Debate contributions by Henna VIRKKUNEN

Madam President, honourable Members, today the Commission adopted the Digital Networks Act. This proposal is strategic for Europe's place in the world. At a time of geopolitical tensions and rapid technological development, connectivity is no longer just about faster networks. It's about our competitiveness, our resilience and our sovereignty. The Draghi, Letta and Niinistö reports all stressed the need to simplify and harmonise our legislation, allowing European companies to scale up, invest and innovate. Today's proposal aims to deliver on this – more harmonisation, more competitiveness and more simplification, leading to more investments, security and resilience. First, to achieve these goals, we need to move decisively. This is why we proposed a regulation rather than a directive. A regulation will allow us rules to apply directly and uniformly across our Union. The DNA merges four existing legal acts into one single, modernised rulebook for telecoms. Second, we need to strengthen the single market for connectivity. Europe cannot lead the digital economy if our network operators are facing 27 different regulatory regimes. The DNA now introduces harmonised and simple rules for facilitating the provision of cross-border networks and also services, enabling providers to grow and scale up. We propose here a single passport for operators active in several Member States, with harmonised rules for general authorisation. Also, we are proposing stronger coordination in spectrum, both in spectrum planning and release and how it is designed. Also, we are proposing an EU-level authorisation for satellite connectivity that ensures a level playing field among all satellite players, enabling European companies to scale, innovate and compete globally. Third, we need a competitive connectivity infrastructure based on future-proof, advanced networks, so that all citizens and businesses are connected to high-performance gigabit networks. To this end, the DNA accelerates the transition to full-fibre infrastructure by setting a harmonised framework for copper switch-off. We ensure that the phase-out of copper networks is sustainable and secures the best possible outcome for consumers and operators. The copper switch-off should start by 2030 based on national transition-to-fibre plans presented by Member States in 2029. Copper will be switched off only once fibre coverage and affordable conditions are met in that area. After 2035, the copper-switch off should be mandated in all areas, with the exception of areas where fibre deployment is economically not viable. Importantly, the proposal also includes safeguards to ensure that consumers are protected throughout this process. In addition to supporting fibre uptake, access rules will become more focused, while at the same time maintaining the ability of the regulators to act quickly if competition is under threat. The DNA also sets conditions for spectrum management that increase investment in the sector and bring innovation. With unlimited licence duration, streamlined licence renewals and the obligation to share spectrum, we will increase predictability and unlock also investments. Fourth, the DNA is also about simplification. It reduces administrative burden and reporting obligations across all its provisions, thus freeing resources for investments and innovation. Overall, it also provides an upgraded governance system, renaming the BEREC Office as an office of digital networks with broader competences. This ensures that the new rules are applied coherently throughout our single market. BEREC will also help with simplification through common reporting templates. Fifth, we need to also reinforce our security and resilience. Connectivity has become a strategic asset. Recent crises have shown how vulnerable our infrastructure can be, either to geopolitical shocks, cyberthreats or physical disruptions. Connectivity networks are critical infrastructure and Europe must be able to protect them and to ensure communication continuity in all circumstances. The DNA will introduce resilience and security as cross-cutting horizontal objectives. It will establish an EU-level preparedness plan, which will strengthen Europe's capacity to prepare for, prevent and respond to incidents and cyberattacks. Regarding harmful interference from third countries, the DNA also sets a stronger framework to react. Moreover, it also adds new obligations to help tackle fraud. It also introduces, as a condition for the right to provide electronic communications networks and services, an obligation to comply with the cybersecurity supply chain obligations of the Cybersecurity Act, which we proposed yesterday. Failure to comply with those requirements may lead to withdrawal of the authorisation. Finally, we need to boost innovation in a broader digital ecosystem. The DNA proposal preserves open-internet principles and empowers the Commission to provide more legal clarity regarding innovative services, such as network slicing. It also encourages voluntary ecosystem cooperation, contributing to more efficient and reliable traffic management. Let me finish by saying that the DNA reflects our broader vision of Europe as a confident digital power – a power that shapes global standards, invests in its own capabilities, and sees digital infrastructure not only as an economic asset but as a geopolitical one. The DNA is a very clear signal that Europe is ready to act, ready to invest and ready to lead, making Europe a true AI continent.

Mr President, honourable Members, I want to thank everybody for your comments and contributions. With the Pact on Migration and Asylum coming into force this June, we are at the beginning of a crucial year of migration management. So, this is the right time for a new European asylum and migration management strategy, which we will present very soon. The proposed return regulation, the anti‑smuggling directive, the visa strategy and our migration diplomacy all go in the same direction: to effectively manage migration in a way that fulfils our obligations to those in need of protection; protects our citizens and our borders; and also supports our economic competitiveness.

Mr President, honourable Members, the EU has turned a corner on migration policy. Irregular border crossings at the EU's external borders fell by 26 % last year. The number of persons detected ‑ 178 000 ‑ is at the lowest level since 2021. And this is not happening by chance. It is the result of policy changes by the EU and the Member states. It is the result of growing trust and solidarity among our Member States, and it is also because of strengthened cooperation with the partner countries along key migration routes. And now we must continue this good work. There are still far too many people in the EU who have no right to stay, and only 1 in 4 of them leave the Union today. So we must increase the effectiveness of returns. Improving the return rate is also what citizens expect. The proposed return regulation will help us to do that by creating a common European system for returns, by closing loopholes and making procedures faster. That is why we ask you to continue advancing in your work, so that the negotiations with the Council can start without delay. Doing our homework inside the EU is one side of the work, but this must be matched with equal investment in enhancing our cooperation on readmission and migration management. Cooperation with third countries has helped us to achieve good results we must build on. We need our international partners to play a role in a whole of road approach. To do this, we will further strengthen partnerships with countries of origin and transit, for example in fighting migrant smuggling. Last month, at the Global Alliance Against Migrant Smuggling, we received commitments from over 50 international partners, sending a very powerful signal to the smugglers that their business model will no longer work. We must also make better use of migration diplomacy, linking our migration priorities to international cooperation, trade and investments. Visa-free travel is another powerful geopolitical tool we can use in our migration diplomacy. Article 25a of the Visa Code already links visa policy with cooperation on returns and readmissions of their own nationals illegally staying in the EU. Under our upcoming visa strategy we will propose to strengthen the role of article 25a in promoting our values and interests, and at the same time, the new visa strategy will convey a clear message, the EU's visa policy needs to become a core strategic tool supporting our security and our global influence, and equally our economy and competitiveness on the global stage. This takes me to the importance of legal pathways as a part of our migration strategy. Maintaining our competitiveness and prosperity will depend on our ability to attract the best skills and talent from everywhere in the world. And to remain a world leader in innovation, Europe must become a destination of choice for the world's most skilled and creative individuals. For this purpose, the Commission will present alongside the visa strategy, also a recommendation to Member States on attracting talent for innovation. To make this happen, we must maintain the trust of our citizens and show them that the EU is in control of migration. Not the migrant smugglers, not the traffickers, not the third countries who try to weaponise migration against us. So these are the essential points under our forthcoming European migration and asylum management strategy. So first, preventing illegal migration, breaking the business model of criminal smuggling networks, protecting people fleeing war and encouraging talent to come to the EU and make our economy more competitive. In other words, a migration and asylum policy that is fair and firm, defending our interests and also true to our values. Honourable Members, our migration policy has reached a turning point. We have a solid international legal framework with the Pact on Migration and Asylum, which Member States need to implement this year. We made progress in our work with our partners. We cut irregular migration and we are now stepping up legal pathways. Let us continue this progress together.

