POSITION | DIGITALISATION | DIGITAL SOVEREIGNTY
Strengthening Europe's digital sovereignty sustainably Promoting technologies, developing skills, building a holistic ecosystem in a targeted manner
25 June 2020
Executive summary 23 October 2017 The Corona crisis has illustrated that in critical infrastructures, in many fields of technology and in industrial production, it is important to keep domestic process running even if international supply chains are interrupted. This requires a very high degree of resilience, in-house expertise and independently developed technologies. For this reason, the concept of "digital sovereignty" has long been discussed in the political arena. This concept is gaining new ground in light of the learnings from the Corona pandemic. However, digital sovereignty is both an opportunity and a risk. It is an opportunity as it has the potential to make our own society, economy and politics in Europe more resilient. It can constitute a risk, as it can also lead to protectionism and autarchy. Based on long-term considerations, German industry is calling on German and European policymakers to strengthen Europe's resilience by promoting key technologies, as well as by building and expanding competencies. The aim must be to enable citizens, companies, states and the EU as a whole to act with greater digital sovereignty without encouraging protectionism and autarky. "Digital sovereignty" is defined as the ability of citizens, companies, states and communities of states to act in a digitally selfdetermined manner. This includes the ability to holistically define and implement one's own strategic goals. Europe's digital sovereignty can only be sustainably strengthened if the state, the economy and civil society work together. The following measures are necessary to achieve this: â–Ş
Promoting future-oriented technologies. The aim is to invest in clearly defined future technologies together with private-sector players. Simultaneously, regulatory conditions that promote innovation need to be developed.
â–Ş
Strengthening the necessary competencies. The aim is to consolidate the promotion of individual digital competences during school and higher education, as well as vocational training and life-long learning in order to strengthen individual digital sovereignty.
â–Ş
Establishing a holistic ecosystem. It is essential that European industrial, digital, innovation and security policy strategies are geared towards preserving or regaining Europe's digital sovereignty and thus sustainably strengthening the resilience of Europe as a business location in hardware, software and electronics.
Steven Heckler | Digitization and Innovation | T: +49 30 2028-1523 | s.heckler@bdi.eu | www.bdi.eu
Strengthening Europe's digital sovereignty in the long term
Table of contents Digital sovereignty: an industrial and security policy classification ............................................. 3 Digital sovereignty: A definition of the term from the perspective of German industry ............. 5 Layer model: the three layers of digital sovereignty ....................................................................... 6 Strengthening digital sovereignty sustainably: promoting technologies ..................................... 8 1.
Critical infrastructures – the backbone of society and economy ................................................... 9
2.
Protecting digital information and telecommunication infrastructures ......................................... 10
3.
Cloud infrastructures: Europe's answer to the cloud ................................................................... 11
4.
Cyber security - a prerequisite for trust and the basis for self-determination ............................. 12
5.
Trustworthy electronics ............................................................................................................... 13
6.
AI ................................................................................................................................................. 14
7.
Exploiting the potential of the platform economy in industry ....................................................... 15
8.
Blockchain ................................................................................................................................... 16
Strengthening digital sovereignty sustainably: Investing in peoples‘ skills .............................. 17 1. Promoting user skills: digitising education and establishing digital literacy as part of life-long learning ................................................................................................................................................ 18 2.
Meeting the demand for skilled workers ...................................................................................... 19
3.
Fostering evaluation competencies ............................................................................................. 20
Strengthen digital sovereignty sustainably: Establish a holistic ecosystem ............................. 21 1.
Creating a Holistic Digital Security Architecture for Europe ........................................................ 22
2.
Targeted intensification of research, innovation and development ............................................. 23
3.
Making targeted use of the European procurement market ........................................................ 24
4.
Intensify international standardisation of products and services in Europe ................................ 26
5.
For a data policy that is open to innovation and provides incentives for voluntary data exchange 27
6.
Aerospace: A German launch pad for a digitally sovereign Europe ........................................... 29
7.
Digitally sovereign in security and defence ................................................................................. 30
8.
Raw material supply 4.0 .............................................................................................................. 31
Imprint ................................................................................................................................................ 32
2
Strengthening Europe's digital sovereignty in the long term
Digital sovereignty: an industrial and security policy classification Germany as an industrial nation and the European Union as a whole have lost their own competencies in many technologies that are central to the digital transformation - especially in the B2C area, such as the development of powerful cloud services and successful social networks - or have not driven forward the development, implementation and dissemination of these technologies sustainably enough. At the same time, the Corona-pandemic has made it clear that in critical infrastructures, in many areas of technology and in industrial production, it is important to keep domestic process running even if international supply chains fail. This requires a very high degree of resilience, domestic competencies, expertise and skills, and independently developed technologies. Therefore, the concept of "digital sovereignty" has long been discussed in the political arena. From the perspective of German industry, the target concept of digital sovereignty is both an opportunity and a risk at the same time: an opportunity as it entails the potential for Europe to strengthen the resilience of its own society, economy and politics. It implies a risk because it can also lead to protectionism, misallocation of scarce (financial) resources and self-sufficiency. Based on long-term considerations, German industry is calling on the German federal government and the EU institutions to strengthen the resilience of Europe as a whole by promoting key technologies as well as building and expanding competencies. The aim must be to enable citizens living in the EU, the companies based in the EU, but also the EU as a whole, to act with greater digital sovereignty without slipping into protectionism and autarky. Since German industry is highly integrated into international value chains, it is a proponent of globalisation and a determined opponent of protectionism and the fragmentation of economic areas. Digital sovereignty, as will be shown below, must not be an end in itself. Rather, it must contribute to maintaining a lifestyle based on European values and standards, a resilient political and economic system, and long-term prosperity. The question therefore arises whether, and how, targeted political measures can reduce economic dependencies, achieve greater autonomy in the development of key technologies and strengthen general digital skills. As a very high degree of resilience can be useful and necessary, the high costs involved for solutions beyond the market can be justified. But it is not only in situations such as global health emergencies or natural disasters that unilateral dependencies on third countries can prove disadvantageous. Political blackmail is also probable – also in view of the current global economic differences and trade conflicts. In many cases, supply and value chains in particular are not resilient, especially from the perspective of technological sovereignty. Often they do not provide for redundancies in a structured manner, i.e. alternative solutions, e.g. in the event of a crisis or bottlenecks. Moreover, in recent years, entire regions of the world have been catching up technologically and economically. In Asia in particular, two countries, India and China, have developed very strongly in economic terms. This economic strength also goes hand in hand with a new self-image: In the 1990s and early 2000s, China was the “workbench” of Europe and the USA. Nowadays, Beijing is striving to significantly expand China's own technological competencies in ten key industries according to its industrial policy strategy “Made in China 2025”. China aims to reduce its dependency on foreign technology imports, establish its own global leadership role and, at the same time, increase the rest of the world's dependence on China. Through Chinese direct investment, partly combined with the complete acquisition of other companies, Chinese companies, many of which are state-controlled, also gain extensive access to European know-how in key technologies. While every company must have the right to sell company shares to foreign partners, it must be borne in mind that China is not only a partner, but also a systemic competitor.1
BDI. 2019 China: partner and systemic competitor: How Do We Deal with China’s State-Controlled Economy? URL: https://english.bdi.eu/media/publications/#/publication/news/china-partner-and-systemic-competitor/ 1
3
Strengthening Europe's digital sovereignty in the long term
Taking everything into account, in an era increasingly divided along three approaches - a Chinese, USAmerican and European – on the digital transformation, Europe must also consider the potential consequences of geopolitical dependencies. This makes it all the more important to think about strengthening digital sovereignty, not within national borders, but in the context of the European Single Market. Europe's industrial strength should be used specifically for this purpose. The European ICT and electronics industry, for example, can make an important contribution to this by providing key technologies, and thus solutions for the digitalisation of European industry. This is a basic prerequisite for a successful digital transformation of the economy and society. Nevertheless, under the heading of digital sovereignty, free competition and trade must not be unnecessarily restricted and/or the state must not attempt to use taxpayers' money to establish internationally uncompetitive national suppliers. This would promote protectionist approaches and thus increasingly call into question the system of free world trade. Linked to this is the danger of massive misallocations of resources, which are used to build up self-sufficiency in sub-sectors beyond the market. In dealing with the ambivalent goal of digital sovereignty, it is therefore important not to set it absolute, but to take up the opportunities it offers: This will happen, above all if the debate is used to further improve the resilience of the European economic system. To this end, in addition to promoting and developing technologies, a strong emphasis should also be placed on the development of digital competencies in Europe. Otherwise, it is likely that Europe will continue to lose its digital sovereignty in the future, as research and innovation are increasingly being carried out by clever minds out outside the EU. Consequently, in the long term, digital and technological competences and skills must be built up, starting in school, in order to preserve Europe’s strategic digital sovereignty. The German industry is calling on the current European Commission to develop a clear compass of objectives as to how Europe can increase its own resilience, promote technologies and skills and, embedded in a holistic ecosystem, strengthen digital sovereignty in the long term, without lapsing into protectionism and self-sufficiency, while maintaining its economy geared towards openness and exports. In order to achieve this goal, industrial, education, research, digital and security policy priorities must be closely interlinked and aligned with each other. The striving for strategic digital sovereignty must not be addressed for its own sake. Rather it should be understood as a core-component of a future-oriented European industrial policy. The development of a coherent European strategy seems to be the most promising approach. A project focusing solely on Germany will not be successful as it always would lack the necessary economies of scale.
