[DRAFT] The European Defence Agency: A EUR48 Million “Discussion Form”?

By Emma, Thaïs, Charlotte, Émie

With a €48 million annual budget and no binding powers, the EDA, created more than 20 years ago, raises a question: are we investing in capabilities, or just conversations? As war returns to Europe’s doorstep, the time for concrete action has come.

What is the EDA?

Its mission

The European Defence Agency (EDA) is an intergovernmental body of the European Union, created in 2004 to support and coordinate defence cooperation among Member States.

Its creation followed divisions over the 2003 Iraq War and growing concern over fragmented defence efforts in Europe. Legally anchored in the Common Security and Defence Policy (CSDP), the EDA’s role is to help Member States improve military capabilities, foster joint procurement, and strengthen the European Defence industry.

Pursuant to Article 42 TEU, the Agency has no binding powers, no operational command, and cannot impose decisions. Its role is strictly supportive, and participation is voluntary. Decisions are made by a Steering Board, usually by consensus, which ensures that national sovereignty is fully respected.

The EDA provides a platform for dialogue, coordination, and project development—encouraging cooperation in areas like defence research, capability planning, and industrial innovation. It aims to make European defence efforts more coherent, efficient, and collaborative.

However, considering growing challenges surrounding Europe, the question arises on whether the Agency has any added value in the EUs’ security and defence landscape.

What does it bring to the table?

European Added Value

European added value (EAV) arises when the EU enables Member States to achieve objectives they could not attain alone or could only do so less effectively. This notion reflects the concept of subsidiarity, a key element in the EU’s system. To understand the EDA’s added value, the blog looks at two elements: EDA’s annual reports and a comparison with other defence actors.

Annual reports

The EDA’s annual reports give us insight on how the agency uses its money.

It is important to note is that the EDA’s budget has increased throughout the years, going from 29, 561 million in 2008 to € 48,360 million in 2024. 

According to the 2009 annual report, the EDA had around 80 work strands up and running and in 2023 EDA Managed 94 Capability and Research Projects. Although this number reflects a growth in the agency’s involvement in European defence activities, it hardly justifies such a budget increase.

Source: EDA

The reports also indicate that the EDA mainly facilitates cooperation between Member States and/or private parties in the defence industry. By working at the EU level, the Agency enhances the effectiveness of collaboration, enabling a more coordinated approach to collective defence challenges. This reflects European Added Value.

In addition, in 2023, Jiří Šedivý (EDA’s chief executive) noted that by helping armed forces to cooperate and invest better together (…) EDA’s added value for EU defence is sharply increasing.

In the shadows of the Commission?

Tensions between the EDA and the Commission have grown throughout the years, mainly driven by institutional ambition, overlapping mandates, divergent strategic priorities, and unequal access to funding.

Source: https://www.energyintel.com/00000191-b220-d88e-a7fd-bb79eb380001

While both institutions share similar objectives in defence policy, they pursue them through divergent approaches.

The EDA operates on an intergovernmental basis, respecting Member State sovereignty and enabling national control over procurement and capability development. In contrast, the Commission favours a supranational model, which could diminish Member State influence.

This difference in institutional logic stems from the political decision made in 2004 to “exclude” the Commission from a direct role in defence policy, leading to the EDA’s establishment. Nevertheless, the Commission’s considerable financial and regulatory powers, unlike the EDA’s more limited mandate, allow it to shape defence in a more structured and far-reaching manner, which is exemplified by the Commission’s ReArm Europe Plan/Readiness 2030. Consequently, the EDA views its relationship with the Commission as an “unequal rivalry”, particularly due to the disparity in funding and influence.

Source image : https://eda.europa.eu/who-we-are

Despite these tensions, the EDA retains a distinct and valuable role. While both institutions are crucial to the EU’s defence framework, the EDA’s added value is embedded in its ability to work with, not above, Member States in a field that remains deeply sensitive to national control and enable Member States achieve defence goals they would not have achieved alone.

A NATO wannabe?

The EDA often finds itself compared to NATO, especially given their shared goal of fostering defence cooperation between their member states.

Both organisations play crucial roles in enhancing military capabilities, yet they operate within different frameworks. Unlike NATO, which is influenced by the priorities of global powers such as the United States, the EDA focuses exclusively on European interests, strengthening the EU’s strategic autonomy in defence.

One of the EDA’s unique contributions is its ability to incentivise European solutions through specific mechanisms designed to promote collaboration. These efforts are essential for overcoming the challenges posed by divergent national interests and the reluctance of Member States to fully harmonise defence capacities.

Source : Armasuisse, Federal Office for Defence Procurement

However, the agency’s success is still limited by the significant control retained by Member States in the defence sector. While NATO benefits from extensive resources and capabilities, the EDA’s budget and scope are much more limited. The Agency’s main function is facilitating communication and collaboration among experts, providing both formal and informal platforms for discussing emerging challenges. As such, it relies on soft governance tools to promote cooperation and coordination, rather than enforcing binding obligations. Coordination between EU Member States is key to tackling shared challenges, achieving common goals, and pooling resources efficiently. This collaborative approach not only protects collective interests but also strengthens the EU’s strategic autonomy, reducing dependence on external powers and prioritising European interests. This is an essential element in the defence sector.

Can the EDA escape the “Discussion Forum” label?

Source: https://www.threads.net/@political_cartoon_gallery/post/DFnx3uGPCVA

The EU now faces growing pressure to step up its defence capabilities. The EDA, created to help Member States cooperate on military capabilities, now stands at a turning point. The 2024 ReArm Europe Plan, backed by €800 million, gives the EDA a real chance to get into action and show its relevance, especially in areas like joint procurement and defence innovation. But with the Agency having no binding powers as provided in the Treaties, its impact depends entirely on whether Member States are willing to act together. Without a real consensus at the Steering Board, the EDA risks proving to be a €48 million discussion forum, rather than a real force in European defence.

 

 

[DRAFT] Following in AMLA’s footsteps: is direct enforcement the way to go for wandering ENISA?

By Arailym, Patrick and Sondra

The road to what might be called regulatory maturity is often a long one. In EU cybersecurity regulation, a culture of vertical and horizontal collaboration is optimistic but seemingly ineffective. It likely leaves the European Union Agency for Cybersecurity (ENISA) feeling somewhat envious of the centralised enforcement powers recently vested in the Anti-Money Laundering Authority (AMLA). How feasible would it be for ENISA to follow in AMLA’s footsteps? This blog post examines whether there is regulatory space, or even a solid legal basis for such an evolution. Due to the differing contexts of financial crime prevention and cybersecurity, the limits of an analogy between the trajectories of the two agencies will become clear.

What is ENISA?

ENISA – the European Union Agency for Cybersecurity, previously known as the European Network and Information Security Agency, was established in 2004 by Regulation No 460/2004. It was reformed by Regulation No 526/2013, which was later repealed by the Cybersecurity Act.