Madam President, honourable Members, thank you very much for your contributions and also for the very positive feedback and strong support we have in this House. I think that we all very much agree that this proposal comes at a time where Europe is facing the most severe security threats for generations, we can say, and the complex geopolitical context and very rapid uptake of emerging technologies calls for our united and decisive action. With this Cybersecurity Act, we are really covering all our critical fields now – even though we focused quite a lot on 5G in our discussion, because there we have been already working several years, so we have had this voluntary toolbox in place already from 2020, although all the Member States haven't implemented it yet. There we have already a lot of experience, and now we are proposing making this 5G framework mandatory, but we are also proposing that we start to carry out Union-level coordinated security risk assessments on different sectors which are defined in our NIS 2 Directive – critical sectors like energy, transport, water, healthcare. We are already carrying out that kind of risk assessment, where we are really also identifying the key assets in the ICT supply chain, and we are also proposing targeted mitigating measures to address these identified risks. Of course, this also comes with careful impact assessment when we propose these mitigating measures. The Commission will also provide a catalogue of high-risk suppliers, so it will be very clear which are the high-risk suppliers in different critical sectors after that. I very much want to thank you for all the strong support I heard today, because I see that, now more than ever, we need to really equip ourselves with robust and efficient cybersecurity tools, tools that allow for seamless cooperation across the EU. As it was said here – we are only as strong as our weakest link when it comes to cybersecurity, because we see that the cyber threat to one Member State is really a threat to all Member States – that is why it's important that we are acting now together.

Madam President, honourable Members, today we adopted a new cybersecurity package, a proposal for a revised Cybersecurity Act and a set of simplification measures. This is what Europe needs now. Almost daily, we see cyberattacks against our critical infrastructure – on hospitals, energy, water management, transport or public administration infrastructure. These operations are often part of a wider hybrid campaign linking to espionage, prepositioning ransomware and also disruptive operations. With today's proposal, we adapt our cybersecurity policy to this new reality. First, by ensuring that we have a strong EU agency for cyber security, ENISA. Second, by ensuring that we de-risk our ICT supply chain. Third, by amending the European cybersecurity certification framework to make it efficient. And fourth, by amending the NIS2 Directive, simplifying our cybersecurity rules, making it easy for businesses to comply. We are making sure that ENISA is equipped to carry out its tasks and can properly assist Member States. In practice, this means: producing early alerts of cyber threats and incidents; providing a help desk to support companies in responding and recovering from ransomware attacks, a threat that is expected to occur every two seconds over the next five years; developing a common EU vulnerability management service capacity, a key feature for more sovereign and resilient cybersecurity ecosystem; and developing a single entry point for incident reporting, as proposed in the digital Omnibus. ENISA will also continue to play a key role in ensuring that we have workforce skilled at cybersecurity through the Cybersecurity Skills Academy and the first ever EU-wide skills attestation scheme for cybersecurity professionals. Our proposal is about protecting EU citizens and businesses by securing the ICT supply chains that support the critical sectors of our economy and society. In today's reality, every link in our complex and digitised supply chain is a potential target for exploitation by malicious actors and with potentially devastating consequences for our economy. So that is why we must now address this seriously. We can no longer be naive about threat actors' capacity to switch off the ICT systems running our critical infrastructure. This is a clear threat to our society, economy and defence readiness. Today, I am proposing to make the 5G toolbox mandatory, as was recommended by the Draghi and Letta reports. Secure and trusted 5G is an essential element in our security architecture. We need to finalise what many Member States have already done when it comes to de-risking 5G networks from high risk suppliers. But telecom networks are not the only area where we have concerns. In the joint communication on strengthening EU's economic security, we have highlighted many areas where dependencies on a single or very limited number of suppliers could pose a significant security risk – for instance, detection equipment at EU borders or solar inverters. This is why I also propose today a new framework for de-risking the ICT supply chain in our EU critical infrastructures. It is a risk-based approach, proportionate and targeted. It takes into account what we have tried and tested already with the 5G cybersecurity toolbox. The approach is about working together with our Member States and ensuring that any action is based on true assessment – not only assessing security risks, but also considering market implications, economic costs and impact on the supply of services in the internal market. We are also proposing further simplification measures complementing the digital omnibus proposal. These changes to the NIS2 Directive will be improving legal clarity and removing compliance burden from almost 30 000 companies, including more than 6 000 micro and small-sized enterprises. We are also introducing a new category of small mid-cap enterprises that will reduce the compliance costs for 22 000 companies. And finally, we propose also to simplify and streamline the cybersecurity certification framework so that cybersecurity certification can be quicker and also more effective. Honourable Members, thank you for your contribution. Now, I am very much looking forward to also hearing your thoughts about this new proposal we have on the table.

Madam President, honourable Members, presidency, I want to thank you all for your very important contributions, and I share your concerns. We need to work together further to ensure that, in the age of AI, the EU remains a safe and secure place, especially for our children. The spread of non-consensual intimate images and sexualised deepfakes reminds us that new technologies come with new forms of risks – risks that demand swift action and effective legal protection. Sexualised deepfakes are not a marginal or abstract problem. We know that they are a very serious form of digital violence. We need to coordinate a very strong enforcement of our existing rules across different platforms, providers and deployers of AI systems and general-purpose AI models. Like I said, I see that we have a very strong legal toolbox, and now our responsibility is to apply it fully in line with our fundamental values. But we will also carefully assess your proposals to make the unacceptable nature of these practices more legally certain. We will also consider whether explicit prohibitions are needed also in the AI Act.