4
Strengthening Europe's digital sovereignty in the long term
Digital sovereignty: A definition of the term from the perspective of German industry Based on the remarks above, digital sovereignty in the context of this paper, in line with the strategy paper “Rethinking Strategic Autonomy in the Digital Age” (EPSC. 2019.), should be defined briefly and concisely as follows: ▪
Digital sovereignty is the ability of [all citizens, every company,] a state or even a community of states to act digitally in a self-determined manner. This includes the ability to holistically define and implement one's own strategic goals.
Based on this definition, which already makes it clear that digital sovereignty can (or even must) also be thought of within the framework of supranational political units, German industry, based on the policy paper presented at the German Digital Gipfel in 2018, suggests the following more comprehensive definitional considerations of the concept of “digital sovereignty”: ▪
The complete “digital sovereignty of a state [...], an organisation [including companies] and every citizen necessarily includes full control [and processing] of stored and processed data and the independent decision as to who may access it. It also includes the ability to independently develop, [produce], modify, control and supplement technological components and systems with other components [as required].” (Digital Gipfel. 2018.)
From the perspective of German industry, the addition of “as required” is of integral importance. In order to strengthen Europe's resilience, it is necessary to expand its own competencies and technologies. By contrast, self-sufficiency from other regions of the world is not the scope. Hence, digital sovereignty as a target goal for industrial policy includes, on the one hand, the opportunity to define the areas in which a maximum degree of resilience is required, and the willingness to bear (very high) costs related to this. On the other hand, it raises the question for which infrastructure components, and in which key technologies, an increase in competence is required, firstly, to realistically assess possible dependencies from non-European suppliers and, secondly, to minimise these dependencies through “multi-sourcing” strategies and/or technical approaches. As will be shown below, however, digital sovereignty must by no means be understood exclusively in terms of states and organisations (such as companies). On the contrary, any project that aims to achieve European digital sovereignty must be initiated by the citizens of Europe.
5
Strengthening Europe's digital sovereignty in the long term
Layer model: the three layers of digital sovereignty From the above elaborated definitions, if follows that Europe's digital sovereignty does not only include a public/state dimension, but rather consists of an interplay of structural, organisational and individual dimensions. For example, it is important to note that corporate digital sovereignty is largely determined by the regulatory framework surrounding companies. German industry therefore suggests that Europe's digital sovereignty must be regained/solidified along three levels, which can be visualised in a level model as follows
1. A digitally sovereign Europe is only possible if every European can act digitally sovereign. In order to achieve this individual digital sovereignty, extensive digital education (including basic IT skills), with the aim of building comprehensive digital and user skills, is necessary. Likewise, a media competence comprising modern communication platforms is another basic requirement. The citizens of Europe are a decisive factor in the strengthening or regaining of digital sovereignty within the EU, as they not only make their own purchasing decisions in private, handle data, or use products and services of third parties. Rather, in their role as employees in companies or state institutions, they are also decisive for the implementation of the corresponding strategies in these institutions. They must therefore be an integral part of a holistic European strategy geared to digital sovereignty. They must be empowered to use technologies in a sovereign and confident manner, to handle their data responsibly and to make their own contribution to strengthening Europe's cyber-resilience. 2. Above the individual level of digital sovereignty, it is also necessary to strengthen the digital sovereignty of companies and other organisations - including state institutions such as ministries, as well as associations, clubs, etc. These must have the ability to develop products, services and infrastructures independently (development competence) and to be able to subsequently produce them, if required. They must also be able to evaluate third-party components and to integrate and use them securely in systems (user and evaluation competence). Organisational digital sovereignty cannot be achieved without a sufficient degree of digital and user competence, for example through a clear division of roles within the company and the availability of a sufficiently large number of specialists, or the availability of the necessary skills among all employees. A further key element is also a resilient risk management system, in order to reduce non-excludable risks in cooperation with partners as far as possible, e.g.
6
Strengthening Europe's digital sovereignty in the long term
through multi-sourcing strategies. In order for organisations to be able to operate in a digitally sovereign manner, a clear regulatory framework is required that guarantees investment and legal security. In addition, a strong research and innovation base and access to high-performance and secure critical infrastructures, such as digital networks, are essential. 3. The European Union as a community of states can, however, only act digitally sovereign as a whole, if it establishes a holistic framework for achieving and strengthening digital sovereignty, taking the two aforementioned levels sufficiently into account. This structural level of digital sovereignty comprises a regulatory framework consisting of a holistic industrial, digital and security policy strategy aimed at strengthening resilience, and thus digital sovereignty. In addition, political instruments such as government procurement and technology promotion (political steering) must also aim at strengthening the country's own business location and thus promote digital sovereignty. This should be embedded in a digital security architecture. In addition to these often level-specific elements of Europe's digital sovereignty, society as a whole must be open to new (digital) technologies. Only if we in Europe do not shut ourselves off from the use of new technologies, but rather help to shape them by establishing clear (social and ethical) rules based on European values and standards, will Europe remain competitive as a business location in the long term. In addition, Europe needs efficient and secure digital and analogue critical infrastructures - from electricity grids to water supply, from waste management to the provision of information and telecommunications infrastructures. Critical infrastructures form the backbone of our modern society. Their protection must therefore be a central component, and at the same time, a central objective. Critical infrastructures must be characterised by the fact that the availability, both of the infrastructure and of the services and data they provide, is guaranteed by a high degree of independence from third-party interests. The BDI calls on the EU Commission and the Federal Government to promote the resilience of the European and German economic system by means of a well-coordinated set of industrial, digital, security and innovation policy instruments. The aim must be to strengthen the digital sovereignty of citizens, companies and the state as a whole. The following pages, which focus on specific topics, each, based on a thorough analysis of the status quo and an outline for a target horizon, state clear policy recommendations.
7
Strengthening Europe's digital sovereignty in the long term
Strengthening digital sovereignty sustainably: promoting technologies With an industrial share of over 30 percent of GDP 2, Germany is a highly innovative3 and thus economically successful country. The combination of industrial strength and the opportunities offered by AI can give us a decisive advantage in international competition with AI pioneers such as China or the USA. In addition, when it comes to Industry 4.0, Germany is also one of the international pioneers. Nevertheless, it must be noted that in central technology areas, Germany has seen its competencies dwindle in recent years. These competencies are nowadays urgently needed, however, in order to be able to operate in a digitally sovereign manner: This applies both to the development and production of network infrastructure components for 5G networks and to smartphones for private and business customers, to name just two examples. At the same time, Germany and Europe have key strengths in the industrial digital economy, e.g. in hardware, electronics, software, mechanical engineering and edge solutions. These must be used to strengthen Europe's digital sovereignty. A holistic strategy is needed to strengthen Europe's digital sovereignty. In particular, a suitable framework must be provided by further developing the European internal market, public and private (economic) investment in physical and digital infrastructures, tax/pre-competitive research funding and innovation-friendly regulation. Only in this way can technologies to strengthen Europe’s digital sovereignty be developed in a targeted manner. From the perspective of German industry, the following eight thematic areas must be in particular considered with regard to maintaining, regaining and strengthening digital technological competence: 1) Critical infrastructures 2) Digital information and communication infrastructures 3) Cloud infrastructures 4) Cybersecurity 5) Trustworthy electronics 6) AI 7) Platform economy 8) Block chain
2
Statista. Anteile der Wirtschaftssektoren am Bruttoinlandsprodukt (BIP) in den wichtigsten Industrie- und Schwellenländern im Jahr 2018.. URL: https://de.statista.com/statistik/daten/studie/37088/umfrage/anteile-der-wirtschaftssektoren-am-bip-ausgewaehlter-laender/ 3 BDI. 2020. Innovationsindikator 2020 kompakt. Available online: https://bdi.eu/media/publikationen/#/publikation/news/innovationsindikator-2020/ 8
Strengthening Europe's digital sovereignty in the long term
1. Critical infrastructures – the backbone of society and economy Status Quo Critical infrastructures are the backbone of a functioning society and economy. They have correspondingly high security requirements and - in the interest of a national or European security architecture independence from third-party influence. Measures for the protection of critical infrastructures are already active - e.g. through the NIS Directive, the German regulation on critical infrastructures, foreign trade law, etc. Dangers to the independence of critical infrastructures exist through changes in the ownership of companies offering critical infrastructures, e.g. through foreign direct investment, but also through attacks on the availability of critical infrastructures. The increasing digitalisation of all Critical Infrastructures expands the potential points of attack into cyberspace. At the same time, it must be taken into account that digital sovereignty is impossible today, without a functioning supply of electricity, water and telecommunications services. Objective Critical infrastructures must be characterised by the fact that the availability of both the infrastructure and the services and data provided by it is guaranteed by a high degree of resilience to the interests of third parties. Close cooperation between government agencies and operators of critical infrastructures, such as in the UP-KRITIS in Germany, for example, can contribute to the rapid distribution of information on current threat situations in both analogue and digital form, exchange best practices and thus make a decisive contribution to a high degree of availability of the services provided by critical infrastructures. BDI’s policy recommendations ▪ In order to ensure a uniformly high level of protection for critical infrastructure throughout Europe, it is necessary to harmonise national methods for identifying critical infrastructures at European level. National regulation projects (e.g. current review of German IT Security Law (IT-SiG 2.0)) should therefore be closely embedded in the European regulations (NIS Directive and Cybersecurity Act). ▪
The BDI calls for the involvement of suppliers of components for critical infrastructures both in respective national, and European dialogue platforms. If IT-security is to be considered along the product life cycle and the entire supply chain, the suppliers of components for critical infrastructures must be included on an equal footing in the coordination processes for legal regulations, sectoral, as well as European and national standards.