The Cybersecurity Act granted ENISA a permanent mandate along with increased responsibilities, transforming it from a “Cinderella” agency into a key cybersecurity entity in the EU. ENISA aims to achieve a high common level of cybersecurity across the Union. Its main tasks include:

  • Supporting EU legislation implementation and the development of EU-wide cybersecurity standards
  • Enhancing operational cooperation and coordination among Member States, Union institutions and private sector actors
  • Managing cybersecurity certification schemes to increase trust in information and communication technology (ICT)

                                   Photo credits: ENISA website

The Emergence of AMLA

The evolution of the EU’s anti-money laundering framework has seen notable advancements, starting from the initial anti-money laundering Directive (AMLD1) in 1990 to the latest updates with AMLD6, Anti-Money Laundering Regulation (AMLR), and Anti-Money Laundering Authority Regulation (AMLAR). This development signifies an expanding regulatory focus that originally targeted drug trafficking in the 1990s, evolving into a robust framework that addresses intricate financial crimes like cyber-enabled money laundering. A significant shift occurred with AMLD3, which embraced risk-based approaches for customer due diligence (CDD). The enactment of AMLD4 improved transparency by creating mandatory central registers for beneficial ownership information, a refinement further augmented by AMLD5 (2018), which required public accessibility. The recent introductions of AMLR, AMLAR, and AMLD6 establish centralised oversight while adapting to technological advancements by creating a unified supervisory body across the EU, effectively standardising anti-money laundering initiatives among member states and confronting new technological hurdles. This evolution exemplifies direct enforcement and is a new form of functional spillover that arises from internal pressure and functional necessity, rather than from external crises. This indicates that achieving the established policy goals necessitates the expansion and uniform application of EU law. Below, we delve into why and how direct enforcement is essential for ENISA to attain a high common level of cybersecurity throughout the EU.

Why should ENISA follow the same trajectory as AMLA?

The increasing frequency and sophistication of cyber threats pose significant risks to economic activities, public services, and citizens’ privacy. In recent years, the EU has implemented several legislation addressing cybersecurity, such as the Cybersecurity Act, NIS 2 Directive, Cyber Resilience Act, and Cyber Solidarity Act.

These legislations have expanded ENISA’s capacities, but they are insufficient for the EU’s ambition to enhance cybersecurity across the Union, as the success of EU cybersecurity policies relies on implementation by Member States. For example, the NIS 2 Directive has so far been transposed by only four Member States, prompting the European Commission to open infringement proceedings against 23 Member States. This presents a real risk of fragmentation across the EU, which hinders effective cybersecurity. From a functional spillover perspective, the increasing cybersecurity threats and divergent approaches among Member States suggest that ENISA’s role may need to evolve beyond its original advisory and coordinative function towards enforcement powers.

The situation facing ENISA mirrors AMLA’s earlier context – both agencies emerged in response to fragmented national practices and cross-border threats that require unified, robust responses. However, while AMLA was granted limited enforcement powers due to the ineffectiveness of the previous decentralised approach and the lack of cooperation among national AML/CFT supervisors, ENISA remains confined to coordination and advisory functions. To some extent, one could argue that ENISA’s case resembles AMLA, and granting ENISA enforcement powers would ensure compliance with EU cybersecurity standards and achieve a high common level of cybersecurity across the Union.

However, this might be an impossible mission or one that lies in the fairly distant future… Direct enforcement for the wandering ENISA faces a steep climb, blocked by the EU’s limited competences in security matters, an area still fiercely guarded by the Member States.

How this trajectory can be beneficial

As referred to above, the sole competence of Member States in matters of public and national security (recognised under Article 4(2) TEU) currently limits ENISA’s ability to gain direct enforcement powers; there is, however, precedent for derogation from the national security exemption, as can be observed in the Privacy International case (paragraph 44) in relation to the e-privacy Directive.

For now though, we must not jump ahead but instead envisage some preliminary steps that may take ENISA some distance down AMLA’s beaten path. A prerequisite of any centralisation is an unequivocal delineation of the agency’s role in a crowded regulatory environment. The elaboration of the EU cybersecurity landscape in recent years has led to a blurring of the lines between the competences of the entities involved, particularly with the emergence of several networks and centres at the EU level aiming to prepare for, respond to, or analyse cybersecurity threats and incidents. Although the notion of collaboration seems to be favoured in EU cybersecurity policy, the lack of exclusive specialisation on ENISA’s part would undermine any future enforcement remit for the agency. Thus, policymakers should pinpoint the tasks and responsibilities the execution of which would allow ENISA to contribute most optimally to the improvement of EU cybersecurity. This prioritisation of tasks would enable ENISA to enhance its operational efficiency, and ultimately its reputation, potentially paving the way for a transition to a more substantively empowered role.

 

 

ENISA

AMLA

Legal basis

Cybersecurity Act (2019) & NIS2 Directive

AML/CFT Regulation (2024) & AMLD6

Enforcement powers

No direct enforcement (supports national authorities)

Direct enforcement

(40+ high-risk financial entities (crypto, cross-border institutions))

Sector focus

All critical sectors (energy, health, transport, digital infra)

Financial sector priority, limited non-financial oversight

Enforcement tools

Technical enforcement i.e., cybersecurity certification, Vulnerability reporting; Operational Tools i.e., Cyber Exercise Platform for crisis simulations, CSIRT Network coordination; Compliance Leverage i.e., National strategy evaluation toolkit Biennial risk trend reports to EU institutions

Corrective measures i.e., operations restrictions, government structures; Financial sanction i.e., fines; Investigative powers.

Dispute resolution

Non-binding recommendations through Cooperation Group

Binding arbitration in cross-border supervisory conflicts

 

[DRAFT] A Chemical (Im)Balance: Judicial Review and Technical Expertise of the ECHA BOA

By Thomas, Gabriel, Sophie and Luca

Source: Ryan Zazueta

In the ever-expanding world of EU agencies, one stands out for its critical role in protecting public health and the environment: the European Chemicals Agency (ECHA). Tasked with enforcing the REACH Regulation – the EU’s cornerstone framework for regulating chemicals – ECHA operates with deep scientific and technical expertise. At the heart of its internal accountability structure sits the ECHA Board of Appeal (ECHA BoA), a quasi-judicial body uniquely designed to review ECHA decisions with both legal and scientific rigor. Yet, a structural tension emerges when ECHA BoA decisions, often rooted in technical reasoning, are subsequently reviewed by the General Court of the European Union (General Court) and (ultimately) the European Court of Justice (Court of Justice). These courts lack comparable scientific expertise and are confined to legal analysis. In this blogpost, we explore an alternative approach for the review of ECHA decisions, inspired by the review model adopted in Australia.

Balancing science and law: the role of the ECHA BoA

ECHA is an EU agency that serves as a central body for ensuring the safe use of chemicals in the EU through expert-driven regulation and scientific oversight. In doing its task, ECHA issues decisions regarding the registration and classification of chemical substances. The ECHA BoA plays a role in reviewing ECHA’s decisions. In this regard, it has the power to annul ECHA decisions, either partially or fully, and it can send the case back to ECHA or make a final decision itself.

Figure 1: Composition of the ECHA BoA, from left to right: legally qualified member, chairperson with legal knowledge, member with scientific/technical expertise (source: Canva)

 

The ECHA BoA functions as a specialized appeals body, ensuring that appeals are assessed not just from a legal perspective but also with scientific and technical expertise. The composition of the ECHA BoA reflects this function. It consists of three members: a chairperson, who must be legally qualified, and two additional members – one of whom must be legally qualified, while the other must possess thorough scientific/technical expertise and knowledge. This ensures that cases before the ECHA BoA are reviewed from both a legal and technical perspective, distinguishing the ECHA BoA’s approach from the review by the General Court.