Madam President, honourable Members, Presidency, sharing of non-consensual intimate images and child sexual abuse material is horrendous. It is a violation of fundamental rights, including human dignity, privacy and children's rights. These horrible practices are not new, but what is new is the scale and the speed with which artificial intelligence is now amplifying them. With AI, anyone with very minimal technical expertise can create very realistic sexual images and videos of people without their consent. Once created, such material can be shared instantly online without the victim's knowledge or control, leading to non-consensual sexualisation, gender-based violence and also harassment, psychological and reputational harm. This harm is very real and personal. At the EU level, we can respond to such risks through our comprehensive digital rulebook with platform governance, data protection, the AI Act and criminal law. The Digital Services Act tackles the spread of AI-generated content on online platforms. It requires very large online platforms to identify, assess and mitigate systematic risks linked to the amplification of illegal content and gender-based violence, including also non-consensual intimate images and child sexual abuse material. The platforms must assess the risks created by new features likely to pose systematic risks, such as generative AI, and put in place mitigating measures. Recent instances, including the creation and dissemination of non-consensual sexual images of women and children on X through the AI tool Grok are completely unacceptable. We take this matter very seriously in our enforcement work under the DSA. In December, we took the first non-compliance decision under the DSA, finding X in breach of three key provisions on data access, advertising transparency and dark patterns, and, based on this, levied a fine of EUR 120 million. In addition, we have been very closely monitoring the developments on Grok. We have issued a request for information to X concerning Grok, and we have ordered the platform to retain all internal documents and data related to it until the end of this year. At the Commission, we have been very vocal about the fact that this feature is totally unacceptable and needs to be urgently removed. As a result, X has taken steps to limit the possibility of creating such content in the EU. We are now examining to what extent X may, in any case, be in violation of the DSA, and we will not hesitate to take further action if the evidence so suggests. Let me now turn to the AI Act. The AI Act plays a key role in tackling harmful AI-generated deepfakes. While enforcement of the AI Act is yet to begin in August this year, it can already have an impact in different ways. First, the prohibition of harmful AI practices could be relevant for addressing non-consensual sexual deepfakes and child sexual abuse material. This depends on the type of harm they cause. When deepfakes do not count as prohibited practices, transparency rules are also playing a role here. We are currently preparing a code of practice on marking and labelling AI-generated content. The code is a voluntary tool for providers of generative AI systems to demonstrate compliance with the AI Act's obligations, also addressing the labelling of deepfakes and moreover the general purpose AI models with systematic risks. The AI Act requires providers to assess and mitigate the systematic risk posed by their model; this can include risks linked to the sharing of illegal, false or discriminatory content. In our criminal law, we have tools as well. The child sexual abuse directive makes the production and dissemination of child sexual material, including AI-generated material, a criminal offence. The proposed child sexual abuse regulation, requiring online service providers to prevent and combat the spread of child sexual abuse material, is in the final stages of negotiations. Moreover, under the directive of combating violence against women, Member States will have to ensure that producing and sharing sexually explicit deepfakes is punishable as a criminal offence. Lastly, our upcoming action plan against cyberbullying will also improve prevention, awareness and support measures to protect users from such emerging forms of online abuse. Let me underline that we will remain, and we are remaining, fully committed to the effective implementation and enforcement of our rules to protect EU citizens, especially our children.

Mr President, honourable Members, rapporteurs and shadows, thank you for all your work. And also thank you for this very timely debate. It very clearly shows a very strong commitment to deliver on European defence readiness by 2030, a commitment for Europe to step up, to invest in defence and also to be ready to defend itself. It is also good to hear your support for the EU‑wide military mobility area by 2027, to ensure a seamless movement of troops, equipment and military assets across the European Union. As we know, these are dual‑use projects, so it means that everyday these investments are also helping our citizens and creating a better single market. And let me assure you that in the Commission, we are now in full implementation mode to deliver on these objectives, and also with our clear milestone and flagship projects, we are reinforcing Europe's ability to deter and defend across land, air, sea, cyber and space, while contributing directly to NATO capability targets. But we need your support. We look forward to working very closely with this House to adopt the proposed legislation as soon as possible. You also play a very important key role in delivering on the next MFF, where we have proposed a fivefold increase in defence spending and also ten times more funding for military mobility projects. Honourable Members, to be ready by 2030, we need to move now, we need to move fast and we need to move together.

Mr President, honourable Members, I want to thank everybody who contributed to this discussion for your very valuable inputs. Why are we proposing this package? You are very well aware about the Draghi report and the innovation gap we are facing. We are very committed as a Commission to make Europe faster and easier and simpler for businesses, especially our start-ups and SMEs, to make sure that Europe is the place to innovate and invest and scale up businesses. But the discussion today also highlights the importance of maintaining a fair balance between practical action and protection of our safeguards here. I believe that this digital package strikes this right balance. I count on your support in advancing the proposed legislative files, the digital omnibus and the European business wallet as well. And I would also like to stress that this is the first set of urgent measures. These immediate actions are needed to bring a breath of fresh air to our businesses and the EU's competitiveness. But this is not the last step when we speak about simplification. In my confirmation hearing one year ago at the European Parliament, I already announced a digital fitness check for our entire digital rulebook, and we launched this process in the last week. Wide consultations are ongoing, so we are collecting feedback and input from our stakeholders as to how we can simplify our digital rulebook in the future. Together, let's make it easier to innovate and invest in Europe while staying true to our values.

Mr President, Honourable Members, last week, the Commission adopted the first digital simplification package. Our goal is very clear: making life easier for our companies – especially the smallest ones – and for consumers, while remaining true to our values and our high standards. In Europe, we have all it takes to succeed – we have talent, we have infrastructure, and we have a large single market where businesses should be able to scale up. But our companies, especially our start-ups and small businesses, are often held back. This package is our immediate answer to calls to reduce burdens and encourage innovation. We are doing so through three measures. Firstly, we presented the Data Union Strategy to fuel the digital economy, which is an essential resource, with-high quality data for our AI development. Secondly, the European Business Wallets offer an easy digital solution for businesses to interact with authorities and other businesses across our Europe. Finally, the Digital Omnibus simplifies our rules in the areas of artificial intelligence, cybersecurity and data. This does not mean we are in any way undermining our existing digital rulebook. We can be very proud of the rules we have, which were adopted together with this House during the last mandates. Let me underline that we remain very committed to the implementation and enforcement of these rules. The Digital Package firmly supports our high standards for privacy, fairness and security. EU regulation is a global trust mark for businesses that respect fundamental rights. This should not be a burden, but a competitive advantage for our companies. For this, we should get rid of regulatory clutter, where there is any, and we should instead focus on clear and predictable rules and solid enforcement. The Digital Package does this firstly by cutting unnecessary administrative costs for businesses by at least EUR 5 billion by 2029 through the Digital Omnibus, and by saving companies at least EUR 150 billion per year with our European Business Wallets. We cut bureaucratic obligations, in particular for SMEs and small mid-caps, and built digital solutions to cut all duplications in incident reporting. Then, on the AI Act, we made adjustments to ensure effective application. This is not about backing down from these rules, but making sure that the support tools, like standards, specifications and guidelines, are in place before high-risk rules apply. Finally, we are stimulating innovation. We propose targeted amendments to the GDPR that aim to facilitate compliance and support technological innovation in the EU, while continuing to ensure a high level of data protection. We are simplifying certain requirements, such as data breach notifications and information obligations, which will particularly help our SMEs. We are ensuring that AI development is encouraged in Europe and clearly framed by our rules. We are also clarifying rules in the context of recent judgments from the Court of Justice of the EU and opinions from the European Data Protection Board. These targeted amendments do not lower the level of data protection across the EU. They harmonise, simplify and clarify the application of our rules. In the Data Union Strategy, we are also proposing measures for scaling up the availability of high-quality data for AI development in the EU, and we are strengthening our approach to international data flows – stronger data sharing within the EU, while being more careful with data leakage of trade secrets to unsafe third countries. These measures should not only help our businesses, but also our consumers. We are finally now addressing the cookie banner fatigue. I think we can all agree that we have spent quite enough time accepting or rejecting cookies every time we visit a website, and at the same time, it is very important that users stay in control. Honourable Members, our proposal is a result of broad engagement with European businesses, including our SMEs, civil society and beyond. We all know very well that very big global companies can deal with administrative burden and fragmented markets; smaller businesses cannot. We are doing this package for Europe. I count on open discussion and cooperation with you to take this package forward so that we can encourage innovation in Europe, while always protecting our fundamental rights.

