Commission recommends carrying out risk assessments on critical technology areas
The Commission adopted a Recommendation on critical technology areas for the EU's economic security, for further risk assessment with Member States.
This Recommendation stems from the Joint Communication on a European Economic Security Strategy that put in place a comprehensive strategic approach to economic security in the EU.
This Recommendation relates to the assessment of one of four types of risks in that comprehensive approach, namely technology risk and technology leakage. The risk assessment will be objective in character, and neither its results nor any follow-up measures can be anticipated at this stage. In the Recommendation, the Commission puts forward a list of ten critical technology areas. These technology areas were selected based on the following criteria:
- Enabling and transformative nature of the technology: the technologies' potential and relevance for driving significant increases of performance and efficiency and/or radical changes for sectors, capabilities, etc.;
- The risk of civil and military fusion: the technologies' relevance for both the civil and military sectors and its potential to advance both domains, as well as risk of uses of certain technologies to undermine peace and security;
- The risk the technology could be used in violation of human rights: the technologies' potential misuse in violation of human rights, including restricting fundamental freedoms.
Collective risk assessments with Member States
Out of the ten critical technology areas, the Recommendations identifies four technology areas that are considered highly likely to present the most sensitive and immediate risks related to technology security and technology leakage:
- Advanced Semiconductors technologies (microelectronics, photonics, high frequency chips, semiconductor manufacturing equipment);
- Artificial Intelligence technologies (high performance computing, cloud and edge computing, data analytics, computer vision, language processing, object recognition);
- Quantum technologies (quantum computing, quantum cryptography, quantum communications, quantum sensing and radar);
- Biotechnologies (techniques of genetic modification, new genomic techniques, gene-drive, synthetic biology).
The Commission recommends that Member States, together with the Commission, initially conduct collective risk assessments of these four areas by the end of this year. The Recommendation includes some guiding principles to structure the collective risk assessments, including consultation of the private sector and protection of confidentiality.
In deciding on proposals for further collective risk assessments with Member States on one or more of the listed additional technology areas, or subsets thereof, the Commission will take into account ongoing or planned actions to promote or partner in the technology area under consideration. More generally, the Commission will bear in mind that measures taken to enhance the competitiveness of the EU in the relevant areas can contribute to reducing certain technology risks.
Next Steps
The Commission will engage with Member States, through the appropriate expert fora, to initiate the collective risk assessments for the four abovementioned technology areas.
In addition, the Commission will engage in an open dialogue with Member States on the appropriate calendar and scope of further risk assessments, having regard inter alia to the contribution of the time factor to the evolution of risks. The Commission may present further initiatives in this respect by Spring 2024, in light of such dialogue and of the first experience with the initial collective risk assessments, as well as of further inputs that may be received on the listed technology areas.
The Recommendation will not prejudge the outcome of the risk assessment. Only the outcome of the detailed collective assessment of the level and nature of the risks presented can serve as the basis for a further discussion on the need for any precise and proportionate measures to promote, partner or protect on any of these technology areas, or any subset thereof.
Background
On 20 June 2023, the Commission and the High Representative adopted the Joint Communication on European Economic Security Strategy. The European Economic Security Strategy is based on a three-pillar approach: promotion of the EU's economic base and competitiveness; protection against risks; and partnership with the broadest possible range of countries to address shared concerns and interests.
It sets out a number of actions to be taken to address risks to the resilience of supply chains, risks to the physical and cyber security of critical infrastructures, risks related to technology security and technology leakage, and risks of weaponization of economic dependencies or economic coercion. The list put forward in the Recommendation is part of the third category of these actions.