The ECHA (BoA) under the General Court’s microscope

A central tension underpinning the ECHA decision enforcement framework is the divide between the ECHA BoA’s mandate to issue appeal decisions grounded in scientific/technical expertise, and the role of the General Court (and Court of Justice) in reviewing those decisions through a legal lens. While the ECHA BoA is institutionally equipped to assess scientific matters, the EU courts are not. The intensity of review of the ECHA BoA has been the main focus of two judgments by the General Court; BASF Grenzach v ECHA and Germany v ECHA. Via these two rulings, the General Court gave precedence to the view that the ECHA BoA has the power to check scientific/technical matters of the case and does not just check for manifest errors. However, the recent case 3V Sigma signals a shift towards a more intensive judicial scrutiny of the scientific/technical matters. This creates a risk of judicial overreach, where generalist courts, lacking scientific competence, may substitute their own reasoning for that of the expert body. It could thereby undermine the ECHA BoA’s effectiveness as a specialized enforcement mechanism under REACH.

Figure 2: ECHA’s decision appeal process within the REACH Regulation framework (source: Canva)

 

The Australian way: let the experts be experts

The recent 3V Sigma case made clear that when courts go too far into the scientific territory, the delicate balance of expertise and legality under REACH starts to erode. At the heart of the issue lies a fundamental question – who should make the final call on complex scientific matters? We argue that the answer is that this should not be done by generalist judges, but rather by technically skilled bodies, namely the ECHA BoA.

As the intensity of review increases, the balance between legal oversight and scientific authority becomes harder to maintain – suggesting that we may need to look elsewhere for a model that preserves this balance without undermining judicial accountability, like Australia for instance.

In the Australian system, a well-established practice ensures that specialist tribunals retain control over technical content, even when their decisions are appealed. When a generalist court identifies an error – whether legal or procedural – it does not substitute its own judgment on the scientific facts. Instead, it remands the case back to the expert body, accompanied by clear legal guidance. This allows the specialist to revisit the case and address the issue while preserving its authority over the technical dimensions.

This approach is simple and basic. It respects the tribunal’s knowledge-based function, prevents courts from stepping outside their depth, and avoids outcomes that may be procedurally sound but scientifically flawed. It does not diminish judicial oversight, but rather refines its focus to what courts do best – ensuring fairness, consistency, and legal clarity.

From Down Under to the EU

Adopting this model within the EU legal context, whether formally or through evolving judicial practice, could help draw the boundary lines between the ECHA BoA and the General Court (and eventually, Court of Justice). The ECHA BoA should not be meant to be second-guessed on science by generalist judges. Instead, it should be determined that the ECHA BoA is to integrate scientific expertise with legal reasoning in a way no court can fully replicate. By promoting remand over replacement, the General Court would strengthen not only the ECHA BoA’s authority, but also the credibility of REACH enforcement as a whole.

The recommendation proposed herein could also operate within the current EU legal framework. It means no amendments to the REACH Regulation or the related EU laws are required, taking into consideration the amount of time of the EU legislative process. It is an approach that respects the division of roles and/or expertise, where the ECHA BoA will remain the expert appellate body, and the General Court will retain ultimate authority on questions of law and the validity of the ECHA BoA’s decisions.

 

[DRAFT] Blogpost: Eurojust goes global: A good look or a grey zone?

By Lotte and Sterre

Eurojust, the EU agency for judicial cooperation, signed new Working Arrangements with five Latin American states in 2024 and presented it as a step forward to fight serious cross-border crime. But behind the headlines, deeper questions emerge: is the EU staying true to its core values, or is it quietly stretching the limits of its legitimacy and external influence? This blog argues that while Eurojust’s new alliances rest on solid legal foundations, they risk undermining the EU’s core values due to third states’ governmental vulnerabilities and unclear results of the Working Arrangements.

Source: AI-Generated image

Eurojust’s global push
Eurojust is experienced in cross-border cooperation. Created under Article 85 TFEU, its mission is to support cooperation between national judicial authorities but can also cooperate with third countries through working arrangements. These are non-binding agreements that allow Eurojust to share strategic information, and provide legal and operational support without transferring legal powers.

The 2024 Working Arrangements with Bolivia, Chile, Costa Rica, Ecuador, and Peru marks a step further in the earlier established multilateral agreement between Eurojust and the Ibero-American Association of Public Prosecutors Offences. By formalising this cooperation Eurojust steps up its game in fighting transnational issues like drug trafficking, money laundering, and cybercrime. The critical question of this blog is:

Does cooperation like this reflect the EU’s core values or quietly conflict with them?

Source: Annual Report Eurojust 2023

 

Source: Wikimedia

The limits of legitimacy
Concerning legitimacy of the agreements, the Working Arrangements rests on a solid legal ground. Article 47 of the Eurojust Regulation authorises Eurojust to enter into these agreements. But legitimacy is not just about whether an agency has the formal authority to act. It is also about why and to what result it exercises that authority.

Article 21 TEU, which focusses on the external action of the EU, requires the EU’s external action to reflect and promotes its values, including democracy, the rule of law, and respect for human rights. These are not optional ideals but binding constitutional commitments. Therefore, even if Eurojust is legally entitled to sign Working Arrangements, these partnerships must also align with the substance of Article 21 TEU.

Partners with problems
The Working Arrangements target crime cooperation and not domestic governance, however problems in domestic governance could still raise Article 21 TEU concerns. The five states have been criticised for both human rights violations and weak judicial independence. Amnesty International criticised Ecuador for lack of judiciary’s independence and police attacks on journalists during protest. Peru was stated to have a severe deterioration in judicial independence and rule of law. Furthermore, Bolivia was criticised for their severe penalties for drug trafficking and possession. Bolivians charged with drug offences, independent of the severity of the offence, receive a sentence of 25 years in prison without the possibility of pre-trial release and are held in overcrowded and unsupervised prisons. With Eurojust working together to tackle the very issue of which these countries are so often criticised, it raises the question:

Could Eurojust legitimately cooperate with third countries in criminal justice matters, if those do not uphold the same principles as the EU tries to promote?

Where’s the evidence?
This disconnect is further complicated by the lack of clear, measurable outcomes from these arrangements. Eurojust’s 2023 Annual Report praised its international cooperation efforts but did not provide concrete data linking specific Working Arrangements to measurable results. Without clarity on the Working Arrangements have achieved, it becomes difficult to assess whether these are justified.

Source: Annual Report Eurojust 2023

In practice this leaves a grey area: while Eurojust points to general success in cross-border crime operation, it cannot demonstrate that this success is attributable to specific arrangements, such as the Working Arrangements with Bolivia, Chile, Costa Rica, Ecuador or Peru. This becomes especially problematic considering the human rights issues surrounding the Working Arrangement states. Without clear data demonstrating that cooperation leads to results such as dismantling drug trafficking networks or preventing cybercrime, Eurojust risks exposing itself to criticisms of compromising values and Article 21 TEU for uncertain gains.

