Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

International Law
Reference:

Key directions of development of supranational legal regulation of the EU digital space at the present stage

Lyu Kirill Alekseevich

Postgraduate Student, Department of European Law, Faculty of International Law, Moscow State Institute of International Relations

119454, Russia, g. Moscow, pr. Vernadskogo, 76

kirill.lu.0322@gmail.com
Other publications by this author
 

 

DOI:

10.25136/2644-5514.2022.1.37674

Received:

13-03-2022


Published:

03-04-2022


Abstract: Within the framework of this article, an attempt is made to identify the most relevant trends in the field of improving supranational legal regulation of digital relations at the EU level. This has become the main goal of this study. To achieve this goal, relevant legal initiatives are analyzed in three main areas: within the framework of improving EU law in the field of cybersecurity and personal data protection; within the framework of the development of supranational regulation of digital (cloud) infrastructure; as well as within the framework of the formation of the legal framework for the creation of a single EU digital market. The object of the study was the social relations developing in the digital sphere at the supranational level within the framework of the European Union. The subject was proposals and initiatives to improve the supranational legal framework for regulating such public relations in modern conditions.    The scientific novelty of the study is that it is an attempt to comprehensively analyze the most relevant EU initiatives to improve the supranational legal framework for regulating public relations in the digital environment. In the Russian literature, the relevant processes have not yet been studied to the proper extent. Based on the results of the analysis, the conclusion is formulated that the current directions of improving the supranational legal regulation of the single digital space of the EU are represented by three main directions: 1) improvement of supranational regulation of the unified digital environment in terms of ensuring cybersecurity and personal data protection; 2) development of supranational legal foundations of a unified digital (cloud) infrastructure; 3) creation of supranational legal foundations of a single digital market.


Keywords:

European Union, digital space, digital sovereignty, cybersecurity, personal data, digital infrastructure, non-personal data, digital services, digital market, the gatekeeper company

This article is automatically translated.

Introduction

The relevance of the topic chosen for research. The intensification of the EU's activities in the field of building a single digital space was initially associated with the change of the President of the European Commission, within which this position was taken by W. von der Leyen. The transformation of digital policy in accordance with the challenges of the digital age has become one of the key priorities of the new composition of the European Commission, and the nearest period from 2020 to 2030 was declared the Digital Decade [1].

The need to develop the EU's supranational digital policy has become even more evident in the context of the challenges of the global COVID-19 pandemic. Restrictive measures imposed by the states (both in the sphere of social distancing and in the sphere of business) have led to the intensification of digitalization processes in all spheres of public life. Moreover, the practice of wider use of digital technologies during the coronavirus pandemic has demonstrated a high potential for their use to achieve the goals of the European Green Pact (eng. The European Green Deal)[2]. The development of digital technologies and the more active use of modern ICT in business and public administration has been evaluated by European supranational institutions as one of the promising ways to a climate-neutral and sustainable European economy.

At the same time, the coronacrisis also revealed the presence of significant vulnerabilities existing within the European digital space. In particular, one of such vulnerabilities was the existence of a serious dependence of the EU on critical digital solutions and technologies implemented by foreign entities on the territory of the European Union. COVID-19 has also exacerbated problems with the spread of false and misleading information on the Internet, problems in the field of cyber security, as well as vulnerabilities of the EU digital infrastructure [1].

In such circumstances, the U. von der Leyen Commission has moved to even more active actions in the field of building a single digital space of the EU that meets modern challenges and threats that have worsened during the COVID-19 pandemic. Thus, in September 2020, U. von der Leyen announced in her message[3] that the EU should ensure the strengthening of its own digital sovereignty on the basis of common goals and principles formulated within the framework of the common vision of the EU. Subsequently, such a common vision was formulated in detail by the European Council within the framework of the Digital Compass 2030[4], which assumed the intensification of the digital transformation of the European Union based on the formation of a fully functioning digital single market[5].

Taken together, all of the above indicates the emergence of fundamentally new directions of supranational regulation of the digital space in the context of modern technological changes. However, in the Russian literature, the relevant processes have not yet been studied to the proper extent. This determines not only the practical, but also the theoretical significance of the chosen topic, determines its relevance.

