Written by Clare Ferguson with Sophia Stone.
How do we best protect ourselves in the digital age? Russia’s war on Ukraine and the resulting energy crisis underline the need to boost the European Union’s energy efficiency and cybersecurity. The agenda for the first plenary session of November 2022 therefore centres around joint debates on energy policy, digital finance and cybersecurity in the EU. Members will also hear about the outcome of the European Council meeting of 20 and 21 October, during which the European Union leaders discussed the latest developments in Russia’s military campaign against Ukraine, Europe’s energy crisis and external relations, in particular with China.
Russia’s aggression has intensified the need to protect EU citizens from the consequences of cyber-attack. In Wednesday’s joint debate on digital finance, Members are expected to discuss two complementary files on information and communications technologies (ICT) in finance. Members are first due to debate the digital operational resilience act (DORA), proposed to harmonise ICT resilience in EU financial institutions. The Single Rulebook for financial services already governs risks to financial institutions, but it hardly touches upon ICT operational risks. Given the likely consequences of operational disruption in the financial sector, common key requirements across the EU could increase resilience to cyber-attack more effectively than if each EU country sets out separate rules. The ECON committee has ensured a differentiated approach for small, micro- and interconnected entities. Members are then set to consider a proposal also aiming to reduce ICT risks, by amending existing directives on the regulation and supervision of the financial system. Part of the digital finance package, this new legislation should reduce the risk of cyber-incidents across financial markets, whilst still encouraging innovation and competition. The ECON committee has underlined the need for proportionality for SMEs, and the necessity for robust governance.
Cyber-attacks remain on the agenda for Thursday, when Members are set to consider a provisional agreement reached with the Council expanding the laws dealing with attacks on critical infrastructure and cybercrime, under an updated Network and Information Security Directive (NIS2). To protect critical sectors such as energy, transport, water, health, digital infrastructure and finance, all of which require a high level of protection, more entities and sectors will be obliged to take security measures. The increased scope should help strengthen European cybersecurity in the long term, including by establishing a cyber-crisis liaison network. Parliament has ensured that the directive will apply to central and regional public administrations. Once agreed, the EU Member States will have 21 months to transpose the measures into national law.
When the EU put the Recovery and Resilience Facility (RRF) in place to support the recovery from the COVID-19 pandemic, energy efficiency was already a strong focus. On Wednesday afternoon , Members are due to debate a joint report by Parliament’s Committees on Budgets (BUDG) and on Economic and Monetary Affairs (ECON) on extending the use of the Recovery and Resilience Facility (RRF) as the main funding tool for the REPowerEU chapters in EU countries’ recovery and resilience plans. These aim at ending EU dependence on Russian fossil fuels and investing in clean energy and infrastructure. The joint report insists that funding prioritise investment schemes for small businesses and micro-enterprises, and especially tackling energy poverty for vulnerable households, in light of the ongoing global energy market disruption. The vote will set Parliament’s position for negotiations with the Council.
Companies can also play their part in protecting the environment and human rights as well as ensuring social responsibility and diversity on company boards. The proposed corporate sustainability directive should amend and broaden the rules on sustainability reporting for companies, banks and insurance companies. On Wednesday afternoon, Members are expected to consider a joint text negotiated with the Council by Parliament’s Committee on Legal Affairs that aims to balance requirements for all companies (with at least 250 employees and a turnover of €40 million), to adhere to common standards in their impact on the environment, human rights, social standards and work ethics, with lighter reporting required of small and medium-sized enterprises (SMEs). Companies will need to publish reports on their sustainability policies, to be certified independently.
Foreign state financing of companies can provide unfair financial advantage over their EU competitors. Members are due to consider a provisional agreement on a proposed regulation to tackle such distortive foreign subsidies on Thursday. Aiming to ensure fair competition between all companies operating in the single market, the proposal suggests a threshold above which companies must notify the Commission about subsidies they receive from abroad, especially during mergers and acquisitions – seeking a balance between positive outcomes and market distortion. Parliament’s Committee on International Trade (INTA) has ensured that additional measures strengthen the notification thresholds, with other support taken into consideration, specific channels for informing the Commission and for verification, shorter deadlines, and transparency of assessment.
Under the Schengen agreement, citizens enjoy free movement between countries, without controls at internal borders. However, Croatia, along with Bulgaria, Cyprus and Romania – all part of the Schengen agreement – continue to be subject to internal border controls while awaiting the agreement of the other Member States to become full participants in Schengen. Croatia has now been assessed as meeting all the necessary conditions for full application of the Schengen rules, meaning an end to internal border controls with the country, a decision backed by Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE), in a report scheduled for consideration on Wednesday afternoon. Once the Parliament has adopted its opinion, it will be up to the Council to decide on Croatia’s status.
November I 2022 Plenary Session agenda
- Corporate sustainability reporting directive
- Full application of the Schengen acquis in Croatia
- A high common level of cybersecurity – NIS2
- Distortive foreign subsidies
- REPowerEU chapters in recovery and resilience plans
- Digital operational resilience act (DORA)
- Amending digital operational requirements in financial services legislation