▪
Ensuring the availability of critical IT infrastructures does not depend solely on the performance of the operators. Rather, the respective technological equipment suppliers are also moving into a security focus and must be taken into account in the respective critical infrastructuresectors from a regulatory perspective.
▪
Cyber-attacks on critical infrastructure have far-reaching implications for safety, security, public order, and the daily lives of all people and businesses. Therefore, knowledge about current threat patterns, which are generated, for example, from operators of critical infrastructures reporting incidents, should be collected at a European level and should be made available to European companies on a daily basis in an anonymised way.
In detail Please also note BDI’s thematic publication: ▪
BDI policy paper on the leaked draft of the IT Security Law 2.0 (available in German only: https://bdi.eu/media/publikationen/#/publikation/news/zweites-gesetz-zur-erhoehung-dersicherheit-informationstechnischer-systeme/)
9
Strengthening Europe's digital sovereignty in the long term
2. Protecting digital information and telecommunication infrastructures Status Quo Due to the ubiquitous digitalisation, also of other critical infrastructures, the operators of digital information and telecommunication infrastructures – which are also classified as critical infrastructures according to the NIS directive and the IT Security Law (IT-SiG) – are of particular importance. They must ensure that the infrastructure provided and the services offered by these infrastructures function independently of the interests of third parties. Therefore digital information and telecommunication infrastructures – in light of the discussion concerning the security of 5G networks – are considered separately at this point. Objective To enable digital sovereignty, communication networks must be available at all times, enable people, businesses and government to communicate confidentially and protect data from manipulation and theft. The basic prerequisite for reliable digital infrastructures is a trustworthy technology that ensures that data is not falsified or intercepted. This requires trustworthy electronics, hardware and software. It is therefore necessary that manufacturers of core components for critical infrastructures provide correspondingly security-certified solutions. In addition, a political assessment of the trustworthiness of operators of critical infrastructures and manufacturers of core components for critical infrastructures is required. BDI’s policy recommendations ▪ For its digital transformation, Europe is dependent on technical solutions from European and non-European companies. A systematic exclusion of non-European providers in the construction of digital infrastructures, user devices and services would therefore be neither technologically, economically nor temporally expedient. ▪
The same test criteria, rules and procedures must apply to all manufacturers throughout Europe. If there is a suspicion of espionage, manipulation, etc., the accusations must be examined based on technological, intelligence, economic and legal expertise. If a manufacturer is proven to have committed espionage or sabotage, clear sanctions are required, which can lead to the exclusion from markets.
▪
In order to strengthen the Digital Single Market and prevent unauthorised access to data, uniform security standards are needed across Europe to protect the integrity and confidentiality of data and the availability of networks and services. The EU Toolbox is an important first step in this direction. In particular, a security scheme for 5G network components should be developed promptly via the EU Cybersecurity Act, to set a Europe-wide applicable regulatory framework.
▪
The processing and storage of critical and sensitive data must meet special security requirements. In addition to trustworthy network infrastructures, secure electronics, software and hardware, as well as cloud and encryption technologies at the highest security level are essential. In a digitally sovereign Europe, there must be no IT-interfaces through which third parties can view, copy or change data without authorisation.
▪
What is needed is a technology strategy that enables Europe to break up existing lock-in systems through the targeted development of open interoperability standards (e.g. Open RAN).
In detail Please also note BDI’s thematic publication: ▪
BDI position "Data, service and network security in the area of 5G " (https://english.bdi.eu/publication/news/data-service-and-network-security-in-the-area-of-5g/
10
Strengthening Europe's digital sovereignty in the long term
3. Cloud infrastructures: Europe's answer to the cloud Status Quo In the era of digitalisation, reliable, high-performance, data protection-compliant and at the same time secure architectures for storing and processing data are of integral importance. In the industrial sector, these include both edge and cloud solutions. Companies generally use external cloud providers for their data management. At the same time, the demands concerning the performance of these providers are increasing, as are concerns related to foreign security authorities accessing these systems. Therefore, the strengthening of European cloud competencies has gained enormously in importance. The market power of some US and Chinese cloud providers results less from their ability to store large amounts of data (data storage), since European providers can offer these services competitively as well. Rather, it is the combined offer of data storage in conjunction with data processing and data evaluation using AI (data analytics). These applications, which are carried out almost in real time, enable innovations necessary for industrial companies: The management and control of processes and roboters, supply chain management, digital B2B platforms and other new business models. Due to the demand for highly efficient cloud solutions, there is a growing dependency on foreign providers who offer mature and highly professional services and are thus currently gaining market acceptance. At the same time, some non-European providers are subject to regulations in their home countries that are not congruent with European standards and values. Objective The strengthening of European cloud competences – e.g. via the GAIA-X project initiated by the German Federal Government and actors from business and science – is an integral pillar of European digital sovereignty. In addition to a European platform for cloud solutions based on European standards (technical approach), an international political solution to the issue of access by security authorities from third countries to digital content stored in the cloud, is also needed in the near future in order to resolve the conflict between the access interests of authorities in the home country and data protection regulations in the respective target country (political approach). In this sense, the BDI supports the efforts of the EU to reach a respective agreement with the United States and other third countries. BDI’s policy recommendations ▪ The EU needs its own open platform for cloud solutions that adequately meets EU requirements for data security and privacy. A European model must be market-based, efficient and flexible. The platform must also be based on a general legal framework and private sector funding. ▪
The existing demand in Europe – both of numerous user industries and the public sector – should be strategically used so that European solutions can scale faster.
▪
At the same time, it is important to establish a broad ecosystem for cloud solutions in Europe by creating suitable framework conditions, e.g. by promoting digital literacy.
▪
In order to ensure that the European approach will scale internationally, it should also be possible in future for non-European cloud providers to offer their services via the European platform, while preserving the technologies and regulations defined above.
In detail Please also note BDI’s thematic publication: ▪
BDI policy paper "Europas Antwort auf die Cloud-Frage" (EN: Europe's answer to the cloud question, available in German only: https://bdi.eu/media/publikationen/#/publikation/news/europas-antwort-auf-die-cloud-frage/
11
Strengthening Europe's digital sovereignty in the long term
4. Cyber security - a prerequisite for trust and the basis for self-determination Status Quo Especially for critical infrastructures, far-reaching European and national legal security standards to ensure an adequate level of cyber security already exist today. At the same time, current estimates assume that the worldwide number of networked objects will probably increase to 125 billion by 2030. Therefore, a European cyber security framework is needed which, beyond critical infrastructures, strengthens the integrity of data, services and systems in the long term. Currently, however, each EU member state is adopting its own uncoordinated approach to strengthen its country’s cyber-resilience. The resulting fragmentation of legal requirements for cyber security and while Europe at the same time experiences a growing need to strengthen the cyber-resilience of products, processes, services and systems is the wrong approach. This development has the potential to become a massive obstacle for a European Digital Single Market. Objective The topic of cyber security must not be reduced to IT security components alone, but must be understood as a holistic process consisting of prevention of, detection of and reaction to cyber incidents. German industry is already investing in the cyber security of products, processes, people and services. At the same time, one hundred percent cyber security cannot be achieved, let alone guaranteed. In particular, joint efforts are needed to maintain cyber security throughout a product’s life cycle. For this reason, the cyber security competencies available in Europe must be strengthened in the long term. This requires a European regulatory framework in which generally applicable cyber security standards are set and clear responsibilities are defined along the entire supply chain. BDI’s policy recommendations ▪ Coherent regulatory requirements, following a risk-based approach, for all market participants are key to maintaining the competitiveness of European industry internationally. Premature national additions and extensions to legal requirements concerning cyber-resilience must be avoided. Instead, Europe-wide harmonised coherent legal requirements, which take into account that products, processes, services and systems are covered by more than one regulation, are necessary. ▪
In order to be able to use innovative solutions, cyber security regulations must always be designed in a way that is open to new technologies and demands state-of-the-art technology. This also requires conformity assessment procedures that allow fast and cost-efficient market access and effective measures for maintaining cyber-resilience in operation.
