many, Lisbon signaled an end to Europol’s accountability concerns. Article 88 TEU provided the European Parliament with oversight for the first time, and along with it came “increased democratic accountability – at least superficially.” The JPSG is one of the core components of this newfound accountability. The group was established in April 2017 by the EU Speakers Conference, which brings together the national and the European Parliaments. The JPSG, which meets twice a year, is co-chaired by the European Parliament and the country holding the rotating presidency of the Council.

The group’s oversight powers are mostly supervisory. Under Article 51(2) of the Europol Regulation, the JPSG’s purpose is to “politically monitor Europol’s activities.” To facilitate the group’s supervision, Article 51(4) allows the JPSG to request documents from Europol and Article 12 of the Regulation requires Europol’s management board to make the agency’s annual work program available to the JPSG. So, the question is – are these supervisory powers sufficient when Europol oversteps its mandate?

Is Europol headed for ‘1984 reloaded?’ 

Supervising law enforcement agencies is a complex task. Law enforcement, after all, requires a degree of secrecy, which in turn stands in the way of transparency and supervision. In today’s digital society, this tension between secrecy and supervision is manifested in “predictive policing”, a practice which refers to gathering vast datasets and developing algorithms to identify criminals. Europol is no exception to this tension, as data collection and analysis is one of the core components of Europol’s tasks as the EU’s “principle information hub.” While Europol is permitted to collect personal data, Article 28 of the Europol Regulation requires that this data be relevant and necessary for the purposes for which it is processed.

Europol understands the collection of personal data is a touchy subject. In a 2012 publication from the agency, Europol asked “are we headed for ‘1984’ reloaded?”, referencing George Orwell’s novel which depicts a dystopian society of invasive state surveillance. In an effort to put concerns to rest, Europol reaffirmed its commitment to ensuring “the highest standards of data protection.”

Despite this commitment, “serious concerns” have been raised regarding data mining practices at Europol, which saw Europol retaining data related to huge numbers of individuals for indeterminate periods. The sheer scale of Europol’s data mining saw its dataset of 4 petabytes (equivalent to 2 trillion printed pages) compared to a “black hole” and the scandal compared to the mass surveillance program uncovered by Edward Snowden in the U.S. So where was the JPSG amidst this scandal?

What role for the JPSG? 

Under Article 51 of the Europol Regulation, the JPSG is responsible for supervising Europol’s activities which impact fundamental rights. Given that the European Data Protection Supervisor (EDPS) found that Europol’s data mining practices have a “potentially severe impact” on data subjects’ fundamental rights, data mining at Europol would seem to fall squarely within Europol’s supervisory powers.

The problem is the limited extent of the JPSG’s supervisory powers. Europol is only required to report to the JPSG on a yearly basis and has no oversight over the agency’s day-to-day activities. This creates a real gap in the group’s supervisory powers. This gap is demonstrated by the fact that it was Europol itself, not the JPSG, which reported concerns regarding its data handling practices to the EDPS.

Real tension between secrecy and supervision is also evident with regards to the JPSG’s requests for documents. Different rules apply to requests for sensitive documents, which Europol handles a lot of as a law enforcement agency. This tension came into play when the JPSG requested access to correspondence between Europol and the EDPS relating to Europol’s data collection software, to which Europol provided only a limited reply, indicating only the types of software used.

Moreover, adherence to the Law Enforcement Directive (LED) reinforces accountability by mandating strict data protection standards for law enforcement authorities, including Europol. The EDPS’s oversight ensures Europol’s predictive policing complies with these standards, highlighting the critical need for enhanced supervisory mechanisms to protect personal privacy and uphold fundamental rights in the era of data-driven law enforcement.

The JPSG’s limited supervisory powers have been harshly criticised. Some have even said that the group’s limited role gives the agency a “blank cheque” to self-regulate. What then can be done to improve the JPSG’s supervisory role? One solution could be allowing the JPSG more access to Europol’s management board meetings. As it stands, under Article 14 of the Regulation, the JPSG is only required to be invited to two board meetings per year. If the board addressed the JPSG’s summary conclusions and the group’s representatives participated more actively, it would greatly enhance both transparency and effectiveness as the JPSG would have a better grasp on Europol’s day-to-day activities. Such improvements are essential for the JPSG to execute its oversight responsibilities more effectively. 

 

 

 

 

The Fundamental Rights Officer: Just what the EUAA needed  

By Elaine, Gersi, Joris and Leonoor


The Asylum Crisis 

Granted with a new mandate following the adoption of Regulation (EU) 2021/2303 on 19 January 2022, the European Union Agency for Asylum (EUAA) has transitioned into a full-fledged agency. Its goal is to improve the functioning of the Common European Asylum System (CEAS). As the successor of the European Asylum Support Office (EASO), the EUAA is tasked with upholding and promoting respect for fundamental rights within the European Union’s (EU) asylum system. 

Fundamental rights are particularly relevant in the CEAS. This is especially so, given that migrants and asylum seekers often find themselves in a vulnerable position. This can be due to for example their lack of resources, and poor living and material conditions. Following the mass influx of refugees on the EU’s shores leading to the asylum crisis of 2015, a reform of the CEAS was needed to create ‘a more humane, fair, and efficient European asylum policy’. In light of this, the EUAA has implemented a more robust fundamental rights strategy. This strategy contains several safeguards.  