Madam President, Honourable Members, rapporteur and all the shadow rapporteurs, I want to thank you very much for your work. As President von der Leyen has repeatedly stated, the protection of minors online is an absolute priority for the Commission, and we know that this is also a high priority across our Member States, as well as in this House, as your report very clearly shows. Therefore, at the EU level, we have already taken many steps to protect and empower children and youth online. Because the online world is a part of our everyday life, and children have the right to take part in it safely – to safely seek information, learn and be connected to their peers, develop their digital skills and be engaged members of society. The Digital Services Act is our landmark legislation for protecting minors online. It is because of the DSA that the protection of minors was taken seriously by the online platforms. Immediately on day one, when the DSA was in place, the Commission asked for measures that online platforms have set to protect minors. Since then, we have strongly enforced the DSA. We have opened cases against four adult platforms, as well as against TikTok, Instagram and Facebook, focusing on age assurance and protecting minors from addiction and health risks. We also stopped the launch of TikTok Lite in the EU. The DSA minor protection guidelines we have now have also very clearly and concretely identified measures that the platforms need to take to protect children from online risks, such as grooming, harmful content, problematic and addictive behaviours, as well as cyberbullying and harmful commercial practices. It is very relevant that we now have these guidelines. It is very relevant for our DSA investigations, because now we have clear benchmarks to work with. The requests for information we recently sent to Snapchat, YouTube, Apple Store and Google Play show that we are already making concrete use of these guidelines. We also work with the national authorities to make sure that the smaller platforms also follow the guidelines as well. We have also published a blueprint now for an EU age verification app, and this is an open-source standard on how age verification can be done effectively and in full respect of privacy and data protection. This app is currently being tested by several Member States, platforms and end users as well, and it can set a global standard for age checks without requiring anyone to give their information to online platforms. The Audiovisual Media Services Directive is also key in protecting minors from harmful content. It applies to all the visual media service providers, including video sharing platforms. We are currently now evaluating the Directive and will update it in next year. We are also implementing the AI Act. It clearly prohibits AI that manipulates children or exploits their vulnerabilities in a harmful manner. It provides safeguards for high-risk AI systems and ensures transparency for AI interacting with people, including children. We have also proposed a regulation to prevent and combat child sexual abuse in order to better protect children from these horrible crimes. Also, the proposed revision of the Criminal Law Directive against child sexual abuse aims to combat new threats, such as AI-generated child sexual abuse material or paedophile manuals. The Terrorist Content Online regulation is another important tool for Member States to prevent children from being exposed to terrorist material online. Furthermore, to address the specific needs of children who are increasingly exposed to online requirements, radicalisation, grooming and child sexual abuse and other threats, we are now preparing an action plan on the protection of children against crime. Building on consultations with over 6 000 children, we will launch an action plan against cyberbullying early next year. This plan will present an EU-wide response to better prevent and act on this devastating threat. We will present a Digital Fairness Act to address remaining gaps in consumer protection in the digital environment, paying particular attention to children as young consumers, while ensuring alignment with our existing laws. Finally, let me recall that under the strategy for a Better Internet for Kids, we have for many years supported the incredible work of the national Safer Internet Centres with very concrete support for children and families all over the Member States. However, being frontrunners on protecting minors online does not mean that we should not do more. Our President has called for experts to advise her on the best approach for Europe with regards to possible social media restrictions. In this process, we will hear all perspectives, from children to parents, and international partners. All these listed measures show how the EU is at the forefront of securing children's well-being in the digital era. But we could not do this without your support. We will continue to work with this House to make sure that our children are safe and empowered online.

Mr President, honourable Members, special thanks to the rapporteur and to all other Members who have been working with this BEFIT file. We all agree on one thing in this very complex geopolitical environment: Europe must strengthen our competitiveness, productivity and economic resilience. BEFIT is an important instrument to achieve that. As we speak, multinational companies face a complex tax environment in the EU. Businesses operating in more than one Member State need to manage numerous different tax systems. In practice, they still face challenges of 27 tax systems, and this creates complexity and compliance costs. This complexity creates an uneven playing field and also increases tax uncertainty. It also discourages cross-border investments. On top of this, large companies face an additional layer of tax rules if they are subject to the Pillar Two directive and compute their minimum effective tax rate. BEFIT addresses these challenges. It will simplify the landscape, make life easier for companies active in the EU, and make the EU a more attractive place for doing business. First, BEFIT will provide companies that are in its scope with one single and simplified set of corporate taxation rules across the EU, replacing the Member States' rules for computing corporate tax base. Second, BEFIT contains streamlined and centralised procedures. At the same time, BEFIT builds on the Pillar Two legal framework, and factors in what is already in place for the global minimum tax, and it is designed to be as close to Pillar Two as possible. This will ensure that the compliance burden for companies is significantly reduced. Third, BEFIT does not overburden smaller companies or SME groups operating across several Member States. It will only be mandatory for large companies that are already in the scope of Pillar Two and indirectly familiar with it. Companies not in the scope can, under certain conditions, opt to apply BEFIT rules. This will allow them to spend less time dealing with different corporate tax systems. Honourable Members, the Commission conducted a comprehensive impact assessment report when preparing this BEFIT. The report concludes that there is significant potential for compliance cost savings for businesses up to 65 %. Having said this, the reality is that BEFIT is a unique tax system with no precedent, and data is limited, so it's hard to accurately estimate its possible impact. This is why Commission services encourage Member States and businesses to provide more granular data. Let me end by stressing once again the significance of BEFIT. It's an initial but important step towards a more integrated internal market, that makes it easier for companies to start, grow and also succeed in the EU. There will be a real long-term benefits, and it will make the EU a more attractive market to invest in. We want to make BEFIT a true success. The support from this House is key in this. Cutting red tape will be an important element of our success, so let's work together to make BEFIT a model for reducing unnecessary compliance costs and administrative burden for businesses. Let's also join forces to build momentum amongst Member States and businesses to make BEFIT a reality soon. We know that Member States are currently focusing their efforts to stabilise Pillar Two, and businesses are putting in significant efforts to be compliant with Pillar Two. We fully understand that they need time to carefully assess the rules and their impact, and we need to be patient, while at the same time keeping this file on the table at the Council.