▪
Maintaining cyber security goes beyond technical security. When further developing regulatory framework conditions, in addition to technical measures, the responsibilities of all parties involved in operations of connected devices must also be defined to strengthen Europe’s digital sovereignty.
▪
It is necessary to detect weaknesses and to report them to the manufacturers so that they can be remedied quickly. Government agencies must also undertake not to withhold knowledge of weak points. The Responsible Disclosure Principle should always be observed. Only in this way, can cyber-resilience be strengthened.
In detail Please also note BDI’s thematic publication: ▪
Position "Consistent Cyber Regulation for Europe: German industry’s 5 demands" (https://english.bdi.eu/publication/news/consistent-cyber-regulation-for-europe/)
12
Strengthening Europe's digital sovereignty in the long term
5. Trustworthy electronics Status Quo Electronics – comprising micro- and nanoelectronics – is the core of every digital system and is therefore the most important "key technology of digitalisation". Consequently, the sufficient availability and mastery of electronics is the most important building block for attaining digital sovereignty. At the same time, electronics must be secure and trustworthy. Otherwise, all other efforts, e.g. in the field of infrastructures, cyber security, artificial intelligence or space travel, would be in vain, because non-trustworthy electronic systems could provide gateways for unwanted manipulation or surveillance. But even such important pillars of our economy as Industry 4.0 and automated or autonomous mobility are unthinkable without reliable electronics. But Europe no longer develops and produces many digital technologies itself. IT-hardware such as servers, PCs, laptops and consumer electronics have long been imported, mainly from Asia and the USA. The situation is somewhat better for communication technologies, which is a major advantage for the establishment of secure and trustworthy 5G networks. This poses opportunities for Europe to make digitally sovereign 5G decisions. Europe has its own competences and several alternatives on the provider side, inside and outside Europe. It can make sovereign decisions on the technical and regulatory requirements for 5G network security and trustworthiness – and drive implementation accordingly. Objective In addition to weaknesses in the production of electronic systems in some domains, Europe also has strengths that can make a significant contribution in the future to strengthening German and European industry, including aerospace, and providing reliable digital infrastructures. These competencies in the fields of power electronics, sensor technology, embedded and edge computing, as well as security chips and embedded security, must be maintained and expanded. Almost all manufacturers of electronics are intensively involved in global value chains. Therefore, compartmentalisation of Europe from other regions is not an option. However, it is essential to have knowhow in as many sub-areas of microelectronics as possible along the entire value chain in order not to become completely dependent on third parties. BDI’s policy recommendations ▪ In order to make electronics safe and trustworthy, micro- and nanoelectronics, as the technological basis of all such electronics, must create the necessary conditions. It is essential to promote these competences in a targeted and long-term manner. ▪
Electronic components and systems need to be tested for security and trustworthiness, especially when they are relevant to the functioning of critical infrastructures.
▪
Reliable framework conditions for competitive micro- and nanoelectronic component manufacturing in Europe must be created and maintained.
In detail Please also note the following thematic publication: ▪
"Vertrauenswürdige Elektronik – Made for Europe, made for the World.” (available in German only, EN: Trusted Electronics Made for Europe, Made for the World.) Impulse paper for the flagship initiative of the Digital Strategy of the Federal Ministry of Education and Research. (https://www.elektronikforschung.de/dateien/bekanntmachungen/impulspapier_vertrauenswuerdige_elektronik.pdf)
13
Strengthening Europe's digital sovereignty in the long term
6. AI Status Quo Compared to humans, AI systems can analyse larger amounts of data in less time and with better results. The potential fields of application are manifold. AI helps to optimise business and production processes, develop new business models or add intelligent functions to machines through embedded AI solutions. Despite some AI pioneers and the high potential, AI applications are not yet widely used by the majority of European companies. The lack of know-how or skilled personnel is often the biggest obstacle to the implementation of AI solutions. Objective The combination of industrial strength and the opportunities offered by AI can give Europe and the companies based here a decisive advantage in international competition with AI pioneers such as China or the USA. With their AI strategies, the German government and the EU Commission have laid important foundations on the way to a functioning AI ecosystem. The strategies must be consistently pursued and given the right priorities. By 2035, this could trigger additional annual growth in gross value added of up to two percent – in the manufacturing sector, even 2.3 percent.4 BDI’s policy recommendations ▪ The focus of AI funding should be on fields of application close to industry. Combining our industrial strength with the opportunities offered by AI can give Germany and Europe a decisive advantage in international competition with AI pioneers such as China, the USA or Israel. The Federal Government and the EU Commission should provide targeted support for the development and expansion of competences in AI areas of strategic importance for industry, such as robotics, low-data AI or hybrid AI. ▪
European companies can only achieve a leading role in AI if there is a mutual exchange with an efficient AI research landscape. Therefore, the EU Commission should develop a research roadmap in close coordination with the member states. In addition, Europe must increase its attractiveness for top international scientists.
▪
A debate on ethical and legal challenges of AI is necessary. But it must not lead to horizontal AI-regulation. AI applications raise very different legal issues depending on the context in which they are applied and the specific technology used, which can hardly be generalised and addressed by horizontal regulation. The legislator should counteract concrete undesirable developments by making selective adjustments to the existing legal framework.
▪
In order to sustainably strengthen trust in AI-based systems and applications, uniform security requirements for AI systems and their components along the entire supply chain and life cycle are needed throughout Europe. Following a risk-based approach, the cyber security of AIbased systems can become an important component of “AI Made in Europe”.
In detail Please also note BDI’s thematic publication: ▪
BDI policy paper “Künstliche Intelligence” (EN: Artificial Intelligence, available in German only: https://bdi.eu/media/publikationen/#/publikation/news/kuenstliche-intelligenz/)
4
Cf. iit. 2018. Potenziale der Künstlichen Intelligenz im Produzierenden Gewerbe in Deutschland. Study commissioned by the BMWi. 14
Strengthening Europe's digital sovereignty in the long term
7. Exploiting the potential of the platform economy in industry Status Quo Digital platforms are at the core of the digital economy. This means that the development and operation of digital platforms in Europe is of paramount importance for achieving digital sovereignty in the longterm. Over the last two decades, numerous marketplaces, social networks and booking portals of US and Chinese providers have gained market power, especially in the B2C sector. In recent years, German and European companies have increasingly been developing their own platforms. In particular, numerous companies in German industry and industry-related services offer their own platforms, some of which are highly sector-specific. Digital B2B platforms are used in a variety of application scenarios ranging from marketplaces for companies, to applications for logistics and supply chain management, to the control of networkable objects such as machines and plants in the Internet of Things. By the end of 2018, 6.8 percent of the value added in industry and industry-related services sector was already substantially dependent on the use of platforms.5 Objective In contrast to the previously established platform-based ecosystems, which centred around a strong market player and bound large values and value-added potentials, the opportunity of a digitally sovereign Europe lies in the creation of digital ecosystems based on coopetition. This would enable new value-added potentials and giving rise to economies of scale. Ultimately, this would help to reduce the economic gap to other innovation regions. Beyond the creation of new platform-based ecosystems, the flexible networking of different actors to form agile value-added networks is one of the central components of digital business processes. This requires the interoperability of all actors. BDI’s policy recommendations ▪ For innovative digital business models to emerge in Europe, the impact of any regulatory measures on companies of all sizes needs to be evaluated in advance. It is important that European digital B2B platforms are not weakened by regulations that are primarily designed to regulate B2C platforms. This is because it is becoming apparent that industrial B2B platforms do not achieve the same network effects and therefore do not tend to form oligopolies or monopolies to the same extent as B2C platforms. These differences must be taken into account when regulating platforms. ▪
Cooperation efforts, including joint ventures and mergers across the EU, must be supported by a reorientation of competition policy and provided with greater legal certainty.
▪
Concentration tendencies in digital platform markets require faster procedures in abuse control, market entry barriers, innovations and conglomerate effects. These should be given more attention, in order to better reflect the market realities of digital business models.