One of these safeguards is the new Fundamental Rights Officer (FRO). The FRO portraits the enforcement of, and adherence to fundamental rights within the EUAA. In this blog post it will be argued that, as follows from the 2022 Ombudsman initiative, the FRO adds value to the workings of the EUAA. This is because the FRO aids the Agency in several ways within the field of fundamental rights. 

François Deleu: the man for the job 

Following the new fundamental rights strategy, Article 49 Regulation 2021/2303 requires the Management Board of the Agency to install a FRO. The FRO is appointed to design a new Fundamental Right Strategy, manage a new complaints mechanism, and contribute to the Agency’s Monitoring Mechanism. Appointed in May 2023, François Deleu is the first to take on this task.  

“I will develop and uphold a robust Fundament Rights Strategy that will build on what is already in place, ensuring that the respect for fundamental rights is central to all the Agency’s growing activities” ~ François Deleu 

While the FRO works independently, Deleu collaborates with the Agency’s Consultative Forum of Civil Society Organisation to create the new Fundamental Right Strategy. The Consultative Forum has an advisory function: it is established to exchange information with relevant civil society organisations and bodies operating in the field of asylum. This includes the European Union Agency for Fundamental Rights and the European Border and Coast Guard Agency (Article 50 Regulation 2021/2303). Together, the FRO and Consultative Forum aim to ensure that the Fundamental Right Strategy is properly reflected in the Agency’s workings. They also work towards preventing breaches of the Charter of Fundamental Rights of the European Union (Charter). 

The FRO is designed as a response to the 2019 Ombudsman decision on maladministration in the practice of the EASO. The FRO therefore manages a complaints mechanism created for individuals who may have suffered a violation of their fundamental rights by an expert employed by the EUAA. The FRO moreover contributes to the Agency’s Monitoring Mechanism of Member States’ asylum systems. The FRO does so by ensuring that this mechanism takes fundamental rights concerns into account.  


Organisational structure of the EUAA 

A Slow Start… 

Following the 2021 revamping of the EUAA framework, the European Ombudsman opened a new strategic initiative. In this initiative, the Ombudsman posed 16 questions to the Agency. This included questions on how the EUAA complies with its fundamental rights obligations and how it ensures accountability for potential violations. These questions related to the renewed protection offered by the 2021 Regulation. It therefore raised attention to the FRO. What followed was a back-and-forth correspondence between the Agency and the Ombudsman.  

It should be mentioned here that the Ombudsman does not issue legally binding decisions. However, its reports are valuable in assessing the Agency’s compliance with its fundamental rights obligations. This follows from its mandate of investigating ‘instances of maladministration in the activities of the Union institutions, bodies, offices or agencies’ (Article 228(1) TFEU).  

At the time of the investigation, Deleu had not yet been appointed. One of the questions therefore rested on when the Agency anticipated this position to become operational. In the Agency’s initial reply of 11 July 2022, it walked through the appointment procedure for the FRO. The reply highlighted that certain steps like kick-starting the selection process were taking longer than expected. This could be owed to the “extensive consultations” held with all involved stakeholders. These consultations were needed to ensure that the necessary attention to detail was afforded in the selection of candidates. 

The Ombudsman later expressed disappointment in February of 2023 that the position remained vacant more than a year after the 2021 Regulation came into force. It urged the Agency to fill this position as “a matter of urgency”, because of the need to operationalise the Agency’s other fundamental rights mechanisms. In this way, the FRO can be seen as the catalyst for all EUAA fundamental rights mechanisms.  

 …But a Promising Future 

As mentioned, the FRO position was eventually filled in 2023. At the time of writing, Deleu now holds office for nearly a year. So, what can be said for this new development?

At the end of June 2023, the Agency replied to the Ombudsman observations. In the reply, the Ombudsman was informed of this long anticipated appointment. Also, it was stated that the fundamental rights strategy was expected to be adopted in March/April 2024. At the time of writing, it can therefore be expected any day. 

Additionally, the response addressed recommendations for the FRO to review all operational plans signed between the Agency and EU Member States. It highlighted that Deleu had already reviewed plans with Spain, Bulgaria and Lithuania since entering office. Here, the value of the FRO can be seen through its direct involvement in scrutinising Member State plans. 

In July of 2023, the EUAA also published its Annual Report about asylum in the EU. In the Annual Report, it discusses its newly developed escalation process. This process is outlined under Article 18(6)(c) of the 2021 Regulation. It stipulates that the Agency’s Executive Director can suspend or terminate asylum support teams in a Member State that is violating fundamental rights or international protection obligations. This is done after consultation with the FRO. 


An overview of the EUAA's timeline (made by the authors of this post)
  

A Well-Rounded Appointment 

As a final note, the recruitment process’ emphasis on maintaining the FRO’s independence towards the Executive Director should be highlighted. This is important due to the weight placed on independence in the FRO’s mandate. The selection committee for the post therefore included external stakeholders, like the European Commission Directorate-General for Migration and Home affairs. So, while the position is appointed internally, individuals from outside the Agency have a say in deciding the next FRO. Based on the selection procedure, a list of candidates is sent to the Management Board, which ultimately takes the final decision. Ultimately, it is therefore an internal decision with external input.  

The importance attributed to the FRO in the Ombudsman initiative has now been shown. The office’s essential role in upholding the new framework’s mechanisms is also evident. Hence, the FRO can be seen to hold great added-value for the Agency, with further-untapped potential.