The object of the study was the social relations developing in the digital sphere at the supranational level within the framework of the European Union. The subject was proposals and initiatives to improve the supranational legal framework for regulating such public relations in modern conditions.

The purpose of the study is to identify key areas for improving supranational legal regulation in order to build a single digital space of the EU. To achieve this goal, the study consistently analyzes initiatives to improve the supranational legal regulation of the EU in the areas of: 1) the development of a pan-European digital infrastructure; 2) the formation of a reliable and secure digital environment; and 3) the development and implementation of new rules for conducting activities in the digital environment.

The theoretical basis of the research is represented by modern domestic and foreign concepts.

So, today there are quite detailed foreign studies of supranational regulation of the digital space within the EU (here we can note the works of such authors as: M. G?rot and W. Maxwell [2], C. Hobbs [3], T. Jelinek [4], T. Madiega [5], V. Reding [6] and etc.). As for the domestic literature, the works related to the topic chosen for research can only include works devoted to the analysis of the features of supranational regulation of certain areas of the digital sector within the EU (V. Bulva [7], E. Zinovieva [8], N.B. Kondratieva [9, 10], L.B. Parfenova [11], A.Y. Churilov [12], Ya.N. Shevchenko [13], I.V. Shugurova [14], etc.). At the same time, none of the above studies contains a systematic analysis of modern features of the legal regulation of the digital sphere in the EU. The current trends of supranational regulation of the digital sphere in the EU have not received sufficient coverage either.

The methodological basis of the study was made up of general scientific and special research methods. Among the general scientific research methods can be distinguished: analysis, synthesis, inductive-deductive method, comparison, etc. Special research methods include: analysis of draft legal acts, analysis of legislative initiatives, systematic analysis of legal regulation, historical and legal analysis, etc.

The main part

At the EU level, back in 2010[6], it was stated that the development of the digital sector of the economy is hindered due to the lack of pan-European regulatory rules in the relevant areas, which is accompanied by insufficient coordination between member states in building a uniform legal regulation of the digital environment. It was from that time that the EU took a course to build a single digital space and introduce appropriate supranational legal norms.

In 2020 , in accordance with the Appeal of U. von der Leyen and based on the provisions of the Digital Compass 2030 , the development of supranational regulation of the single digital space was tied to the development of a new legal regulation in three main areas: 1) digital environment; 2) digital infrastructure; 3) digital market.

Thus, the comprehensive legal regulation of the digital sphere at the EU level is currently taking the form of the creation of a single digital space of an integration association, which is carried out within the framework of three main directions:

1) improvement of supranational regulation of the unified digital environment in terms of ensuring cybersecurity and personal data protection (Data Protection Regulation 2016[7], Directive on the Security of Networks and Information Systems 2016[8], Cybersecurity Regulation 2019[9]);

2) development of supranational legal foundations of a unified digital (cloud) infrastructure (Regulation on the Free Circulation of Non-personal data in the EU in 2018[10], European Data Strategy 2020[11], requirements for climate neutrality and energy efficiency[12], Digital Economy and Society Index, DESI[13]));

3) creation of supranational legal foundations of a single digital market: the order of access to the market and the implementation of activities on it by various entities, special antitrust rules, legal regime for consumer protection, etc. (Proposal of the European Commission on the adoption of the Regulation on Digital Services 2020[14], Proposal of the European Commission on the adoption of the Regulation on Digital Markets 2020[15]).

Let's consider these three directions in more detail.

Improving supranational regulation in terms of cybersecurity and personal data protection

The first step towards the development of supranational regulation of the digital environment at the EU level was the creation of a supranational legal framework in the field of cybersecurity. So, in 2013, a special document was adopted – the EU Cybersecurity Strategy[16], in 2016 - the Network and Information Systems Security Directive[17], or the NIS Directive, in 2017 - a Plan for a coordinated response to major cyber attacks[18]. A special surge in legislative activity occurred in 2018-2019, when a package of legislative acts in the field of cybersecurity was adopted, including, among other things, the Regulations on Cybersecurity[19].