In detail Please also note BDI’s thematic publication: ▪
BDI publication “German digital B2B platforms” (https://english.bdi.eu/publication/news/german-digital-b2b-platforms/)
vbw. 2019. Plattformen – Infrastruktur der Digitalisierung. URL: https://www.vbw-bayern.de/Redaktion/Frei-zugaengliche-Medien/Abteilungen-GS/Wirtschaftspolitik/2019/Downloads/Plattformen-Infrastruktur-der-Digitalisierung_final.pdf 5
15
Strengthening Europe's digital sovereignty in the long term
8. Blockchain Status Quo Blockchain, also known as Distributed Ledger Technology (DLT), is a decentralised data register in which individual data blocks record several transactions. It is a secure logbook in the form of a digital account statement for all transactions between computers. Every change or transaction is recorded chronologically and transparently and stored on many computers and linked together – hence the name “blockchain”. Each block contains a checksum of the previous block. The crypto currency Bitcoin is probably the best-known use case of blockchain technology to this day. However, blockchain-based technology is also increasingly finding its way into other industrial fields of application - for example in logistics. Objective The potential and challenges of the blockchain cannot be fully assessed at present. This is another reason why strategic and political support is needed, especially in the early stages of the technology, to ensure that the right political framework conditions are in place. While the German government published its blockchain strategy in 2019, a holistic European strategy is missing. The aim should be to strengthen the competitiveness and innovative capacity of the European economy and to secure technological sovereignty in this area. In addition, it is also important to identify and address industrial and social opportunities and the challenges of blockchain technology at an early stage. To ensure that potential application scenarios can be successfully tested in Europe and used later, the blockchain technology must be promoted through living labs and targeted pilot projects. BDI’s policy recommendations ▪ The promotion and establishment of blockchain technology must addressed holistically and strategically on a European scale. Existing European initiatives, e.g. the European Blockchain Services Infrastructure (EBSI), could function as a launch pad. ▪
Germany and Europe need a legally secure framework for blockchain applications. The role of data protection mechanisms, such as the GDPR and their impact on blockchains must be clearly analysed.
▪
Future regulation must be technologically neutral. A technology-neutral call for tenders promotes supply and technological innovation around blockchain technology. This applies both to blockchain and other technologies. The state should only specify the requirements and objectives; the technology should come from the companies.
▪
Innovations and new technologies in the blockchain should be supported by living labs, and targeted public sector pilot projects. In addition, governments and civil service should identify their own application scenarios for the blockchain technology, e.g. in the area of secure proof of origin for certain goods. This could preferably take the form of pilot projects.
▪
A suitable ecosystem should be created for Blockchain. Not only start-ups and companies operate and use blockchain, but also universities and non-university research institutions. In the sense of creating an ecosystem, a cross-sectoral approach should be pursued.
In detail Please also note BDI’s thematic publication: BDI position "Industrielle Potenziale der Blockchain nutzen” (EN: Exploiting the industrial potential of block chaining, available in German only: https://bdi.eu/media/publikationen/#/publikation/news/industrielle-potenziale-der-blockchain-nutzen/)
16
Strengthening Europe's digital sovereignty in the long term
Strengthening digital sovereignty sustainably: Investing in peoples‘ skills However, the targeted promotion of key technologies will not be sufficient to strengthen digital sovereignty in the long-term. Consequently, in addition to the targeted strengthening of individual technologies, the holistic promotion and further development of the entire (digital) ecosystem is required. In other words, a network of interacting factors (including infrastructures, companies with their products and services, and especially citizens) that enables a holistic digital transformation. The promotion of individual competencies in the course of school and university education, as well as training and further education are the basis for strengthening individual digital sovereignty. European citizens must be empowered to use new digital technologies in a self-determined way, to protect their own data consistently and to be able to assess the “digital quality� of products and services when making purchasing decisions. In addition, public and private (economic) institutions must invest in their competency to evaluate data, technologies and infrastructures. On the following pages, the BDI will analyse a selection of three skills in which targeted investment should be made in order to strengthen Europe's digital sovereignty in the long term: 1) User competence 2) Vocational training 3) Evaluation competency
17
Strengthening Europe's digital sovereignty in the long term
1. Promoting user skills: digitising education and establishing digital literacy as part of lifelong learning Status Quo The D21 Digital Index 2019-2020 clearly illustrates: two thirds of Germans can transfer files from one device to another, just over half can use office applications and only slightly more than one in three can set up a home network. The situation looks even worse for programming languages: Only 15 percent of those surveyed say they are proficient in a programming language such as Java or C++. The digital user competence of Germans therefore leaves room for improvement. In addition, the majority of Germans have no idea concerning the meaning of technical terms from the digital world. According to the D21 Digital Index, 18 percent of Germans are still considered to be digitally offside. 6 The reason for this is the lack of structured teaching of digital skills. Objective To participate in the digital transformation, a sound knowledge of common IT applications and the secure handling of digital applications and devices are a basic requirement. In order to sustainably strengthen Germany’s digital sovereignty, sovereign and digitally competent users are required. From school education to vocational and university education and life-long learning, at least applicationrelated digital skills must be strengthened across the board in future. Otherwise, the goal of regaining the digital sovereignty of Germany and Europe will be doomed to failure. BDI’s policy recommendations ▪ In the context of school education, digital literacy should be taught from the first grade onwards. In addition to the experienced handling of common devices, operating systems and applications, this includes in particular the basics of IT security and the responsible and secure handling of data, also with regard to social media. Thus, even primary school pupils should experience an IT education that teaches them data and system security. ▪
Digitalisation must finally be introduced in all schools nationwide. In addition to investments in the necessary infrastructure (WLAN, hardware and software), long-term funding is also required to ensure that technology, once acquired, can be regularly maintained and updated. Teachers will only be able to adapt their teaching concepts, if the digital infrastructure provided functions immediately and continuously without problems. To this end, teachers must be provided with continuous further training.
▪
It is also necessary to digitise learning content and to integrate digital teaching in all subjects. In addition, the digital transformation should be used to promote individual support in a targeted manner, so that all pupils can acquire knowledge and competences in accordance with their abilities.
▪
Considerable financial resources for digitalisation have already been allocated to schools. It needs to be clarified why the funds have so far hardly been called up in the Länder (States) and municipalities.
▪
Digital content, e.g. concerning the safe usage of digital technologies (hardware and software), must be more firmly anchored in vocational education and training, universities and lifelong learning. In consultation with the economic and social partners, the corresponding content has already been developed and introduced into the federal government's initial and continuing training regulations.
6
Initiative D21. 2020. D21 DIGITAL INDEX 2019-2020: jährliches Lagebild zur digitalen Gesellschaft. Available online: https://initiatived21.de/app/uploads/2020/02/d21_index2019_2020.pdf 18
Strengthening Europe's digital sovereignty in the long term
2. Meeting the demand for skilled workers Status Quo In Germany alone, some 124,000 information technology positions could not be filled in 2019.7 In addition, many employees do not possess the necessary digital qualifications.8 However, the availability of highly educated specialists is a central prerequisite for Europe's ability to innovate and to remain competitive. The shortage of skilled workers, which already existed before the Corona pandemic, will, after a (short) phase of economic downturn, become an increasing problem for Germany as a business location and for maintaining digital sovereignty. Without skilled workers, existing systems and infrastructures cannot be protected against risks. In addition, new technologies, products and services cannot be developed and solutions from third countries cannot be adequately evaluated. Strengthening or regaining digital sovereignty is only possible with skilled workers. Objective The global success of German and European industry depends to a large extent on the excellent qualifications of its employees. To meet the demands of a changing world of work, employees must increasingly possess (new) digital (e.g. data literacy, digital ethics) and non-digital key qualifications (e.g. adaptability, entrepreneurial thinking). According to a study by the Stifterverband, at least one quarter of all employees in Germany alone must receive further training in these skills by 2023 in order to meet current skill requirements.9 In addition, dual training in technical jobs needs to be strengthened and higher education in technical and scientific courses of study should be intensified. At the same time, educational content must continue to be continuously adapted to the needs of digitalisation. BDI’s policy recommendations ▪ Investments in, and modernisation of vocational schools and universities are needed, in order for Europe to remain attractive for the brightest minds as a location for education. Up-to-date technical equipment (including excellent Internet connection) and the pedagogical and didactic skills of the teaching staff are a basic prerequisite for adequately imparting digital knowledge and digital skills. At the same time, working conditions at universities and in research in general must be improved in such a way that the best scientists and scholars remain in Europe. ▪
In light of the increasing relevance of data in all industrial sectors, basic knowledge of data protection and security must be integrated in all vocational and higher education courses. Only in this way, can the security and integrity of systems and data be strengthened and the protection of data be maintained.
▪
Industry 4.0 also means the systematic collection, analysis and use of the data generated within the company. Handling this “big data” will become an increasingly important qualification. Specialists with mathematical and statistical expertise, with skills in modelling and simulation, as well as methodological skills in data analysis and processing will be in demand. In addition to strengthening mathematical-technical education from primary school onwards, it is important to adapt the content of corresponding vocational and higher education courses and make them more attractive.