Non-binding but symbolic weight
To counter this all, it is important to note that the degree of cooperation introduced in the Working Arrangement remains limited. The Working Arrangements are explicitly non-binding, do not involve the exchange of personal data, and do not impose obligations on either Eurojust or the other states to engage in specific activities. However, even limited cooperation can carry symbolic weight. Entering into formal arrangements with countries that face serious allegations of human rights abuses may be interpreted as normalisation of their domestic shortcomings. Thus, the legal non-bindingness does not set Eurojust free from normative criticisms relating to the values enshrined in Article 21 TEU.

Source: AI-Generated image

A risky balancing act
Ultimately, the Working Arrangements highlight the EU’s ambition to play a more global role in justice and security. On the one hand, Eurojust operates within a strong legal framework, backed by Article 85 TFEU and Article 47 of the Eurojust Regulation, supporting a firm foundation to legitimacy. Yet, the alignment of these actions with the broader principles of Article 21 TEU introduces critical questions about normative legitimacy. The Working Arrangements maintain a careful balance: they are non-binding, preserve Member State sovereignty, and explicitly safeguard the right to independent action. However, their lack of measurable outcomes and unclear operational impact weaken Eurojust’s legitimacy. Without transparency about the effectiveness of these external partnerships, Eurojust risks undermining the very credibility it seeks to build.

Source: AI-Generated image

The EU’s reputation as a defender of democracy and human rights depends on whether it actually follows its own rules when dealing with third countries. Article 21 TEU is not just a statement of ideals, it sets real standards that the EU must live up to when it builds partnerships outside its borders. If external partnerships are to be sustainable and credible, they must reflect not just what the EU can do—but what it should do.

[DRAFT] A Pressing Need for an EU Underwater Watchdog

Imagine waking up one morning to find out your favourite social media app is down. A few minutes later, your internet connection is interrupted, not just in your house but across the entire city. Planes are grounded. Hospitals struggle to access patients’ records and perform urgent interventions. Financial transactions stall midstream. The world stops moving in a split second because of a single breach deep under the sea surface.

While it may sound like the plot of an apocalyptic movie, this scenario is not science fiction. Despite the likelihood of such incidents, the current legal and supervisory measures are insufficient to tackle the threat.

“What is essential is invisible to the eye.” The words of Antoine de Saint-Exupéry in The Little Prince capture the eerie invisibility of the systems we rely on most – subsea communication cables. Hidden not only beneath the surface of the Baltic Sea but also beyond European waters, these information veins carry approximately 99% of global internet traffic worldwide. While satellites dazzle as the stars of connectivity, it is the fragile submerged cables that dominate information transfer.

Out of Sight, Out of Control?

Despite their critical role, undersea cables receive insufficient regulatory attention. A single anchor drag, accidental or not, can sever them. An example of such an incident is the damaged cable between Germany and Finland in November 2024. While it proved to be an accident, the rising geopolitical tensions may thin the line between mishap and potential sabotage.

The European Commission is fully aware of potential threats to underwater infrastructure and acts proactively to “deter, prevent, detect and respond” to cable damage. However, the oversight remains irregular because responsibility is split across national coastguards, military bodies, cybersecurity agencies, and telecom regulators. The room for improvement is apparent.

EMSA: A Sleeping Titan

When it comes to preserving underwater infrastructure, European Maritime Safety Agency (EMSA) appears to be a pearl buried in the sand. Created to enhance maritime safety and prevent pollution, EMSA possesses some of the most advanced surveillance capabilities in the EU.From drones and satellites to remote-operated vehicles (ROVs) that can inspect the seabed, EMSA literally has a clear vision where other agencies do not even have a peek. It already monitors shipping routes, investigates maritime incidents, and supports EU countries with real-time observation. Its CleanSeaNet and SafeSeaNet systems are golden standards in maritime tracking. Unfortunately, its (currently) narrow mandate, granted by its foundational document- Regulation 1406/2002, prevents it from realising its fullest potential.

So, why not give EMSA the power to watch over the very infrastructure those ships rely on?

From Maritime Safety to Digital Infrastructure Security

Under the United Nations Convention on the Law of the Sea (UNCLOS), EU countries have the right (and the obligation) to protect underwater infrastructure in their Exclusive Economic Zones (EEZ) – areas of sea a country controls for economic purposes. Articles 60, 79, and 80 of UNCLOS explicitly allow for the regulation and protection of such structures, firmly placing the communication cables within the safety remit.

The starting point for the EU is found, as so often, in the treaties. The rationale that the Union can legislate only in areas conferred upon it by the member states holds valid. In the case of maritime safety, the EU cannot act on its own. Based on Article 3 of the Treaty on the Functioning of the European Union (TFEU), maritime safety is not within the exclusive competence of the Union. Therefore, Article 5 of the Treaty on the European Union (TEU) grants the EU a legal opportunity to step in where it can act more effectively than Member States alone. Given EMSA’s pan-European reach and specialized technology, it is hard to argue against this being one of the examples of EU competence suitability.

Safety Is Not Just About Shipwrecks and Oil Spills Anymore

Modern maritime safety should also extend to protecting the digital lifelines that power 21st-century Europe (and the world). Subsea cables connect us not just to each other, but to global markets, health systems, military coordination, and disaster response tools. The European Parliament has referred to these cables as “quintessential to global connectivity” and warned that they are “highly susceptible to vulnerabilities.” Yet, as it stands, EMSA, the most technically capable agency in Europe’s maritime toolbox, remains on the legal sidelines.

A Missed Opportunity

Due to being legally barred from taking the lead in supervisory and investigative activities, EMSA’s valuable technology and resources cannot serve this great cause. Employing EMSA’s capabilities (i.e. its technical and legal expertise) would bridge a gap in the current supervisory system and help effectively oversee the underwater infrastructure. Moreover, the extension of EMSA’s mandate would not step on anyone’s toes, but rather stitch together a fragmented system, add clarity to responsibility, and bring powerful tools into active use. Most importantly, it would shift the EU from a reactive stance to a preventative one- spotting the trouble before it materializes.

The New Competencies

Now that the need for the extension of EMSA’s mandate is established, the authors of the present blog took the courtesy to summarise EMSA’s new future responsibilities:

From Seafloor towards the Sun

In a world where digital infrastructure is seen as the holy grail of today’s global connectivity, relying on a patchwork supervisory system does not cut it. Whether it is a simple anchor or a complex hybrid threat, the damage to subsea cables could bring Europe to a standstill. This implies an increased need for a unified and effective approach. In the end, the incidents related to underwater structures rarely involve a single Member State. They rather represent a wider, regional challenge, calling for interstate cooperation via a common, accessible and, most importantly, competent hub. EMSA, with its resources and expertise, is the embodiment of such a hub. Allowing it to ascend from the legal seafloor has the potential to shift the current approach to undersea infrastructure towards a brighter future. So, unless we want our digital lights out, it is time to lift the anchors of legal constraints.

[DRAFT] Still Relevant After 50 Years: A Reality Check for Cedefop

By Maria, Guilherme, Emilie and Chris

Source: https://www.cedefop.europa.eu/en

Still Relevant After 50 Years: A Reality Check for Cedefop

Cedefop turns 50!