The next step in this direction was the adoption in 2016. The General Data Protection Regulation[20], the main purpose of which was to unify the legal regulation of the collection, storage and processing of personal data in the EU. This act expanded the concept of personal data, introduced the concepts of "cross-border data transfer", "pseudonymization", established the "right to oblivion", defined the legal status of a special data protection official. In addition, this regulation unified the rules for exporting data from the EU [12].

At the present stage, the key task in the framework of the implementation of this direction of the formation of a single digital space of the EU is the development and implementation of new standards for the regulation and control of digital products and services. At the same time, these standards should apply to both internal (EU residents) and external participants of the digital market. The creation of these standards is currently underway in two main areas: 1) in the field of cybersecurity and 2) in the field of personal data protection in the digital environment.

The improvement of supranational legal regulation in the field of cybersecurity includes three key areas of development of the supranational regulatory framework:

Firstly, work is currently underway to improve the certification system in the field of cybersecurity, which would ensure reliable protection of consumers and businesses in the digital environment. At the same time, new certification standards should be developed and adopted by 2023. The general regulatory framework for the implementation of these standards should be amendments to the 2016 Directive on the Security of Networks and Information Systems[21], which currently provides for a purely voluntary certification system in the field of cybersecurity.

Secondly, achieving the level of cybersecurity necessary for the formation of a single digital space requires the elimination of gaps and conflicts existing in EU law in terms of cybersecurity requirements. As noted in the report of the European Court of Auditors[22], such legal gaps are currently present within the framework of the regulation of the competence of the EU and member states in the field of cybersecurity, as well as in the field of supranational requirements for the disclosure of cyber risks. In addition, the achievement of the relevant goals involves the creation of a Joint Cybersecurity Unit, which would ensure closer coordination between the supranational institutions of the EU and the public authorities of the EU member states. The European Commission has already taken the initiative to create such centers[23].

Thirdly, the construction of a single digital market in the EU today also involves the development and adoption of supranational requirements for ensuring cybersecurity of public procurement of objects, works and services related to the construction of digital and cloud infrastructure both at the EU level and at the national level. In addition, a more general task is set here to improve the cybersecurity system of public procurement in general, which should take into account current challenges and critical aspects of the introduction of digital technologies in sensitive sectors of the economy [5]. Moreover, at present, the European Court of Auditors has already prepared a proposal to create a system of general public procurement for the creation of digital and cloud infrastructure throughout the European Union[24], which is another important step towards the formation of a reliable and secure digital environment, and, consequently, a single digital space of the EU.

The protection of personal data in the digital environment is the second relevant component of the EU's activities in the field of building a reliable and secure digital environment.

The regulatory regulation of the protection of personal data at the supranational level in the EU at the current stage is mainly focused around the provisions of the General Regulation on the Protection of Personal Data of 2016, the European Commission reported on the full implementation of which into the national legal order of the member states in June 2020.[25]

However, the coronavirus pandemic has revealed serious regulatory shortcomings contained in this act. The key problem here is the fact that currently the main subjects of collecting, storing and analyzing big data (including personal data) are companies incorporated in the USA (the so-called GAFAM – Google, Apple, Facebook, Amazon and Microsoft) and in China. Such a situation entails the actual loss of control over the handling of personal data of EU citizens [4]. As a result, in most cases of using personal data to track social contacts during the pandemic, supranational European regulation proved to be inapplicable. At the same time, such a situation has been present for quite a long time. The Chinese coronavirus pandemic has only highlighted its presence more vividly.

Thus, the need to improve the supranational system of personal data protection in the EU began to be considered as an integral element of the strategy for the formation of a single digital space. Currently, work is underway to create and adopt standards and instructions in the field of enhanced personal data protection in the most sensitive areas of public life (financial sector, healthcare, etc.), but by 2030 it is planned to completely modernize the personal data protection system in such a way that it provides a high level of data protection and confidentiality, regardless of specific circumstances of storage and processing of such data[26].