7
Bitkom. 2019. Erstmals mehr als 100.000 unbesetzte Stellen für IT-Experten. 28. November. URL: https://www.bitkom.org/Presse/Presseinformation/Erstmals-mehr-als-100000-unbesetzte-Stellen-fuer-IT-Experten 8 Stifterverband/McKinsey. 2018. Future Skills: Welche Kompetenzen in Deutschland fehlen. URL: https://www.stifterverband.org/medien/future-skills-welche-kompetenzen-in-deutschland-fehlen 9 Ibid. 19
Strengthening Europe's digital sovereignty in the long term
3. Fostering evaluation competencies Status Quo In addition to the ability to use digital technologies (products, services and infrastructures), a comprehensive ability to analyse and evaluate the technologies on offer according to the risk associated with the intended area of use, is required, before a decision is made to buy and use them. While today's consumers are often unable to make such an assessment because they regularly do not have important information (e.g. the duration during which a producer provides updates after the purchase) when purchasing technologies, other factors (especially price) often dominate the decision to choose technologies and products in organisations and in public procurement. Objective Only the analysis and evaluation competence of the users enables a sovereign handling of information technologies. For example, users must be able to understand technological interrelationships such as the interaction of hardware, electronics and software, understand techno-economic relationships (including platform ecosystem logics), assess the security and trustworthiness of products and applications and, depending on requirements, be able to choose from several trustworthy technology and action options. At the same time, this requires an extended system competence of the providers. Security components should be easy to use and ideally applicable or exchangeable ("easy to use - easy to replace") via standardised interfaces. The individual protection levels, for example for critical infrastructures, industrial goods or the private use of IT systems, must be taken into account. BDI’s policy recommendations ▪ Awareness raising and training of companies on how to select secure and trustworthy solutions and technologies is a crucial factor in ensuring IT security, data protection, data sovereignty and cyber-resilience in regulated and unregulated economic sectors. ▪
The promotion of recruitment or further training to become an IT security officer in companies, to identify and implement appropriate security measures, is necessary to ensure the secure operation of applications critical for the smooth operation of business processes.
▪
Government agencies also need trained personnel who can evaluate the safety and trustworthiness of products and services and make recommendations based on these evaluations.
▪
An IT security label that is valid throughout Europe, uniform throughout the EU, adopted for many products, easy to understand and implemented with efficient market supervision could contribute to strengthening Europe's cyber-resilience and thus its digital sovereignty. Such a label would enable consumers to compare not only the price of a technology, but also its digital security features when buying.
In detail Please also note BDI’s thematic publication: ▪
BDI policy paper “IT-Sicherheitskennzeichen” (available in German only, EN: IT Security Label) (https://bdi.eu/media/publikationen/#/publikation/news/it-sicherheitskennzeichen/)
20
Strengthening Europe's digital sovereignty in the long term
Strengthen digital sovereignty sustainably: Establish a holistic ecosystem The Europe of 27 member states must make maximum use of its own economic, technological and geopolitical position to strengthen its digital sovereignty in the long term. If the GDPR has shown one thing, than that the EU can only fully exploit its own potential globally if it uses the Single Market of the 27 states, with its approximately 450 million consumers and its industrial strength in numerous fields of technology, as one entity. In the meantime, states and regions from India to California are adapting the European approach to the protection of personal data. It is important to note, however, that it is not the German Federal Data Protection Act that has experienced international proliferation, but the European General Data Protection Regulation. This illustrates that even the largest of the 27 member states is too small to bring about an international diffusion of its standards and values. Rather, the collective political and economic weight of the European Union is required. This know-how must therefore also be used to strengthen digital sovereignty. On the following pages, the BDI analyses a selection of eight European potentials which should be used in a targeted manner in order to strengthen Europe's digital sovereignty in the long term: 1) Digital security architecture 2) Research and development 3) European Procurement Market 4) Standardisation 5) Data policy open to innovation 6) Aerospace 7) Security and defence 8) Raw materials
21
Strengthening Europe's digital sovereignty in the long term
1. Creating a Holistic Digital Security Architecture for Europe Status Quo Disruptive technologies and digital innovations are bringing about a paradigm shift that is affecting all areas of society and the state. Today, digital infrastructures and digital applications are closely interlinked. They are also subject to constant change due to constant extensions of functionalities as well as updates and patches necessary for their security and performance. Objective A holistic digital security architecture must therefore address the following dimensions: Endpoint security, cloud security, network and ICT security, application security, identity security and data security. This requires the interaction of all players and institutions as well as all related framework conditions that are linked to the challenges of digitalisation. What is needed is nothing less than a digital security architecture that provides the basis for strengthening Europe's digital sovereignty. A holistic digital security architecture for the digital world must rest on several pillars: Firstly, it must create a suitable legal and normative framework; secondly, it must integrate the institutions involved; and thirdly, it must develop technological competencies in order to create and maintain sustainable security in the infrastructures. The basis and foundation of a digital security architecture must be knowhow: This includes the training of specialists (see above), media competence and close interaction between industry and science.
Methodological frame-
work Framework
Institutional framework
Framework
Legal framework
BDI’s policy recommendations ▪ To achieve a holistic digital security architecture, European legal requirements and national regulations have to go hand-in-hand. In order to meet the challenges of digitalisation, the legislator must ensure coherent European regulation and a regulatory framework adapted to the digital age. The aim must be to ensure that digital infrastructures, products and services can be operated securely and reliably and that legal security requirements Digital are interlinked. Security Architecture ▪ A digital security architecture also requires a stable institutional framework. This necessitates a balanced interplay between political institutions and all players involved in the protection of digital infrastructures. In addition, individual policy areas must be more closely interlinked than in the past. Know-how ▪ Last but not least, we need new technical and methodological skills in order to be able to assess and monitor the security of digital infrastructures, products and services.
22
Strengthening Europe's digital sovereignty in the long term
2. Targeted intensification of research, innovation and development Status Quo Twenty percent of all global investment in research and development is carried out in Europe. Europe accounts for one third of all excellent scientific publications worldwide. Despite this positive starting position, Europe is in danger of falling further and further behind in various areas of R&D. The 3 percent target for investment in research and development (R&D), measured as a percentage of GDP, will not be achieved in relation to the EU as a whole. Although private corporate investment in R&D has risen steadily in the EU, it is clearly too slow. Today, only 1.3 percent of EU GDP is invested in R&D as private investment in Europe, 1.6 percent in China, 2.0 percent in the USA and as much as 3.3 percent in South Korea.10 R&D is an elementary lever for increasing Europe's economic strength and competitiveness. R&D contributes to increasing the market shares of companies and to creating new, highskilled jobs. Research and development make a significant contribution to the creation of new markets and business models that help to maintain and expand digital sovereignty, and thus Europe's longterm prosperity. Objective Research and innovation are key factors for economic growth, prosperity and jobs. They are the key to Europe's sustainability. In order to secure the EU's competitiveness and digital sovereignty in the long term, the innovation ecosystem must be improved and innovative solutions from research must be brought to the market. BDI’s policy recommendations ▪ Developing technologies openly: Sovereignty requires research, development and innovation open to all types of technology. This means that there must be no state pre-determination of certain technologies. Digital sovereignty presupposes research, development and innovations in value creation that are open to all types of technology. ▪
An ambitious European R&D budget with a strong funding of R&D projects with European added value is essential.
▪
There is a need to promote European digital visions that are translated into concrete research, development and innovation missions. The aim is to realise new marketable products and processes that benefit society and ensure Europe's leading international position in digital technology. It is necessary to promote digital, European “missions” aimed at creating technological innovations that, as funding instruments and systems, are as successful and effective as, for example, the US DARPA.
▪
European R&D projects should specifically promote projects by European players in order to ensure European digital sovereignty in the future and to advance research into key technologies in Europe.
In detail Please also note BDI’s thematic publications:
10
▪
BDI policy paper “Forschung und Innovation in Europa: Kernforderungen für die EU-Legislaturperiode 2019-2024” (EN: Research and Innovation in Europe: Key challenges for the EU legislative period 2019-2024, available in German only: https://bdi.eu/media/publikationen/#/publikation/news/forschung-und-innovation-in-europa/)
▪
“Innovationsindikator 2020 kompakt” (EN: Innovation indicator 2020, available in German only: https://bdi.eu/publikation/news/innovationsindikator-2020/)
EU Commission: "Science, Research and Innovation Performance of the EU 2018", p. 10. 23
Strengthening Europe's digital sovereignty in the long term
3.