Mr President, honourable Members, the Commission welcomes the agreement reached on the revision of the founding regulation for the European Maritime Safety Agency, which we expect to enter into force in January 2026. Special thanks to the rapporteur and everybody who has been working on this very important file. This is a significant step in making maritime transport across our Union safer, cleaner and more resilient, and it would not have been possible without a significant effort by the rapporteur and the entire negotiating team of this House. The text of the regulation to be voted on maintains the core ambition of the Commission's proposal. It ensures that EMSA is better equipped to support Member States and the Commission as we tackle current and emerging challenges. The revision of EMSA's mandate completes the maritime safety package. It complements the revised directives on port state control, ship-source pollution, flag state compliance and maritime accident investigations. It creates a coherent framework that strengthens safety and environmental protection at sea. EMSA's activities are at the very heart of what the Commission and Member States do on maritime safety. The agency provides economies of scale, also technical expertise and practical support where national administrations need it most. Crucially, the new text gives EMSA a future-proof framework. It addresses emerging tasks: from pollution prevention, crisis response and public health operations to support on zero-emission technologies and digitalisation. The mandate also sharpens our focus on environmental protection. EMSA will help implement FuelEU Maritime and the EU ETS for shipping. It will also improve our response to maritime pollution, work on ship recycling, and address sulphur and other harmful emissions. The revised regulation also recognises and reinforces EMSA's added value on training and capacity-building. The agency will support Member States both with new technologies and with accident investigations. This new report, together with greater focus on the EMSA Academy as a centre of excellence, will be decisive in building resilient maritime administrations across our Union. With new tasks come new resources. We welcome the increase in the personnel workforce over the coming years. EMSA must be operationally equipped to deliver on its mandate. At the same time, we must be frank. The delivery will require continued support under the next multiannual financial framework. On governance, the Commission notes changes reducing some elements on oversight that we considered important. The weakening of some of these safeguards is regrettable. In light of this, the Commission has issued a statement on the alert system on human resources and budget matters – which we would request be added to the verbatim record of tomorrow's voting session – and calls on the agency and its management board to engage in early and structured coordination on draft decisions. This is a constructive call to ensure good cooperation and administration, sound financial management and mutual trust. Overall, the message today is very positive. With the entry into force of this regulation, EMSA becomes more future-proof, agile and operational, and better equipped to keep our seas safe and clean. Europe's maritime safety is now more watertight. Thank you again to the Members of this House for your constructive role in this process.

Mr President, honourable Members, we welcome the European Parliament's very timely and comprehensive report on transnational repression against human rights defenders. Transnational repression is a growing and very deeply worrying phenomenon. It strikes at the very core of the international rules-based order and our EU values. And your report highlights these very alarming facts. Transnational repression is an assault on sovereignty, on human rights, accountability and justice. When authoritarian regimes extend their persecution beyond borders, they seek to silence not only individuals but also the very idea of freedom and civic space. The EU strongly condemns such actions. Transnational repression is not an isolated challenge, but it's a systemic one. It affects human rights defenders, but also journalists, lawyers and artists in exile. It calls for a coherent, transversal and global EU response. The EU is already taking steps in this direction: in our human rights and democracy action plan for 2020-2027, we have strengthened protection for human rights defenders worldwide, including those facing transnational threats. Since its inception in 2015, our human rights defenders mechanism has provided support to more than 85 000 defenders under attack, including transnational repression. Our EU delegations are stepping up their cooperation with Member States to identify, monitor and also respond to cross-border repression and also ensure protection to defenders threatened by it. We will continue to use all our tools to hold perpetrators accountable and to deter further abuses. The EU global human rights sanctions regime remains a powerful instrument in this regard. We are also stepping up our engagement in multilateral fora to address transnational repression at its roots. We are working with the UN, but also with regional organisations and with the G7. We support efforts to strengthen international norms and accountability mechanisms, including against the excessive use of Interpol, surveillance and tactics that criminalise activism abroad. In responding to transnational repression, we must confront its full scope – not only the physical threats, but also the digital dimension: spyware, online harassment, disinformation campaigns and cyberattacks that seek to silence voices of conscience must be stopped. Our approach must also be gender sensitive, as we know that women human rights defenders often face multiple risks. This requires targeted measures that protect their safety and uphold their role in advancing justice and human dignity. No one should be beyond the reach of protection, and no regime should be beyond the reach of accountability. Your report calls for clear definitions, data collection and reporting mechanisms. We stand ready to work with Member States, the Commission and this Parliament to develop a more systematic approach, including through the next EU action plan on human rights and democracy. We thank the European Parliament for its work on this very urgent issue, and for reinforcing the EU's leadership in defending human rights defenders everywhere. And just to add that just today we also presented the European democracy shield and the EU strategy for civil society. They reaffirm our commitment to protect journalists and media workers, as well as human rights defenders in the EU and also across the world, including those victims of transnational repression. Together, we must ensure that Europe remains a haven for freedom and a strong voice against repression, wherever it occurs.

Mr President, honourable Members, this is a very serious topic we are discussing and I want to thank all of you for your contributions. It is very clear that we need to address the increased flows of potentially non-compliant – often also very dangerous – e-commerce products we see on our markets. As you know, we have very clear rules in place, and now we have investigations going on against several online platforms, including several online marketplaces as well, and we are currently gathering evidence. Let me assure you that we continue to push for the robust enforcement of our toolbox for the safety of European consumers, and especially minors. It is clear that illegal products do not have a place in our markets, and we will continue to ensure adequate response and also compliance from these e-commerce platforms. We are also very committed to strengthening EU market surveillance, and we count on the support of national authorities and governments in this work. So I want to thank very much Parliament and all the Members for the work you have been doing on this very important topic.

Madam President, honourable Members, safe e-commerce for European citizens is one of the key priorities of this Commission, especially for vulnerable consumers, including minors. We are very closely monitoring the recent events concerning the sale of illegal products in France, such as child-pornography-related items and bladed weapons. We welcome the steps already taken by the French authorities in this regard. The Commission has always taken a firm position on non-compliant and dangerous products online, especially when concerning the safety of children. Our Digital Services Act case team is in contact with Shein. We understand that, as a reaction to the investigations by French authorities, the platform has suspended listings from all third-party sellers in France until further notice. In addition to measures addressing the risks of illegal products on Shein, the Commission is coordinating an enforcement action by national consumer authorities under the Consumer Protection Cooperation Regulation (CPC). The CPC action concerns several Shein marketing practices that the CPC networks preliminarily found to breach consumer law. This includes, for example, fake discounts, pressure selling, fake reviews, deceptive product labels, and hidden contact details. It is clear that all e-commerce platforms operating in the EU must comply with our rules and our level of consumer protection. Under the DSA, we have very clear rules in place. The DSA obliges platforms to assess and mitigate risks related to illegal content and products on their services, as well as risks related to the protection of minors. In June 2024 and February 2025, we sent requests for information to Shein concerning, amongst other things, the obligation to identify traders selling products on the platform, so-called 'know your business customer' rules, and the risks associated with illegal content. We have also opened formal proceedings against Temu and AliExpress in relation to suspected breaches of their obligations. Temu has been preliminarily found in breach of the obligation to properly assess the risks of illegal products disseminated on its marketplace. Similarly, AliExpress has been preliminarily found in breach of its obligation to assess and mitigate risks related to the dissemination of illegal products. Moreover, in February this year, we adopted the e-commerce communication, which outlines our existing toolbox and also adds new measures for safe, sustainable and fair e-commerce. We are now working at full speed to implement these measures, for example, we aim to swiftly conclude the negotiations on the EU customs reform. We know that e-commerce is a key part of this reform, as goods bought online account for over 97 % of all customs declarations. The customs reform aims to remove the customs duty exemption from goods below EUR 150, and to make online suppliers or platforms accountable for the financial and non-financial obligations related to the products they sell, and also to improve the cooperation between customs authorities and other authorities with new EU-level tools: the EU Customs Data Hub and the EU Customs Authority. In addition, this House and the Council are also negotiating the possibility of charging a fee to compensate for the services provided by customs in trading e-commerce parcels. Overall, we expect that this major customs reform will be adopted next year. Another measure is the priority control areas, which are under way. Here we are coordinating with customs authorities, market surveillance and other competent authorities to have specific coordinated customs controls. The focus is on products with significant safety hazards and risks of non-compliance, which are shipped directly to consumers. The evidence gathered can be used in our DSA investigations. We also have enforcement actions linked to product safety, including the completion of the first ever product safety sweep under the General Product Safety Regulation. Lastly, we are also integrating existing databases such as the EU Safety Gate or the DSA Transparency Database into an interoperable system to better track and detect non-compliant products. Finally, we also have our new EU Single Market strategy, which underlines the need for EU-level governance of market surveillance. The upcoming revision of the EU Market Surveillance Regulation as part of the European Product Act will be a good opportunity to address e-commerce imports. Now I very much look forward to hearing your views.