Development of supranational legal foundations of a unified digital (cloud) infrastructure

The creation of a secure, high-performance and sustainable digital infrastructure [27] is perceived in the EU as an essential condition for the formation of a single digital space. At the same time , the activities for the formation of a modern and efficient digital infrastructure in the EU include two areas: 1) provision of free high-speed Internet connection throughout the European Union; and 2) development of intra-European initiatives in the field of big data collection, storage and processing (Eng. big data).

As part of the first direction, the EU is currently tasked with providing gigabit communications throughout the European Union by 2030. At the same time, the main attention here is supposed to be paid to the creation of a stable, fixed mobile and satellite connection based on the creation of networks with very high bandwidth (5G at the current stage with the potential to deploy 6G networks by 2030). The main goal here is to ensure the coverage of gigabit networks of all EU settlements by 2030[28]

The second direction involves the development of its own intra-European capacities (including through the creation of favorable business conditions) in the field of big data storage and processing in order to return the data storage sites of EU residents to the territory of the European Union (currently, big data of Europeans is stored within the structures of the largest American and Chinese IT giants [3]). In other words, the EU is currently aiming at forming its own supranational cloud infrastructure for collecting, storing and processing data of EU residents, national authorities of EU member states and supranational EU bodies.

To this end, in 2018, the Regulation on the Free Circulation of Non-personal Data on the Territory of the EU was adopted[29], which established the rules for storing and processing relevant data on cloud servers physically located on the territory of the EU, the rules for public authorities' access to such data (rules for electronic document management and turnover of non-personal data). At the same time, the strategic goal of the adoption of this regulation was the desire to create a legal framework for supranational regulation of cloud computing in general.

Today, the regulatory framework for the implementation of measures in this area is the provisions of the European Data Strategy[30], which involves the development and adoption of new regulatory measures in the field of cloud infrastructure implementation throughout the European Union. In addition, the European Data Strategy explicitly provides for the creation of a modern digital and cloud infrastructure that would ensure the formation of competitive conditions for data collection, analysis, processing and exchange for EU residents (especially in the field of B2B business interactions and in the field of citizens' interactions with G2C governments). In addition, the Strategy enshrines the principle of open access to state and supranational data in certain strategic sectors (in particular, in the field of transport and healthcare).

Special attention within the framework of the analyzed direction of the formation of a single digital space of the EU is paid to the issues of reducing energy consumption by digital and cloud infrastructure facilities. In particular, in accordance with the Digital Compass 2030, it is established that such infrastructure in 2030 should comply with the principles of climate neutrality and energy efficiency[31]. At the same time, the excess energy will be used for heating residential buildings, commercial buildings and public places. The formation of an appropriate regulatory mechanism was entrusted to the European Commission, which should develop and approve expanded indices of the digital economy and Society (English Digital Economy and Society Index, DESI[32]).

Creation of supranational legal foundations of a single digital market

The development and implementation of new rules for conducting activities in the digital environment (the provision of services, the functioning of network services, the sale of digital goods, etc.) has become the latest activity in the process of forming a single digital space of the EU at the present stage.

In many ways, the need to improve the relevant regulatory framework was due to the same reasons as the need to transform supranational regulation of cybersecurity and personal data protection. The key prerequisite here was the extremely high presence of American and Chinese IT giants in the digital markets of the EU and EU member states.

However, in contrast to building a reliable and secure digital space, the introduction of new regulatory rules in the EU digital markets was due to the desire of the EU supranational institutions to provide certain advantages to the participants of the relevant markets that are EU residents [5]. Within the framework of the analyzed direction, the EU has moved to a more protectionist policy aimed at establishing additional requirements and barriers for large foreign IT companies operating in digital markets.

In particular, it is planned to introduce a mechanism for evaluating the acquisitions of some participants of high-tech companies by others. This measure is aimed at countering the trend for the acquisition of startups in the digital sphere by large foreign IT giants [4]. Within the framework of this mechanism, the compliance of mergers and acquisitions with the requirements of antimonopoly legislation and competition protection legislation will be checked. Thus, the EU plans to increase competition in digital markets, as well as to ensure freer development for small and medium-sized businesses in these markets.