Making targeted use of the European procurement market
Status Quo Public procurement in Europe is like a patchwork: every member state, region and local authority in every EU member state awards contracts for IT goods and services, such as office hardware and software, cloud solutions and a wide range of other IT services. The specifications for these IT goods and services often vary from client to client. In addition, the provisions of public procurement law, for example with regard to the consideration of so-called "strategic" or social aspects, can also vary considerably within a member state. As a result, despite the enormous overall volume of public procurement, the public sector has so far hardly set any uniform standards that could help to ensure that data is processed and stored in a manner appropriate to EU standards and values, or that digital sovereignty is achieved. In view of the widespread lack of coordination or orientation of public purchasers towards common standards, European companies are often unable to adapt their electronics, hardware and software solutions to such a fragmented demand in a targeted manner, as the expected quantities of units purchased per customer are usually so small that individual solutions are not economically viable. On the one hand, the consequence is that the public sector often purchases solutions which, from their point of view or from the EU point of view, do not meet the desired standards of data management and processing. On the other hand, potential bidders who would be willing to develop such solutions have, in light of the current market fragmentation, and these very small contract volumes, hardly any chance of developing such special solutions in an economically successful manner. Objective The European market for hardware and software IT components, IT services and cyber security is a strategically important economic sector. The public sector therefore has a special role to play in procurement. This does not mean that the public sector should dictate specific, fixed solutions, as this could harm the necessary development of further innovations. However, given the leverage effect of public procurement, it is possible that minimum standards could be applied or, if necessary, developed according to the requirements in public procurement in the future. Once established, these standards could help the EU to achieve digital sovereignty, especially if applied in all European public tenders. These standards should be designed in a way that is open to technology and should be developed in consultation with all stakeholders from the public and private sectors. EU public authorities should also bear in mind that it is very important for the business of European companies to win contracts in the EU through proper public procurement competition. Experience has shown that government contracts won in their own country or in the EU are of particular importance for companies as reference projects in order to be able to generate further contracts or a critical market volume, as government procurement decisions are often seen as a kind of “seal of confidence� The selection process for IT procurement should not only take into account the superficial performance characteristics, but also the quality of the product or service over its entire life cycle. For example, the aspect of the consistent quality of an IT security product or service over the entire life cycle should be given greater consideration than before.
24
Strengthening Europe's digital sovereignty in the long term
BDI’s policy recommendations ▪ The extraordinarily large volume of public procurement in the EU should be used to achieve minimum standards in order to realise data storage and processing or digital sovereignty according to the European legal and value system. This cannot be achieved by any one client alone. This requires the cooperation and coordination of public clients in the EU across all levels. For this purpose, minimum standards which help to realise digital sovereignty in the EU could be developed at EU level in cooperation with all public and economic stakeholders and with the participation of experts from the IT and public procurement sector. Such an EU-wide catalogue of criteria should be substantiated with technical specifications based on European standards from CEN, CENELEC and ETSI. ▪
Against the background of decreasing numbers of bidders for public contracts or in the interest of increasing the acceptance of public procurement, it is essential that the already often complex award procedures are not further complicated by unnecessary deviations from the specifications of state, regional and local contracting authorities. In Germany, this is particularly true in view of the completely unnecessary proliferation of public procurement laws in many federal states. These are neither required by European law nor by German law. They lead to considerable additional bureaucratic effort and a wide range of legal uncertainties. They should therefore be abolished, or at least concentrated in uniform state law for those states that wish to have a state regulation.
▪
In the interest of obtaining the best possible, innovative offers, it remains essential that public procurement takes place in a fair and competitive procedure. In this respect, it remains indispensable that the EU regulations on public procurement are strictly adhered to, and that violations of EU law or implemented national law can be consistently prosecuted with the help of effective legal protection for public procurement and, if necessary, also by means of EU infringement proceedings. A procedure for the Europe-wide exchange of infringements of public contractors could also increase fairness in European competition.
In detail Please also note BDI’s thematic publications: ▪
"Wettbewerbs- und Vergabepolitik – Position – Wahl 17: Handlungsempfehlungen der Deutschen Industrie für die 19. Wahlperiode des Deutschen Bundestages" (EN: Competition and Public Procurement Policy - Position - Election 17: Recommendations for Action by German Industry for the 19th Term of the German Bundestag)
25
Strengthening Europe's digital sovereignty in the long term
4. Intensify international standardisation of products and services in Europe Status Quo Norms and standards play a crucial role in the implementation of digital technologies. Not only do they help to diffuse the state-of-the-art of technology to applications and markets, they also help to keep the regulatory framework flexible and innovation-friendly. Norms and standards are also absolutely necessary to address interoperability and data usage. Objective Standardisation must remain an industry-driven and transparent process. When introducing new digital technologies, this can be done as an interplay of consensus-based standardisation and consortium standards. However, it is important to adopt consensus-based standards, as is the case in the area of machine safety, for example, when directives and regulations are put into concrete terms. In all other cases, standards such as OPC-UA can also be applied. BDI’s policy recommendations ▪ Since more than one regulation is regularly applicable to products, consistent and coherent requirements are essential for maintaining the international competitiveness of companies. For this reason, when regulating products and services, it is essential to check that new regulatory content is consistent with existing requirements and to avoid double regulation. ▪
Facilitating EU standards: Norms and standards strengthen Europe's leading role in international competition, but are also facing major challenges, particularly as a result of digitalisation. Above all, standardisation is an international task which serves to remove technical barriers to trade, to accelerate the dissemination of innovations and to make technical legislation more concrete. Standardisation is fundamentally a self-governing task of industry. Especially in the case of horizontal cooperation, many companies shy away from cooperation talks and precompetitive cooperation in order to avoid any suspicion of cartels. Meaningful cooperation, which used to lead to "Standards Made in Europe", is hardly pursued today because companies are cautious. Exemption criteria must be formulated to accelerate cooperation in innovative and technologically relevant markets and to enable "Standards Made in EU".
▪
Active promotion of uniform, standardised interfaces for data communication, data storage and data encryption, which enable the exchange of insecure or outdated communication components during operation.
▪
Particularly in light of the (desirable) development of a harmonised certification framework for IT security products, it is necessary to take account of the existing EU legal regulation and strengthen the overall security level.
▪
The bureaucratic approach of the Posting of Workers Directive impedes transnational cooperation in European standardisation projects. Together with other EU member states, the Federal Government should advocate a noticeable reduction in the burden associated with the implementation of this directive.
26
Strengthening Europe's digital sovereignty in the long term
5. For a data policy that is open to innovation and provides incentives for voluntary data exchange Status Quo Data is a central competitive factor and a motor for economic growth and innovation. At the same time, data is always the result of innovation, research and development by those companies, for example, that produce machinery and equipment or develop software, as well as those that use and modify these technologies. Data-based business models and platforms are becoming increasingly important in the economy due to the digital transformation. Exponential growth in data volumes, rapid technological advances and new basic technologies such as artificial intelligence (AI) are leading to an increasing use of data-based applications in industry. The analysis and linking of data are a driver of innovation and lead to major economic and social benefits, including productivity gains. Objective The availability of high-quality data is therefore crucial for innovation and for the position of European industry in international competition. This data, combined with know-how and business ideas for data processing, is of particular economic value. In addition, high investments are often necessary to create the basis for the collection of data in the first place. In order to maintain the innovative power and international competitiveness of companies, it is therefore, imperative that regulators refrain from a general obligation for companies to share non-personal data, as is the case, for example, in the discussion on a German “data for all law” (proposal by the Social Democratic Party in Germany which would oblige companies to share their data). Rather, an innovation-friendly data policy must promote the effective and fair usage of data, support voluntary data sharing and provide for an appropriate balance between the interests of the data producer and the data user. In this way, innovation is encouraged and rewarded, and access to and use of data is guaranteed. This also includes an extension of the open data policy promoted by governments, which obliges the state to disclose (anonymised) data. In order to promote the voluntary sharing of data, uncertainties related to antitrust rules in data cooperation should be reduced. On the other hand, antitrust considerations regarding a possible claim to data access must be based on the extent to which there is an actually proven, structured market failure. At the same time, standards for legally secure anonymisation of personal data are needed so that companies can exclude for sure that the data under consideration falls under the scope of the GDPR. BDI’s policy recommendations ▪ A general “data sharing obligation” must be avoided at all costs. A general, cross-sectoral “data sharing obligation” could become a considerable competitive disadvantage for European industrial companies if, for example, foreign companies could unilaterally access machine data of German companies. Here, it is important to protect long-term investments. ▪
In particular with regard to antitrust and data protection law, the existing legal framework should be adapted in order to eliminate existing legal uncertainties regarding the usage and sharing of data.
▪
In principle, companies should be able to decide independently on the transfer and use of data in accordance with the applicable principles of contractual freedom. Only in the presence of a structural market failure, can sector-specific data access rules be considered.