Mr President, honourable Members, thank you, all of you, for your contributions during this very important debate and for this opportunity to present developments in the rule of law situation in Malta, in the light of the 2025 rule of law report. I count on the Maltese authorities to continue with the reforms already underway and also to address our recommendations, and that they will launch reform processes on issues that still require a response. For our part, as we have said, we are fully prepared to support the Maltese authorities in the interests of its citizens. I would like to personally thank Maltese civil society, which has played a very crucial role in advancing policy changes since Daphne was assassinated eight years ago. Developments in the rule of law in Malta and in all Member States will be analysed as part of the new annual cycle, which will be launched very shortly leading up to the 2026 rule of law report. More generally, let me also flag two upcoming important initiatives: the European democracy shield will include actions to promote, protect and strengthen our democracies in the long run, and it will also be accompanied by the civil society strategy, recognising the key role of civil society organisations in promoting our European Union values.

Mr President, honourable Members, thank you for including in the Plenary agenda this debate to mark the eighth anniversary of the assassination of Maltese investigative journalist Daphne Caruana Galizia. The Commission has repeatedly condemned Daphne's murder, which was a horrible crime. Attacks on our journalists are attacks on press freedom and democracy itself. This eighth anniversary should serve as a stark reminder that protecting journalists' safety in the European Union and around the world needs to have all our attention. The Commission praises once more the courage of Daphne's family and Maltese civil society in fighting for the safety of journalists. We expect the Maltese authorities and courts to continue to do everything necessary to ensure that all those involved in this crime face justice. With regard to the rule of law situation in Malta, I would like to express our appreciation for the Maltese authorities for their spirit of cooperation with the Commission. The Rule of Law Report is the result of very broad engagement with national authorities and stakeholders, as well as civil society and other actors, including professional associations and journalists. It is rooted in dialogue and shared responsibility. The 2025 Rule of Law Report includes in-depth analysis of the main developments concerning the rule of law in Malta. Our conclusion is that Malta has taken steps to solve certain issues. However, additional efforts are needed. Regarding justice, the Report notes that discussions are ongoing in the parliament on a comprehensive constitutional reform relating to the justice sector. The reform would provide further involvement of the judiciary in the procedure for appointment of the Chief Justice, in line with our recommendations. However, the Report also highlights that despite substantial recruitment efforts and proposals to expand court premises, there are still concerns over the need to increase resources, the length of the proceedings and overall efficiency of justice. Efficiency of justice is crucial for ensuring that the rule of law is upheld and that citizens can trust the justice systems. Therefore, we have recommended to Malta to take steps to improve the efficiency of justice. As regards anti-corruption, the Report notes that the implementation of the National Anti-Fraud and Corruption Strategy continues. While new tools have been developed to reduce the length of investigations of high-level corruption cases, a robust track record of final judgments is still needed. Similarly, the capacity of the Permanent Commission Against Corruption to achieve concrete results needs to be improved. Moreover, more work is still needed to implement important anti-corruption recommendations issued following the public inquiry into the assassination of Daphne Caruana Galizia. These include, in particular, rules of lobbying, code of conduct and integrity measures of high-level politicians and officials. Malta has also been asked to improve the regime for the protection of whistleblowers, to actively encourage reporting persons to speak up and notify the authorities of potential corruption. In terms of transparency, only limited steps were taken to improve access to official documents. With regard to media freedom more generally, we are committed to strengthening the support to journalists and improving their protection against pressure and threats. In August, Malta adopted a legal notice which aims to align Maltese legislation with several aspects of the European Media Freedom Act. Now we are monitoring closely this and also other developments concerning the independence of public service media and transparency in state advertising. As to other institutional issues, reforms to establish the national human-rights institutions and to introduce a formal framework for public participation in the legislative process remain pending, although certain progress has been made on the latter. The Report stresses recommendations on these points. In conclusion, while Malta has made progress on certain issues, we continue to insist on the need to make further progress on the different pending issues highlighted in the recommendations of this year's Rule of Law Report. We stand ready to support these efforts. Honourable Members, crimes against our journalists anywhere in the world strike at the very heart of our freedom of expression and media freedom everywhere. On Thursday, 16 October, eight years to the day from Daphne's murder, Sigfrido Ranucci, an Italian journalist working for Rai, was targeted by a bomb placed under his car outside his family home. An investigation is ongoing into this matter. The Commission condemns the attack and expresses its solidarity with Mr Ranucci, his family and his colleagues. Let me add here that under the upcoming European Democracy Shield, we are looking at ways to further support our journalists and improve their protection against pressure and threats, building on the anti-SLAPPs package and the 2021 Commission recommendation on the safety of journalists.

Madam President, Council, honourable Members, thank you for this debate. I think it clearly shows how important our digital rules are to our citizens and to our businesses, and also to you. These rules are equally important to us at the European Commission, and we are fully committed to enforcing them. At the same time, we are also working with the digital simplification package, with the digital omnibus, but it does not mean that we are planning to somehow roll back or lower our standards. It is that we are looking at the overlapping parts of our rules. We want to simplify things, we want to cut red tape and administrative burden from our companies to make sure that when we have, at the same time, very clear rules when it comes to the digital environment, we also have rules which are all the time encouraging new innovations and investments. As President von der Leyen said in her State of the Union speech, it is the sovereign right of the EU and its Member States to apply our rules. We set our own standards to protect and empower our citizens and also to enable our businesses to thrive.