In addition, work is also underway to transform the taxation system of digital market participants towards creating a more favorable tax regime for small and medium-sized businesses [4]. Despite the fact that the formally noted changes will not be directed against foreign IT companies, in fact they will still have the most negative impact on American and Chinese IT giants, whose excessive presence in European digital markets is considered by the EU as a key risk both for the development of their own companies and for ensuring cybersecurity and personal data protection. user data. Thus, this measure is regarded in the EU as one of the most important steps towards ensuring digital sovereignty [5].

However, in addition to the mentioned protectionist measures, the construction of a single digital space also requires the presence of more general regulatory instruments aimed at forming supranational rules for conducting activities in the digital market. They are reflected in two proposals of the European Commission (proposal): in the proposal for the adoption of the Regulation on Digital Services [33] and in the proposal for the adoption of the Regulation on Digital Markets[34]. Both of these "bills" are directly aimed at creating a common regulatory framework for regulating digital markets at the supranational level. At the same time, they explicitly indicate the creation of a single digital market of the EU.

The most interesting initiative, which was reflected in the noted proposals of the European Commission, was the creation of a new legal category of participants in the digital market – "gatekeepers companies" (Eng. gatekeepers), which carry out the actual control of digital business access to the end user. In accordance with the idea of the authors of the "bill", this status should be assigned on a declarative basis to large digital platforms and network services that actually occupy a monopoly position in a certain digital market.  Their activities are planned to be regulated according to a model similar to the regulation of the activities of natural monopolies and, thereby, to protect small and medium-sized IT businesses from abuse on their part.

Currently, the proposals of the European Commission on the regulation of the EU single digital market are being discussed within the framework of the legislative procedures of the European Union, but the probability of their adoption is very high. So, in particular, as noted in the "bills" themselves, they fully comply with the existing EU regulatory framework, including the Directive on Electronic Commerce of 2000[35], the Directive on Audiovisual Media Services of 2010[36], the Regulation of 2019 on the promotion of fairness and transparency for business users of intermediary online services[37] and other provisions of supranational EU law.

Conclusion

The current directions of improving the supranational legal regulation of the single digital space of the EU are represented by three main directions: 1) improvement of supranational regulation of the unified digital environment in terms of ensuring cybersecurity and personal data protection; 2) development of supranational legal foundations of a unified digital (cloud) infrastructure; 3) creation of supranational legal foundations of a single digital market.

As part of the first direction, it is currently planned to develop and implement new standards for cybersecurity and personal data management at the EU level. At the same time, these standards will have to apply to both internal (EU residents) and external participants of the digital market. The general regulatory framework for the introduction of new cybersecurity standards should be the introduction of amendments to the Directive on the Security of Networks and Information Systems in 2016. In terms of personal data protection in the digital environment, work is underway today to create and adopt standards and instructions in the field of enhanced personal data protection in the most sensitive areas of public life (financial sector, healthcare, etc.), and by 2030 it is planned to completely modernize the personal data protection system so that it provides a high level of data protection and confidentiality, regardless of the specific circumstances of the storage and processing of such data.

The second direction is mainly represented by the provisions of the European Data Strategy 2020, which establishes the need to develop and adopt supranational rules for the creation and operation of cloud infrastructure that would ensure the creation of competitive conditions for the collection, analysis, processing and exchange of non-personal data for EU residents. At the same time, such regulation is based on the principle of open access to state and supranational data in certain strategic sectors (in particular, in the field of transport and healthcare). In addition, the requirements of climate neutrality and energy efficiency have been incorporated into the sphere of legal regulation of digital infrastructure by imposing on the European Commission the responsibility to develop new expanded indices of the digital economy and society (DESI).