▪
There is an urgent need to extend the government's open-data policy, which obliges the state to disclose (anonymised) data. The availability of high-quality data is an important signal for a greater voluntary willingness to share (non-competitive) data by companies.
▪
An original right of ownership of (non-personal) data should not be introduced at neither national nor European level.
27
Strengthening Europe's digital sovereignty in the long term
▪
In particular, SMEs should be enabled to evaluate and process their own data sets in order to develop new business models based on them.
In detail Please also note BDI’s thematic publications: ▪
BDI policy paper “Datenzugang: Positionspapier des BDI zur Datenwirtschaft” (EN: Data access: BDI position paper on data management)
▪
BDI position on the national data strategy
28
Strengthening Europe's digital sovereignty in the long term
6. Aerospace: A German launch pad for a digitally sovereign Europe Status Quo In the digital age, space travel is key and a prerequisite for future technologies, Industry 4.0 and Big Data applications. Our modern communication, navigation and earth observation would be unthinkable without space travel. Hence, it provides the data and infrastructures for numerous digital services and technologies. It is also indispensable for foreign and security policy intelligence, coordination and action. At the same time, competitive distortions are increasing due to very high state and private (economic) budgets for space activities in some countries. Commercial space flight is becoming increasingly important, as is the establishment of satellite constellations. Satellites are becoming smaller and smaller thanks to miniaturisation, and short-term shipments with small launchers are becoming increasingly relevant. However, transporting the satellites to a launch site outside Germany is lengthy, expensive and logistically very complex. Objective An increasingly data-based and networked industrial and information society is strategically dependent on having independent, self-determined and autonomous access to the critical infrastructure in space and free access to space at all times. Due to the growing importance of satellite data for many business models in the upstream and downstream sectors, the establishment of satellite constellations and thus the need for rapid transport of small satellites will continue to grow. A German launch site for Europe would therefore be a valuable measure. In addition, the German and European space ecosystem, as well as the entire industry and society, would benefit from such a launch site. BDI’s policy recommendations ▪ In view of the growing importance of space for the digital economy and society, a higher space budget is urgently needed: it strengthens German and European industry in international competition and creates a reliable framework for investment. This should be taken into account in the EU's next Multiannual Financial Framework. Likewise, the financing possibilities with venture capital for young companies should be improved in order to keep innovations in Germany and Europe. ▪
In order to guarantee the strategic and digital sovereignty of Germany and Europe, an autonomous and independent provision of space transportation is an absolute prerequisite. A quickly and directly accessible launch site in Germany for small launchers for the just-in-time transport of micro-satellites would take this into account and complement the European spaceport in Kourou (South America).
▪
The worldwide commercialisation of space travel is already in full swing: Germany and Europe must act now if they are not to fall further behind. The future space market holds enormous economic potential for new data-based business models. This requires positive framework conditions and a strengthening of private sector investment and the space ecosystem, for example through government anchor customers, partial tax exemptions and the creation of a German space innovation fund modelled on the US.
In detail Please also note BDI’s thematic publication: •
BDI position “Zukunftsmarkt Weltraum” (EN: Future market space, available in German only: https://bdi.eu/publikation/news/zukunftsmarkt-weltraum/)
29
Strengthening Europe's digital sovereignty in the long term
7. Digitally sovereign in security and defence Status Quo Due to new challenges imposed by new technologies for both security and defence, the Federal Republic of Germany needs a security policy that also takes these developments into account. Particularly in an increasingly digitally connected world, companies, public authorities and also military institutions are becoming increasingly vulnerable to cyber-attacks. To protect themselves against cyber-attacks, Germany and Europe have to foster the availability and trustworthiness of security technologies. Companies, security authorities and the armed forces need modern and trustworthy IT and security technologies to ensure sovereignty in the digital space. Objective The importance of national key technologies is being increasingly discussed, particularly with regard to the defence sector, and in the context of internal security. However, goals and measures to promote and secure these fields of technology still need to be clarified. Furthermore, it is necessary to define the concept of “key capabilities” in a coordinated manner in order to be able to maintain these competencies as well. In order to guarantee the ability of Germany, the EU and NATO to act in a sovereign manner, technologies must be procured from trustworthy manufacturers and dependence on third countries must be avoided. The list of key technologies presented by the Federal Ministry of Defence in February 2020 must now be rapidly implemented through concrete measures (in coordination with the European partners). Policy Recommendations by BDI and BDSV: ▪ Germany and Europe need a joint security policy strategy of the EU and its member states to strengthen their digital sovereignty in a holistic way. Building on this, European cooperation in security and defence policy must be strengthened. In particular, joint development and procurement projects for security and defence equipment must be promoted and common standards (also with regard to export regulations) must be defined. ▪
In order to be (digitally) sovereign as a state, it is essential to reduce dependencies or to make them transparent and actively manage them. This is also vital in order to ensure effective protection against the influence of third parties. At the same time, strategic cooperation – including non-European partners – must also be fostered in future. It must be ensured, however, that the necessary technologies are obtained from trustworthy manufacturers and do not stand in the way of sovereign operation and further development of the overall system. In addition, the general approach to non-trustworthy technology providers must be defined. Key skills, such as the competence to create secure architectures using insecure sub-components, play an important role here.
▪
It also requires the introduction of faster and more efficient planning, development and procurement, approval, certification and procurement procedures for digital and analogue security goods, so that innovative solutions can be used quickly.
In detail Please also note BSDV’s thematic publication: -
Position paper of the BDSV on the “Strategy paper for strengthening the defence industry in Germany” (available in German only: https://www.bdsv.eu/aktuelles/positionspapiere/positionspapier-des-bdsv-zum-strategiepapier-zur-staerkung-der-verteidigungsindustrie-indeutschland.html)
30
Strengthening Europe's digital sovereignty in the long term
8. Raw material supply 4.0 Status Quo Raw materials stand at the beginning of each value chain of all innovative technologies and applications. Digitalisation and Industry 4.0 are therefore not possible without a secure supply of raw materials. The European high-tech industry is dependent on a secure and sustainable supply of raw materials. The growing importance of future technologies in a digital economy and information society is leading to a sharp increase in the demand for raw materials worldwide, especially for metallic raw materials. This demand will continue to increase in the upcoming years. However, free and fair access to raw materials is often hindered by trade-distorting government measures. In addition, high country concentrations of high-tech raw materials make secure access to raw materials more difficult. Objective Digitalisation and raw material supply are two sides of the same coin and must not be considered separately. Without high-tech raw materials, there will be no future technologies “Made in Germany” or “Made in Europe”. The availability of raw materials will thus become a central challenge for the digital sovereignty of Germany and the EU. This cannot be achieved without a secure supply of raw materials: A complete dependence on imports of raw materials contradicts any approach toward sovereignty in digital applications and technologies based on these raw materials. A paradigm shift in raw materials policy is therefore needed: A sustainable and secure supply of raw materials must be guaranteed at all costs. BDI’s policy recommendations ▪ The importance of raw material imports will continue to increase as part of the digital transformation on the way to Industry 4.0. Policymakers must therefore create reliable framework conditions to enable fair competition in open markets and thus ensure non-discriminatory access to raw materials from abroad. The German government and the EU must do more to promote the conclusion of international trade agreements. ▪
Security of raw material supply must remain a priority on the political agenda. All three pillars of securing raw materials - imported raw materials, domestic raw materials and recycled raw materials - must be given equal priority. This also includes strengthening domestic raw material extraction and expanding the recycling economy. In addition, innovative raw materials projects, such as deep-sea mining, should be given more support.
▪
German companies in the raw material extraction and processing industry already take comprehensive responsibility for the care in their supply chains. However, they need the support of German and European politics. Germany and the EU should influence the local framework conditions with the help of a stronger interlocking of raw material extraction and development policy.
▪
It is necessary to establish a fact-based awareness of raw materials as the basis for a trust in responsible raw material extraction throughout society.
In detail Please also note BDI’s thematic publication: •
BDI position “Rohstoffversorgung 4.0” (EN: Raw material supply 4.0) (https://bdi.eu/publikation/news/rohstoffversorgung-40/)
31
Strengthening Europe's digital sovereignty in the long term
Imprint The BDI transports the interests of German industry to the political leaders. In this way it supports companies in global competition. It has an extensive network in Germany and Europe, in all important markets and in international organisations. The BDI provides political support for the development of international markets. And it provides information and economic policy advice on all industry-related topics. The BDI is the umbrella organisation of German industry and industry-related service providers. It speaks for 40 industry associations and more than 100,000 companies with around 8 million employees. Membership is voluntary. 15 state representatives represent the interests of industry at regional level. Bundesverband der Deutschen Industrie e.V. (BDI) Breite StraĂ&#x;e 29, 10178 Berlin www.bdi.eu T: +49 30 2028-0 Editorial office Steven Heckler T: +493020281523 S.Heckler@bdi.eu Document number: D 1145
32