Source: Pinterest

In a world where labour markets are evolving rapidly, driven by digital transitions, demographic shifts, and green ambitions, it is vital that EU education and skills development is set up for success. Marking its 50th anniversary in 2025, the European Centre for the Development of Vocational Training (Cedefop) has been a cornerstone of EU cooperation in education and skills development. Some critics might question the effectiveness of Cedefop, pointing to its lack of enforcement powers as a barrier to achieving its goals. But when one looks at these goals, the role of Cedefop remains relevant and important in achieving the mission to enhance cooperation and knowledge-sharing among Member States in the field of vocational education and training (VET).

Is ‘soft power’ enough to shape the future of work?

Cedefop’s mandate is broad, and it relies solely on soft powers to achieve this. The term ‘soft power’ usually describes an ability to influence others through shared values, consensus, and cooperation, rather than through legislation or formal authority.

Source: Cedefop website

In practice, Cedefop has focused on two main goals: enhancing transparency in qualifications and facilitating transferability of learning outcomes across Member States. These goals support freedom of movement for learners and workers, so that credentials in one country are understood and accepted in another. This naturally raises the question about whether Cedefop has effectively fulfilled these goals.

When outcomes are seen as beneficial, rather than being forced, there is generally less pushback from governments and other actors. For many EU countries, vocational education and training has a direct influence on efforts to reduce unemployment, especially for people who may lack skills relevant to changing labour markets.

Source: https://www.cedefop.europa.eu/en/tools/vet-toolkit-tackling-early-leaving/resources/vet-toolkit-upskilling-pathways/best-practices/role-vet-society

 

This figure shows the support from EU citizens to the statement: “Vocational education and training play an important role in reducing unemployment in your country”.

The skills puzzle: solving labour gaps through EU cooperation

Zooming into cooperation, there is still room for improvement. Cedefop’s effectiveness in VET partly depends on how closely it works with Member States, social partners, the European Commission, and the European Parliament. By gathering data and sharing knowledge, Cedefop encourages different national and EU-level actors to align strategies in addressing skills mismatches.

During the European Year of Skills 2023, particular emphasis was placed on upskilling and reskilling, lifelong learning, and fostering both innovation and competitiveness. These aims also support people and businesses in meeting green and digital objectives. Recognising the importance of collective efforts, and in celebrating 50 years of activity, Cedefop joined the  Eurofound, the European Agency for Safety and Health at Work (EU-OSHA), the European Training Foundation (ETF) and the European Labour Authority (ELA), in hosting a major event. This gathering highlighted how the five agencies contribute to enhancing skills development.

In discussions with the Parliament and Commission, Cedefop presented its latest report: Skills in transition – the way to 2035. The report’s key message was that Europe is facing urgent labour shortages, especially in science, technology, engineering, mathematics (STEM) and IT fields. Green and digital transitions are rapidly reshaping Europe’s labour market. To remain competitive and resilient, Europe needs well-targeted policy decisions and a fresh approach to skill-building.

Navigating duplication risks and collaborative leadership

Questions arise about overlapping responsibilities between EU agencies. Cedefop, Eurofound, and EU-OSHA share certain priorities, including improving working conditions and aligning skills with the needs of evolving economies. Nevertheless, Cedefop’s soft-power strategies continue to offer added value. It promotes collaboration by disseminating research, guiding Member States on reskilling, and working closely with other agencies to produce policy recommendations that address real-world challenges. Together, they act as “political entrepreneurs,” pushing Europe’s skills agenda forward.

Still, as Cedefop cannot compel countries to adopt its insights, progress depends on politicians and policymakers embracing them. This reality often leads to uneven outcomes; some countries quickly integrate Cedefop’s recommendations, while others may hold back. Another common concern is “duplication risk,” where different agencies might be seen as doing the same work. Cedefop’s defenders point out that each EU agency has a specific focus: Cedefop zeroes in on vocational training, Eurofound studies broader social and work conditions, and EU-OSHA looks at safety and health. Where their work converges, they aim to coordinate rather than compete.

Inconsistent Adoption of Cedefop’s Recommendations Across EU Member States

Cedefop has made recommendations for improving access to skills development and adult learning, particularly for marginalised groups. One approach Cedefop endorses is the use of financial assistance for vulnerable learners. However, the adoption of these recommendations has been far from uniform across EU Member States, with progress varying widely.

For example, Germany offers support through the National Skills Strategy for low-qualified adults who may otherwise struggle, and France has a similar program, Compte Personnel de Formation, allowing individuals, including those from disadvantaged backgrounds, to access training. Both initiatives align with Cedefop’s goals at making upskilling more accessible.

In contrast,  Bulgaria remains in the early stages of reforming their VET system. Although there are positive indications, reforming VET can take time as it often faces challenges like legislative changes and budgetary allocations which slow the pace of progress. Romania records one of the lowest levels of adult learning participation in the EU, raising concerns about whether people there can adapt to ongoing economic and technological changes.

These discrepancies highlight the need for a more consistent approach to improving skills development across Europe. However, they also indicate that responsibility does not rest with Cedefop. Given the number of EU citizens who agree that VET plays an important role in reducing unemployment, it should be clear there is incentive to work with Cedefop in improving VET.

Shaping the future

Cedefop’s impact is greatest when stakeholders recognise the tangible benefits and engage with Cedefop’s contributions to VET development. By continuing to promote advancements to VET systems, Cedefop reinforces its central role in building a competitive, forward-looking EU workforce. These efforts show that lacking enforcement powers does not necessarily limit an agency’s ability to make a difference.

Even if Cedefop’s goals remain aspirational, its contributions to policy debates and collaborative initiatives show that progress is possible despite the constraints of soft power. With half a century of experience rooted in research, collaboration, and policy, Cedefop remains committed to making VET and skills development accessible to everyone, always keeping a future-oriented perspective.

In the end, the lack of direct enforcement powers reflects the EU’s decision to preserve Member State sovereignty over education. As labour markets continue to evolve, vocational education will likewise transform, and a central EU-level body devoted to coordinating these changes seems likely to remain important. It is still an open question whether exclusive reliance on soft powers is the most effective long-term strategy for shaping vocational education, training, and skills policies, but the work of Cedefop over the past 50 years provides plenty of evidence that such an approach can achieve significant results.

www.wordsandquotes.com

 

 

[DRAFT] Greenwashing in the EU: How to Spot It — and How Brussels Is Fighting Back

By Alexandra, Helena, Gennaro and Isabella

“Eco-friendly”.“Sustainable”.“Natural” These words are everywhere — on packaging, websites, and ad-campaigns. But are they always representing the truth? Being an environmentally friendly business is increasingly popular, but not every company does what it claims to do. In fact, many companies use misleading green claims, just to appear sustainable when in reality they are not. This act of pretending is what we call greenwashing. It threatens real progress on climate goals. In this post, we break down what greenwashing is, its impact, how to recognize it, and an example of how the EU is ‘fighting back’.

Source: United Nations

What is Greenwashing?

Greenwashing is an act or practice of making a product, policy, or activity appear to be more environmentally friendly or less environmentally damaging than it really is. It is a practice of making misleading and false claims, convincing the public to think that the company is contributing to the protection and preservation of the environment.

“In 2021, 42% of the online claims from various businesses were exaggerated, false or deceptivescreening conducted by the European Union and National Consumer Authorities.