The third direction of improving the legal regulation of the digital space at the EU level is represented today by two "legislative" initiatives of the European Commission (proposal): a proposal to adopt a Regulation on Digital Services and a proposal to adopt a Regulation on digital Markets. Both of these "bills" are directly aimed at creating a common regulatory framework for regulating digital markets and digital services at the supranational level. At the same time, they explicitly indicate the creation of a single digital market of the EU. In addition, in this area, it is planned to introduce new requirements of antimonopoly legislation aimed at preventing uncontrolled absorption of startups in the digital sphere by large foreign IT giants. It is also planned to transform the taxation system of digital market participants towards creating a more favorable tax regime for small and medium-sized businesses. These measures are regarded in the EU as one of the most important steps towards ensuring digital sovereignty.

 

[1] A Europe fit for the digital age [Electronic source] // European Commission. URL: https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age_en (accessed: 13.03.2022)

[2] Communication from the Commission to the European Parliament, the European council, the Council, the European economic and social committee and the Committee of the regions: The European Green Deal (COM/2019/640 final). Brussels, 11.12.2019

[3] State of the Union Address by President von der Leyen at the European Parliament Plenary // European Commission. 16 September 2020

[4] Communication from the Commission to the European Parliament, the Council, the European economic and social committee and the Committee of the regions: 2030 Digital Compass: the European way for the Digital Decade (COM/2021/118 final). Brussels, 9.3.2021

[5] Communication from the Commission to the European Parliament, the Council, the European economic and social committee and the Committee of the regions: A Digital Single Market Strategy for Europe. (COM/2015/0192 final). Brussels, 6.5.2015

[6] Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. A Digital Agenda for Europe. (COM(2010)245 final). Brussels, 19.5.2010

[7] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) // OJ L 119, 4.5.2016, p. 1–88.

[8] Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union // OJ L 194, 19.7.2016, p. 1-30.

[9] Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) // OJ L 151, 7.6.2019, p. 15–69

[10] Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union // OJ L 303, 28.11.2018, p. 59–68.

[11] Communication from the Commission to the European Parliament, the Council, the European economic and social committee and the Committee of the regions: A European strategy for data (COM/2020/66 final). Brussels, 19.2.2020 // [Electronic source]. URL: https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1593073685620&uri=CELEX%3A52020DC0066 (accessed: 13.03.2022). 

[12] Communication from the Commission to the European Parliament, the European council, the Council, the European economic and social committee and the Committee of the regions: The European Green Deal (COM/2019/640 final). Brussels, 11.12.2019 // [Electronic source]. URL: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2019%3A640%3AFIN (accessed: 13.03.2022). 

[13] The Digital Economy and Society Index [Electronic source] // European Commission. URL: https://digital-strategy.ec.europa.eu/en/policies/desi (accessed: 13.03.2022). 

[14] Proposal for a Regulation of the European parliament and of the Council on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC (COM/2020/825 final) // [Electronic source]. URL: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=COM:2020:825:FIN (accessed: 13.03.2022). 

[15] Proposal for a Regulation of the European parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act) (COM/2020/842 final) // [Electronic source]. URL: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=COM%3A2020%3A842%3AFIN (accessed: 13.03.2022). 

[16] Joint communication to the European Parliament, the Council, the European economic and Social Committee and the Committee of the regions «Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace» // JOIN (2013) 1 final. Brussels, 7.2.2013.

[17] Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union // OJ L 194, 19.7.2016, p. 1–30

[18] Commission Recommendation (EU) 2017/1584 of 13 September 2017 on coordinated response to large-scale cybersecurity incidents and crises // OJ L 239, 19.9.2017, p. 36–58.

[19] Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) // OJ L 151, 7.6.2019, p. 15–69

[20] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) // OJ L 119, 4.5.2016, p. 1–88

[21] Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union // OJ L 194, 19.7.2016, p. 1-30.

[22] Review No 02/2019: Challenges to effective EU cybersecurity policy (Briefing Paper). European Court of Auditors. 2019.

[23] Proposal for a Regulation of the European Parliament and of the Council establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres A contribution from the European Commission to the Leaders’ meeting in Salzburg on 19-20 September (2018 COM/2018/630 final). Brussels, 12.9.2018.

[24] Review No 02/2019: Challenges to effective EU cybersecurity policy (Briefing Paper). European Court of Auditors. 2019.