Mr President, honourable members, I remember very well when, in July 2022, this House approved two very groundbreaking laws; two laws that are crucial for our democracy and for our single market in the digital age – the Digital Services Act and the Digital Markets Act. Back then, this House confirmed both laws with an overwhelming majority, and in the Council both laws were agreed by all Member States. Over time, this House has also made very clear that it strongly supports the implementation of both laws. Today's discussion is a testament to that. European citizens and businesses have also signalled clearly that they want to see the DSA and DMA implemented effectively. Last month, President von der Leyen was crystal clear in her State of the Union speech here: when it comes to digital regulation, the EU sets its own standards and decides for itself. So, clearly, this Parliament, the Commission, our citizens and European businesses agree: we need the DSA and the DMA. We need the DSA because it protects our fundamental rights online, because it protects our children from online harm, because it protects our democratic processes, and because it protects us from illegal, unsafe and unsustainable products. The DMA is important because it opens the door to the next waves of innovation, it brings the power of choice back to consumers. The co-legislators gave the Commission a very strong mandate to enforce the DSA and DMA. Today, I can assure you that we are taking this duty very seriously. In April this year, we took the first two decisions under the DMA for Meta and Apple. We will not hesitate to take further action to ensure compliance. We also provided guidance to Apple to make interoperability a reality by the end of this year. Smartwatches, earbuds, speakers: no matter the brand everything will work seamlessly with your iPhones, just like Apple's own products. Under the DSA, we have already designated 25 platforms to whom we have addressed more than 150 requests for information, and we have opened proceedings in 14 cases, and have issued preliminary findings against providers of four very large online platforms. So workshops, roundtables, guidelines, work is ongoing all the time. We now have more than 250 staff enforcing DSM and DMA, and we are hiring 60 more to further strengthen our hard-working teams. We can already see many positive changes which have taken place thanks to these two laws. There is now much more transparency; thanks to the DSA, users can more easily exercise their rights. Many citizens have already used their right to complain when platforms are removing their content. As we can see on the DSA Transparency Database, social media platforms have reversed their removal decisions in 20–35% of those cases. So we have been empowering our users and citizens. Because of the DSA, users can also see now why content on online platforms is recommended to them and they can also opt out of personalised recommendations based on profiling. Under the DSA, we also, very recently in July, issued guidelines on the protection of minors. The scope and ambition of these guidelines are unparalleled globally, and now we are working with online platforms to make sure that they are changing their practices to also comply with these rules and following the guidelines, which very concretely state what kind of practices we are expecting from online platforms to make sure that our children have their safety, security and privacy ensured when they are using online services. Thanks to the DMA, Europeans can now choose the web browser they prefer and they also have better control over their own data. What is true for the DSA and DMA is also true for the application of our competition rules in the digital sphere. In September, we concluded that Google breached EU antitrust rules in the AdTech industry and fined it with EUR 2.95 billion. Google now has 60 days to present us with a viable solution. Structural remedies are likely to be the only way to cease Google's conflicts of interest in the industry on both sides of the Atlantic. We also received comprehensive commitments from Microsoft to address EU competition concerns relating to the Teams collaboration platform. This decision helps us to open crucial markets to competitors. Some of the very large online platforms and gatekeepers have called for the DSA and DMA to be repealed or reset. Some refer to non-existent free speech concerns to avoid respecting the DSA. Some pretend to speak on behalf of European consumers, arguing that the DMA is worsening their experience. Honourable members, you surely remember the similar strong lobbying when we – I was also a member of Parliament at that time – were shaping and adopting these two legislations. Some of the platforms and gatekeepers do not want to accept legislation that holds them accountable to their promises or legislation that opens up their walled gardens to offer opportunities for new innovators. Let me be clear: in Europe, we believe in the force of democratic rules, not in the rule of force. It is not up to the companies to decide whether to comply with our rules, and it is not up to them or the other countries to decide how we enforce our rules. Europe decides for itself.

Mr President, honourable Members, I want to thank you very much for your remarks. Let me underline again our commitment to wide multilateral solutions to the challenges brought by this digital world. We are fully committed to shaping values-based global digital governance and standards together with partners around the world. As stated in our international digital strategy, we need unified EU efforts to ensure that global digital governance supports our interests and values, and we count on your support in these efforts.

Mr President, honourable Members, on behalf of the European Commission, thank you for this opportunity to present to you our policy on the Internet Governance Forum and the importance we give to the Internet Governance Forum. My words today echo the joint declaration signed by myself and the delegation of the Members of this House at the Internet Governance Forum in June 2025 in Norway. We are also guided by the line that Council adopted in May 2025 as a preparation to the World Summit on the Information Society Plus 20 review. Internet governance is also a key element of our international digital strategy. Adopted in June 2025, it is a strategy based on competitiveness, security and partnerships fostering human-centric, value-based digital transformation. The World Summit on the Information Society Plus 20 review will be concluded in New York at the end of this year. It is a crucial opportunity to strengthen the principles of openness, decentralisation and human rights in global digital policy. It is an opportunity for Europe to show our leadership. As we move towards a more robust and resilient tech sovereignty built upon our shared European values, we need to defend the openness of the internet itself. This means that the technical layer – the protocols, standards and infrastructure that make the internet function – must remain open, interoperable and accessible to all. We need to ensure that our future internet benefits all and does not become fragmented or dominated by closed ecosystems. This is what is at stake at the World Summit on the Information Society Plus 20 negotiations. The Internet Governance Forum (IGF) is a key element in the global governance ecosystem. Established in 2006 by the UN Secretary-General, it is the cornerstone of multi-stakeholder internet governance. It is an inclusive space where governments, our civil society and technical communities, academia and the private sector come together to shape the digital future in a transparent and democratic way. The multi-stakeholder approach reflects our European values, such as openness, transparency, respect for human rights and inclusion. These values, reflected in our Declaration on Digital Rights and Principles, are also shared by others. We are working with the external services and with our delegations around the world to seek allies in defending them. We have many partners in Asia – also in Africa and Latin America – who want to work with us promoting the multi-stakeholder approach to internet governance. Together with our Member States, we strongly support the renewal and strengthening of the IGF. We believe that the IGF's mandate, as first established in 2005, is today as relevant as ever. Therefore, we strongly advocate for it to become a permanent body of the UN system beyond 2025, supported by sustainable funding and enhanced institutional capacities with the UN. But we also see the calls to reform the IGF: it needs to evolve to keep up with the digital revolution and the new demands brought by AI. Strengthening the Internet Governance Forum means reinforcing its impact and effectiveness. This includes integrating it more closely with the World Summit on the Information Society's outcomes, and to the implementation of the Global Digital Compact. This way, the IGF can fully play its role in shaping global digital governance frameworks, ensuring digital inclusion, resilience against digital threats, protecting human rights online, supporting also sustainable development goals and addressing emerging digital divides. To see the Internet Governance Forum as a central platform to counter challenges posed by fragmentation, misuse of digital tools or rapidly evolving technologies such as AI and immersive virtual worlds. The Internet Governance Forum can support inclusive discussions and develop innovative solutions to main internet interoperability and openness. It is very crucial to prevent fragmentation that threatens the basis of global connectivity. Honourable Members, countries around the world are looking at us. The EU must not only participate in these global governance dialogues, but actively lead them. We have a very unique position as a global actor committed to openness, interoperability, privacy and digital rights to ensure that the internet evolves in line with the democratic principles and human-centric values. Our international digital strategy – focusing on global partnerships and global digital governance – clearly shows our commitment to the multilateral and multi-stakeholder approach. We want to be the driving force of responsible, guided technological advancement on the global stage. Honourable Members, I warmly welcome Parliament's very strong involvement in our Internet Governance Forum activities. Your continuous engagement strengthens our Europe's voice globally, and underlines the unity and will of the EU institutions to defend open and rights-respecting internet. A strong IGF means stronger global governance, greater digital sovereignty and better protection of fundamental freedoms online. And this is why we aimed at renewing and enhancing the Internet Governance Forum's mandate and should convince our partners around the globe to share this goal. Now we are moving to the next phase of the negotiations towards the World Summit on the Information Society Plus 20 review, and we count here on your support. Together, let us ensure that the internet remains a global resource that empowers everybody – free, open, interoperable, safe, resilient and governed by all.