Greenwashing can take many different forms, but it usually happens when a company seeks to promote its products or services. Businesses use misleading labels, or unclear language, such as calling their product “eco-friendly” without explaining what it actually means. Some produce false data to improve their image, or selectively highlight one “green” effort to look good, while hiding their other practices that are harmful to the environment. Others rely on misleading visuals and graphics, such as using pictures of nature or overusing the color green.

Our Role in the Green Fight: A practical Guide

Source: The Choice

So how can you, as a consumer, spot greenwashing?  Making environmentally responsible choices means being aware of how to identify misleading claims made by businesses. Here is breakdown of some tips that may be useful:

1. Start by checking for reliable third-party certifications, such as the EU Ecolabel or Fair Trade. Genuine labels are transparent and verified independently, whereas less credible companies might invent misleading eco-labels to create an illusion of sustainability.

2. Be cautious of vague and unclear terminology. Terms like “eco-friendly” or “green” without clear explanations or evidence might signal greenwashing. Genuine sustainable brands usually specify exactly why and how their products or services are environmentally friendly. The European Commission press corner section on the “Right to repair” can help consumers recognize legitimate claims

3. Look beyond attractive slogans and carefully evaluate transparency. Real sustainability means companies provide thorough and detailed information about their overall environmental impact—not just selectively highlighting one minor positive action. Furthermore, truly sustainable businesses back up their environmental claims with solid evidence and detailed reports. Information about emissions, supply chains, or resource usage should be easily accessible and clearly documented. Finally, remember that visuals can also be deceptive. Overusing green colors or nature-themed imagery might make products appear more sustainable than they actually are. Such tactics are common strategies used to distract consumers from examining the company’s true environmental impact.

These three quick steps have been summarized below: 

When Green Turns Grey: How Greenwashing Harms the EU

The consequences of Greenwashing are felt at every level—from individual consumers to the broader European economy and regulatory frameworks.

Source: U4 Anti-Corruption Resource Centre

Environmental Consequences

Greenwashing has severe environmental consequences, undermining the progress towards the European Green Deal and the Paris Agreement goals to transition to a low carbon economy. It diverts attention and resources from genuinely sustainable initiatives, as consumers become disillusioned and may allow companies to prosper by pretending, they’re green—without doing the work.

Consumer Deception

Greenwashing not only impacts the environment—it also misleads consumers. When companies falsely claim to be “green” or “eco-friendly,” it becomes more challenging for people to distinguish which products or brands are truly sustainable. As a result, the meaning of these terms becomes weaker and more confusing. Additionally, when consumers realise that despite their efforts, they were misled by a company it also erodes their trust. They may feel discouraged, frustrated, sceptical or even stop trying to make environmentally responsible choices which may halt meaningful change.

Distorts Financial Markets

Greenwashing isn’t just bad PR—it’s bad for markets. Investors want their money to align with their environmental values. But when funds or products are falsely labelled “green,” trust disappears. This creates uncertainty, discourages sustainable investing, and destabilizes financial markets. As a result, capital may flow to undeserving companies, while those that are truly working towards sustainability struggle to compete. In the long run, this weakens the credibility of the EU’s sustainable finance framework and risks destabilising efforts to fund the green transition.

 From Claims to Consequences: The EU’s Legal Response to Greenwashing

Source: Didier Reynders, and Virginijus Sinkevicius, European Commissioners, on measures against misleading environmental claims and on the right to repair. [European Union, 2023 Copyright Source: EC – Audiovisual Service]

Among the many legislative instruments adopted by the EU in the context of the “Green deal”, one of the most recent is the Greenwashing Directive which amends the Unfair Commercial Practice Directive (UCPD) and is central for consumers. It introduces specific rules on companies’ sustainability claims, with the aim to contribute to the EU’s green transition by empowering consumers to make informed purchases using reliable sustainability information about products and traders. The Directive includes a list of claims that are in any event considered “unfair” and prohibited, such as the use of “sustainability” labels that are not based on an independent, third-party certification scheme, or established by public authorities. This Directive is a noteworthy advancement as it will have a significant impact on how companies communicate their environmental efforts thereby increasing safeguards for consumers.

…So, the next time you see a product labeled “green,” ask yourself: is it really? Together, through awareness and accountability, both policy and public pressure can turn the tide against greenwashing – for good.

 

[DRAFT] Europol’s processing of biometric data: how much security is too much until it becomes surveillance?

Balancing Security Requirements and Fundamental Rights Protection

By Rebekah, Miruna, Mihai and Vesa

The EU Commission’s 2023 proposal to increase Europol’s authority, especially concerning the systematic processing of biometric data, aims to improve security regarding serious crimes. However, it also raises serious legal concerns for individuals. This blog post critically explores the tension that biometric data poses between increasing surveillance power and fundamental rights under the Charter, which questions: Can this expansion of enforcement powers be justified under the principles of necessity and proportionality, or does it risk going too far?

Source: Wired

The Commission proposed a complementary Regulation for Europol regarding migrant smuggling and trafficking in human beings. The proposal aims to improve the coordination between Europol and the Member States regarding sharing information. This entails Member States providing Europol with citizens’ data to effectively address crimes.

But what kind of data does an agency such as Europol need to process? Europol processes biometric data. The EU has defined biometric data as personal information that can be attributed to unique human physical characteristics, such as facial features and fingerprints. Biometric data has been used by law enforcement authorities in the EU through technological advancements to surveil citizens in public spaces. Citizens have raised concerns that the EU provides law enforcement authorities with the right to interfere with citizens’ fundamental rights and freedoms.

Source: European Union Agency for Fundamental Rights

How does Europol’s processing of biometric data place it at the center of fundamental rights concerns?

When Europol becomes involved with biometric data, it is concerned about being thrown into the deep end of some of the EU’s most sensitive fundamental rights. Article 7 of the Charter protects our private and family life, while Article 8 gives us a fundamental right to personal data protection. These two fundamental rights are shaped by how the EU needs to handle individuals’ privacy and data protection in practice. Europol is not subject to different rules and must also respect them.

Biometric data became significant with the establishment of the GDPR and the Law Enforcement Directive. This is because biometric data falls under a “special category” of data due to its sensitivity, which means it cannot be handled lightly. Europol can only process this type of data when it is necessary for law enforcement, like preventing or solving serious crimes, and even then, only with solid legal safeguards as outlined by the respective regulations.

Source: Shutterstock

Over the years, the Court has made it clear that interfering with fundamental rights is only allowed if it is in accordance with the principles of necessity and proportionality. That means that Europol needs to provide justification for why biometric data is truly essential for carrying out their work and ensure they are not over-collecting or casting too wide a net.

Because without tight rules and accountability, data processing can start to look a lot like surveillance. And that is especially concerning when the individuals being monitored are not even suspects, just non-suspect individuals who might get caught in the digital sweep.

Enhancing security but challenging privacy?

Proponents argue that allowing Europol to process biometric data is crucial in modernising law enforcement and bolstering our security. They claim that by tapping into advanced technologies, such as AI-powered facial recognition systems and machine learning algorithms, Europol can quickly identify and track criminal networks involved in migrant smuggling and human trafficking. This, they argue, helps prevent crimes before they escalate. For everyday citizens, this might mean faster responses during emergencies and more efficient coordination between national police forces across the EU; at the same time, it also raises legitimate concerns regarding individual privacy and data protection.