[25] Commission report: EU data protection rules empower citizens and are fit for the digital age // [Electronic source] // European Commission. 24 June 2020. URL: https://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX%3A52018PC0630 (accessed: 13.03.2022). 

[26] Communication from the Commission to the European Parliament, the Council, the European economic and social committee and the Committee of the regions: 2030 Digital Compass: the European way for the Digital Decade (COM/2021/118 final). Brussels, 9.3.2021.

[27] We are talking here about the implementation of the concept of sustainable development, which presupposes the harmonious development of business, society and the environment (see, for example, UN General Assembly Resolution of September 25, 2015 A/RES/70/1 "Transforming our world: the 2030 Agenda for Sustainable Development" // [Electronic resource] // URL: https://www.un.org/ga/search/view_doc.asp?symbol=A/RES/70/1&Lang=R (accessed 13.03.2022)).

[28] Communication from the Commission to the European Parliament, the Council, the European economic and social committee and the Committee of the regions: 2030 Digital Compass: the European way for the Digital Decade (COM/2021/118 final). Brussels, 9.3.2021.

[29] Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union // OJ L 303, 28.11.2018, p. 59–68.

[30] Communication from the Commission to the European Parliament, the Council, the European economic and social committee and the Committee of the regions: A European strategy for data (COM/2020/66 final). Brussels, 19.2.2020.

[31] Communication from the Commission to the European Parliament, the Council, the European economic and social committee and the Committee of the regions: 2030 Digital Compass: the European way for the Digital Decade (COM/2021/118 final). Brussels, 9.3.2021.

[32] The Digital Economy and Society Index [Electronic source] // European Commission. URL: https://digital-strategy.ec.europa.eu/en/policies/desi (accessed: 13.03.2022). 

[33] Proposal for a Regulation of the European parliament and of the Council on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC (COM/2020/825 final).

[34] Proposal for a Regulation of the European parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act) (COM/2020/842 final).

[35] Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce) // OJ L 178, 17.7.2000, p. 1-16.

[36] Directive 2010/13/EU of the European Parliament and of the Council of 10 March 2010 on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the provision of audiovisual media services (Audiovisual Media Services Directive) // OJ L 95, 15.4.2010, p. 1-24.

[37] Regulation (EU) 2019/1150 of the European Parliament and of the Council of 20 June 2019 on promoting fairness and transparency for business users of online intermediation services 9 PE/56/2019/REV/1) // OJ L 186, 11.7.2019, p. 57-79.