Mr President, honourable Members, thank you very much for this very topical debate; it clearly shows the complex nature of the illegal use of spyware we are facing. Let me state again that the Commission's view is very clear here: any attempt to illegally access data of citizens, including journalists and political opponents, is unacceptable. We are determined to protect the fundamental rights of our citizens to privacy, data protection and security. We already have many rules in place: we have data protection rules, we have the ePrivacy directive and, just recently, we have adopted the Media Freedom Act, that comes into force in August, and also the Cyber Resilience Act. So we have already many, many rules in place. But I very much agree with you that when we look at the security environment where we are, the attacks against our democracies and also the very fast development of different technologies, I see that it is also important to see that further work in this field is needed. I am very grateful for the support from Parliament.

Mr President, honourable Members, thank you for putting this very crucial issue on the plenary agenda. The Commission strongly condemns any illegal access to interpersonal communications and other data stored on user devices. Any illegal access to the data of our citizens, including journalists and political opponents, is unacceptable. It undermines our core European values, such as the fundamental rights to privacy and data protection. The Commission has been looking at the illegal use of spyware from various angles of the EU law. It is important to address spyware in a holistic way because it poses challenges in many ways. First, in terms of rule of law and fundamental rights, but also data protection, media freedom, trade, cybersecurity, foreign interference and manipulation of information. Some of these issues have already been addressed through legislation adopted by the Parliament and the Council. Others are addressed through non‑legislative tools. So what other existing measures do we have? First, our data protection rules. They are very clear. They ensure that personal data is processed lawfully, fairly and in a transparent manner. They also limit personal data collection for specified, explicit and legitimate purposes. Second, the European Media Freedom Act is another important part of our legal framework. It includes safeguards to protect journalists' sources and conventional communications against the illegal use of spyware. These rules on media freedom will enter into application this August. They also include a general prohibition for intrusive surveillance software in devices used by media service providers, including journalists and related persons. We are currently working with Member States to ensure proper implementation of this and other provisions. And third, in addition, we continue to report – when appropriate – on the issue of spyware, also in the annual Rule of Law report from the perspective of checks and balances and the protection of journalists. In addition, the ePrivacy Directive prohibits the interception of communications as well as the access to and storage of information on user devices without their consent. Moreover, there is the Cyber Resilience Act, which sets cybersecurity requirements for hardware and software placed on the EU market. It introduces obligations for manufacturers, which will help to reduce system vulnerabilities often exploited by spyware. It's also important to note that the investigations into the earliest misuse of spyware are a matter for national authorities, not for the Commission. And we expect, of course, national authorities to examine to the core any spyware allegations. We have also been following with the European External Action Service the Pall Mall Process. This is an international initiative addressing various aspects related to the use of commercial cyber intrusion capabilities. We see this as a very important initiative, the first of its kind at international level and with a very broad scope. Many Member States have already committed to the Pall Mall Process. We are now carefully also exploring options for any further action to decide on the most appropriate way forward. It's important to underline that we must, however, clearly separate the illegal use of spyware from the lawful access to data for law enforcement authorities. When law enforcement authorities use spyware for their purposes, the Law Enforcement Directive applies. We must also acknowledge matters of national security, which are the responsibility of the Member States. However, in line with the case law of the Court of Justice, it is not possible for Member States to invoke national security in a general way. Member States must be able to demonstrate that national security would be compromised in the specific circumstances. Furthermore, the legal use of spyware is only acceptable if it is non-discriminatory, justified by an overriding reason of public interest, proportionate and also in compliance with legal certainty and also our Charter of Fundamental Rights. And we expect, of course, national authorities to examine any allegations of illegal use of spyware as this is their responsibility. So, honourable Members, the Commission and the co-legislators have in recent years addressed the multiple issues of spyware. This Parliament has played a key role in this process. The issue remains complex and further work is needed here, also in view of the changing security landscape and also the emergence of new technologies. The recommendations of the European Parliament's PEGA Committee have been very helpful to guide this work. I can assure you that the Commission is determined to protect the fundamental rights of our citizens to privacy, data protection and security.

Mr President, honourable Members, thank you very much for this debate. Commissioner Brunner and I have been listening very carefully to what you all have said here, and I think it's very encouraging to hear that in this House, there seems to be broad agreement that we need a change in our approach to security. And this is also, as we know, something that EU citizens also expect from us. According to the latest Eurobarometer, 64 % of EU citizens expressed concerns about the EU's security. Europe has long been a beacon of freedom, security and prosperity, grounded in the rule of law, democracy and shared values. But in today's rapidly evolving world, our security landscape has changed. The threats we are facing today, they are larger, they are more global and also increasingly they are online – ranging from organised crime and terrorism to hybrid threats fuelled with disinformation, fear and sabotage to our critical infrastructures. So, it is clear that no Member State can tackle these threats alone. We need a bold, proactive and also coordinated European response. The European internal security strategy is this response, together with the white paper on the future of defence and the preparedness Union strategy. We are now setting together the vision for a safe, secure and more resilient European Union. Security is also a precondition for our democracy. Our security will be further strengthened by the upcoming Democracy Shield, which will also lay out a comprehensive framework to protect and promote democracy in the European Union. We do not start from scratch. Our work will build on the existing vast European internal security architecture with many achievements already in place. We will reinforce partnership with the third countries contributing to global security. We will also make the EU more secure by reinforcing our capabilities, leveraging technology, enhancing cyber security and combating security threats decisively. I cannot stress enough the online dimension of security: combating hateful, criminal and radical online content is a top priority for us. So is ensuring lawful access to data, while preserving privacy and cybersecurity. Here, I want to underline especially the need to protect our children online. We need a new legal framework on protecting children from sexual abuse online. I count on the co-legislators to advance the negotiations here very swiftly, and we will put forward also new initiatives to protect children from radicalisation, online recruitment of gangs and cyber bullying and other serious threats. Resilience is at the heart of all our security measures. We need a change of mindset towards a whole-of-society approach where each citizen, civil society, businesses and academia feel engaged and empowered. As President Niinistö said in his report, security is a public good. We all need to protect it together.