Source: Biometric Update

This approach is similar to the rationale behind the landmark ruling, where the Court underscored the need for a careful balance between state security and individual rights. While that case focused on mass data retention, it highlights the broader principle that privacy interference must be necessary and proportionate.

However, without mandatory measures like independent oversight by the European Data Protection Supervisor (EDPS), robust data retention rules, and enforceable accountability mechanisms, the 2023 proposal risks creating a surveillance apparatus that goes far beyond its intended scope.

How can Europol balance security requirements with fundamental rights, then? 

In contrast to the previous framework, the proposal mandates that Member States consistently provide Europol with biometric data, with no clear limitations on volume, purpose or retention.

The EDPS has raised concerns, stressing that mass collecting of biometric data such as fingerprints or facial scans without proper safeguards and guidelines could interfere with fundamental rights under the Charter. Such concerns have also been raised by citizens as, according to a survey conducted by the EU Agency for Fundamental Rights, only 17% of Europeans are willing to provide their facial photographs to public authorities for identification purposes. The findings also reveal significant differences among the Member States in countries such as Germany and Austria, who show greater resistance to the sharing and processing their biometric data, while others, such as Portugal and Spain, show a more open approach.  Additionally, the  Biometrics Institute’s 2023 Industry Survey found that 54% of participants consider privacy and data protection significant challenges when developing biometric technologies.

As Europol’s powers expand, how do we protect our fundamental rights?

Source: AML Intelligence

A path forward should come with precise safeguards, not shortcuts. In balancing Europol’s powers on processing large sensitive data such as biometric data with fundamental rights, it is necessary to amend the Europol Regulation by adding more explicit criteria on how biometric data is collected, stored and used. Furthermore, provisions guaranteeing more transparency to avoid misuse of such data or profiling individuals with no criminal links. Lastly, carrying out an independent fundamental rights impact assessment before adopting new powers defines when biometric data can be used and how long it should be strictly limited to migrant smuggling and human trafficking. 

Hence, with clearly defined safeguards in place, the EU and law enforcement agencies, such as Europol, could strike a balance between technological developments and the protection of fundamental rights.

[DRAFT] Matching Enforcement to Market Reality: AMLA and the Regulated Industry

By Yasemin, Lanqin, Exuan and Shuhua

Figure: AMLA’s new headquarter will be in Frankfurt (Image: AMLA Official Website)

Money laundering is a global crime that undermines economies and causes corruption, crime and terrorism. The European Union (EU) has long implemented international standards and legislative frameworks to combat money laundering and terrorist financing within its territory. However, the scandals highlight that the legislative frameworks without the right enforcement cannot overcome the problem. This blog post shows why the enforcement model should align in terms of the anti-money laundering (AML) industry and whether the creation of the new Anti-Money Laundering Authority (AMLA) can better enhance this mission.

Spotlighted dilemma and its extended approach

Money laundering is the process of hiding funds from illegal activities because criminals want their money to look clean. This is generally divided into three steps. First, criminals put the illicit gains into the financial system. Then, they move money around to hide its origin. Finally, they bring the money back as if it had been earned legitimately. Money laundering is very threatening, which helps to support crimes such as terrorism, fraud, and corruption, and reduces people’s trust in banks and financial systems.

Over the past decade, many money laundering scandals have occurred in the EU. In 2018, Denmark’s largest bank- Danske Bank, was involved in a huge money laundering case in which $236 billion was laundered through its Estonian branch. Lately, Rabobank is about to face prosecution because it failed to prevent money laundering. From the Danske Bank scandal to the recent Rabobank case, there are not isolated failures but symptoms of weaknesses in the EU’s decentralized AML enforcement structure.

Now, the EU has decided to fight back with a new EU agency- AMLA (the proposal was tabled in 2021, and the regulation was adopted in 2024). Through EU-level supervision, AMLA will support national supervisors and financial intelligence units (FIUs), and enhance cooperation and coordination among member states. But there is another question: Does this new EU agency fit the industry it supervises?

National enforcement wasn’t enough

The current AML mechanism is based on national authorities, with European Banking Authority (EBA) advice and policy-setting. Financial intelligence units (FIU) collect unusual transactions from entities with an obligation to report, analyse them and share them with law enforcement and security agencies as necessary, and exchange information with FIUs worldwide. The concern is that the ‘insufficient detection of suspicious transactions and activities by FIUs, particularly in cross-border cases, limits their capacity to suspend transactions and to disseminate relevant information to competent authorities’. Due to a lack of coordination and information sharing among FIUs, cross-border suspicious transactions are often not identified and responded to in a timely manner’.

For instance, in the Netherlands, Dutch banks are required to report unusual transactions to the FIU-Nederland. DNB supervises the effective fulfilment of the banks’ compliance obligations under the Anti-Money Laundering and Counter-Terrorist Financing Act (Wwft) and the enforcement of sanctions. In 2024, the recent Dutch AML cases, including Volksbank and Rabobank, indicate weaknesses in national enforcement, like a dysfunctional system that generates alerts about customers and their transactions and inadequate action following an alert.

Besides, ‘the application of AML/CFT rules across EU is both ineffective and insufficient’ is hard to ignore according to the impact assessment. There are differences in the formulation and enforcement of AML regulations among member states, leading to unclear rules and inconsistent standards, which affects the uniformity and effectiveness of the entire framework. Besides, the inconsistency of regulatory resources and methods across countries has left some industries and subjects in the regulatory blind spot for a long time, especially in the non-financial sector.

Europe’s new watchdog: AMLA

As one manifestation of the AML’s enforcement model transferring from prominently relying on member states’ authorities to the institution at the EU level, AMLA is further empowered to deal with challenges such as the lack of effectiveness and insufficiencies of the contemporary AML framework.

As an integrated system composed of itself and national authorities, AMLA is entrusted with more direct and indirect supervision powers compared to the more advisory or policy-making role assumed by EBA. For instance, in terms of governing selected obliged entities in the financial sector, national supervisors participate in selecting, listing, and reviewing the entities by the joint supervisory teams in charge of AMLA. Meanwhile, AMLA can exercise direct supervision, such as by adopting binding decisions and especially pecuniary administrative sanctions. In terms of governing non-selected obliged entities, while AMLA enforcement power relies on member states, in which national supervisors retain full responsibility and accountability for direct supervision, AMLA actively coordinates national authorities to help them increase their enforcement effectiveness. With these powers entrusted, AMLA is expected to enhance AML enforcement through the centralization of certain tasks, responsibilities and powers within such a central authority. Nevertheless, diversity and disparity in AML enforcement among member states still have chances to occur.

Figure: Evolving AML supervision in the EU (Image: AI-generated)

The Industry Matters: AMLA ensures the security of the industry and consumers

Money laundering is not just a local issue; it is international. The threat of money laundering and financial crime is cross-border and involves high risk. Because of these characteristics of money laundering, prevention needs to be a priority before non-compliance occurs. If it is detected, authorities need to move faster and take effective action.

However, there has to be the right enforcement mechanism to prevent it. Because good laws can only be better implemented with the right hands. If the regulated industry is highly concentrated and international, as previously pointed out with the recent scandals, national authorities may fail to implement such successful rules. Unmatching the enforcement model with the regulated industry can create problems not just for the market actors but also for the safety and trust of EU citizens.

To illustrate this challenge, consider the analogy of housing design. Imagine living in a detached house with a concrete exterior and buying quality paint perfect for your walls. It might be the ideal solution for your home alone, but what if it is part of a larger complex? Suddenly, it might not fit in with everything else. The best results will not come from acting alone but from a shared decision to harmonize the whole complex. It is the same with anti-money laundering enforcement; it cannot be expected to work effectively if each Member State paints its own house, because the regulated AML industry is not a house but an integrated complex. AMLA is a new EU agency that ensures that Member States are on the same page when it comes to supervising money laundering. Its centralized powers and EU-wide reach aim to sustain a better and risk-free industry in the future.

Figure: AMLA as an EU agency fits the regulated industry’s characteristics (Image: AI-generated)

The EU is moving AML enforcement to Brussels by establishing a centralized enforcement model: AMLA. With AMLA stepping into the role of Europe’s central watchdog, the EU is aligning its enforcement with the regulated industry characteristics. The next challenge will be ensuring AMLA’s effectiveness and adaptability in a fast-evolving risk landscape.

Europol’s Accountability: Tension Between Secrecy and Supervision

By Elisabeth, Furat, Joseph and Matthew

Europol’s Accountability: Tension Between Secrecy and Supervision

This blogpost addresses the tension between effective policing and democratic oversight in the context of Europol’s extensive data collection used for ‘predictive policing’. This practice raises questions about the balance between security and individual privacy rights in the digital age. This blogpost provides an oversight of Europol’s powers and corresponding accountability, with the goal in mind of asking whether the Joint Parliamentary Scrutiny Group’s (JPSG) supervisory powers are sufficient to ensure robust and effective oversight of Europol’s operations. It’s important to note that while Europol’s role involves information collection and sharing, it’s distinct from predictive policing, a specific approach that relies on information to anticipate criminal activity. Predictive policing is not widely used in many European countries, and its relationship with Europol’s functions is complex.

A Brief Introduction to Europol:

Europol was created by the Treaty of Maastricht, which established a “Union-wide system for exchanging information within a European Police Office.” Initially, Europol’s role was limited to coordinating cross-border drug investigations. Despite its limited powers, the agency faced accountability concerns from the start, falling within the Maastricht treaty’s third pillar concerning police and judicial cooperation. Crucially, this domain was insulated from judicial review, meaning the Court of Justice had no means of ensuring Europol’s (admittedly limited) policing activities complied with fundamental rights.

Europol’s role has gradually expanded throughout the years, becoming a full EU agency in 2010. As an agency, Europol is tasked with additional responsibilities such as the collection and analysis of intelligence. However, with increased responsibility came the need for enhanced accountability.

The Treaty of Lisbon, brought an end to the pillar system which had kept Europol ‘at arm’s length’ from the Court’s oversight under Maastricht. For many, Lisbon signaled an end to Europol’s accountability concerns. Article 88 TEU provided the European Parliament with oversight for the first time, and along with it came “increased democratic accountability – at least superficially.” The JPSG is one of the core components of this newfound accountability. The group was established in April 2017 by the EU Speakers Conference, which brings together the national and the European Parliaments. The JPSG, which meets twice a year, is co-chaired by the European Parliament and the country holding the rotating presidency of the Council.

The group’s oversight powers are mostly supervisory. Under Article 51(2) of the Europol Regulation, the JPSG’s purpose is to “politically monitor Europol’s activities.” To facilitate the group’s supervision, Article 51(4) allows the JPSG to request documents from Europol and Article 12 of the Regulation requires Europol’s management board to make the agency’s annual work program available to the JPSG. So, the question is – are these supervisory powers sufficient when Europol oversteps its mandate?

Is Europol headed for ‘1984 reloaded?’ 

Supervising law enforcement agencies is a complex task. Law enforcement, after all, requires a degree of secrecy, which in turn stands in the way of transparency and supervision. In today’s digital society, this tension between secrecy and supervision is manifested in “predictive policing”, a practice which refers to gathering vast datasets and developing algorithms to identify criminals. Europol is no exception to this tension, as data collection and analysis is one of the core components of Europol’s tasks as the EU’s “principle information hub.” While Europol is permitted to collect personal data, Article 28 of the Europol Regulation requires that this data be relevant and necessary for the purposes for which it is processed.

Europol understands the collection of personal data is a touchy subject. In a 2012 publication from the agency, Europol asked “are we headed for ‘1984’ reloaded?”, referencing George Orwell’s novel which depicts a dystopian society of invasive state surveillance. In an effort to put concerns to rest, Europol reaffirmed its commitment to ensuring “the highest standards of data protection.”

Despite this commitment, “serious concerns” have been raised regarding data mining practices at Europol, which saw Europol retaining data related to huge numbers of individuals for indeterminate periods. The sheer scale of Europol’s data mining saw its dataset of 4 petabytes (equivalent to 2 trillion printed pages) compared to a “black hole” and the scandal compared to the mass surveillance program uncovered by Edward Snowden in the U.S. So where was the JPSG amidst this scandal?

What role for the JPSG? 

Under Article 51 of the Europol Regulation, the JPSG is responsible for supervising Europol’s activities which impact fundamental rights. Given that the European Data Protection Supervisor (EDPS) found that Europol’s data mining practices have a “potentially severe impact” on data subjects’ fundamental rights, data mining at Europol would seem to fall squarely within Europol’s supervisory powers.

The problem is the limited extent of the JPSG’s supervisory powers. Europol is only required to report to the JPSG on a yearly basis and has no oversight over the agency’s day-to-day activities. This creates a real gap in the group’s supervisory powers. This gap is demonstrated by the fact that it was Europol itself, not the JPSG, which reported concerns regarding its data handling practices to the EDPS.

Real tension between secrecy and supervision is also evident with regards to the JPSG’s requests for documents. Different rules apply to requests for sensitive documents, which Europol handles a lot of as a law enforcement agency. This tension came into play when the JPSG requested access to correspondence between Europol and the EDPS relating to Europol’s data collection software, to which Europol provided only a limited reply, indicating only the types of software used.

Moreover, adherence to the Law Enforcement Directive (LED) reinforces accountability by mandating strict data protection standards for law enforcement authorities, including Europol. The EDPS’s oversight ensures Europol’s predictive policing complies with these standards, highlighting the critical need for enhanced supervisory mechanisms to protect personal privacy and uphold fundamental rights in the era of data-driven law enforcement.

The JPSG’s limited supervisory powers have been harshly criticised. Some have even said that the group’s limited role gives the agency a “blank cheque” to self-regulate. What then can be done to improve the JPSG’s supervisory role? One solution could be allowing the JPSG more access to Europol’s management board meetings. As it stands, under Article 14 of the Regulation, the JPSG is only required to be invited to two board meetings per year. If the board addressed the JPSG’s summary conclusions and the group’s representatives participated more actively, it would greatly enhance both transparency and effectiveness as the JPSG would have a better grasp on Europol’s day-to-day activities. Such improvements are essential for the JPSG to execute its oversight responsibilities more effectively.