References
1. Lola, I.S., Bakeev, M.B. (2020). Цифровая повестка и инициативы в области цифровых технологий в условиях COVID-19 (обзор практик Европейского союза, Организации экономического сотрудничества и развития, а также других стран) [The digital agenda and initiatives in the field of digital technologies in the context of COVID-19 (a review of the practices of the European Union, the Organization for Economic Cooperation and Development, and other countries)]. Moscow: NRU HSE. 19 p.
2. Gérot, M., Maxwell, W. (2020). Will the GDPR frustrate Europe’s plans for AI? ItProPortal. Accessed: 13.03.2022. URL: https://www.itproportal.com/features/will-the-gdpr-frustrate-europes-plans-for-ai/
3. Hobbs, C. (2020). Europe’s digital sovereignty: From rulemaker to superpower in the age of US-China rivalry. European Power. Essay Collection. Berlin: ECFR. 99 p.
4. Jelinek, T. (2021). Mapping Europe's Digital Sovereignty Strategy: The EU-China-US Triangle. Beijing: Taihe Institute. 28 p.
5. Madiega, T. (2020). Digital sovereignty for Europe. Brussels: European Parliamentary Research Service (EPRS). 12 p.
6. Reding, V. (2016). Digital Sovereignty: Europe at a Crossroads. Luxembourg: EIB Institute.10 p.
7. Zinovieva, E., Bulva, V. (2021). Цифровой суверенитет ЕС [Digital sovereignty of the EU]. Modern Europe, 2, 40-49.
8. Zinovieva, E.S. (2020). Проблемы международного управления Интернетом в контектсе цифрового суверенитета [Problems of international Internet governance in the context of digital sovereignty]. Collection of reports of the participants of the Thirteenth International Forum "Partnership of the state, business and civil society in ensuring international information security" (Germany), 133-136.
9. Kondratieva, N.B. (2020). Развитие цифровой политики ЕС [Development of the digital policy of the EU]. European Union: facts and comments / Ed.: Borko Yu.A. (editor-in-chief) Butorina O.V. Zhurkina V.V. Potemkina O.Yu. FGBEO Institute of Europe RAS. Association for European Studies, 102, 29-33.
10. Kondratieva, N.B. (2019). Цифровизация единого рынка ЕС [Digitalization of the EU Single Market]. Europe between three oceans / Ed. ed. Al.A. Gromyko, V.P. Fedorova, 379-394.
11. Parfenova, L.B. (2018). Европейская стратегия развития цифровой экономики: региональная дифференциация [European strategy for the development of the digital economy: regional differentiation]. Bulletin of the Tver State University. Series: Economics and Management, 3, 30–38.
12. Churilov, A.Yu. (2019). Принципы общего Регламента Европейского союза о защите персональных данных (GDPR): проблемы и перспективы имплементации [Principles of the European Union General Data Protection Regulation (GDPR): problems and prospects for implementation]. Siberian Legal Review, 16(1), 29-35.
13. Shevchenko, Ya.N. (2021). Цифровой суверенитет Европы в контексте политики глобального управления данными [European Digital Sovereignty in the Context of Global Data Management Policy]. Political Science, 3, 251-270.
14. Shugurova, I.V. (2020). Проблемы правовой охраны и использования сиротских произведений в условиях цифровой среды в Европейском союзе [Problems of legal protection and use of orphan works in the digital environment in the European Union. Copyright]. Bulletin of the Russian Academy of Intellectual Property and the Russian Authors' Society, 4, 123-136.

Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

The subject of the study is the key directions of the development of supranational legal regulation of the EU digital space at the present stage. The author identifies the object of research, which was the public relations developing in the digital sphere at the supranational level within the framework of the European Union. The purpose of the study is to identify key areas for improving supranational legal regulation in order to build a single digital space of the EU. The research methodology includes theoretical and practical components. The author identifies such tasks for research as the analysis of initiatives to improve the supranational legal regulation of the EU in the following areas: the development of a pan-European digital infrastructure; the formation of a reliable and secure digital environment; the development and implementation of new rules for conducting business in the digital environment. The relevance is due to the crisis political and economic situation in the world, especially in terms of Russia's participation in the EU. The scientific novelty consists in the author's developments and proposals that have a complex character. The style of the article is scientific. The structure provides an introductory part, the main and the final parts. The author notes that the development of the digital sector of the EU economy is hampered by the lack of pan-European regulatory rules in relevant areas, which is accompanied by insufficient coordination between member states in building a uniform legal regulation of the digital environment. It was from this time that the EU took a course towards building a single digital space and implementing appropriate supranational legal norms. Based on the above, the article proposes such sections as improving supranational regulation in terms of ensuring cybersecurity and personal data protection; developing supranational legal foundations of a unified digital (cloud) infrastructure; creating supranational legal foundations of a single digital market. The content of the presented article reveals the indicated directions. Of interest is the author's approach that the key task in the framework of the implementation of this direction of the formation of a single digital space of the EU is the development and implementation of new standards for the regulation and control of digital products and services. At the same time, these standards should apply to both internal (EU residents) and external participants in the digital market. The creation of these standards is currently underway in two main areas: 1) in the field of cybersecurity and 2) in the field of personal data protection in the digital environment. The author rightly believes that the need to improve the supranational system of personal data protection in the EU has become considered as an integral element of the strategy for the formation of a single digital space. In the second section of the main part, the author notes that special attention within the framework of the analyzed direction of the formation of a single digital space of the EU is paid to reducing energy consumption by digital and cloud infrastructure facilities. The formation of an appropriate regulatory mechanism was entrusted to the European Commission, which should develop and approve expanded indices of the digital economy and society. In the third section, the analysis of legal regulation is of interest. And also, the vision of the author of the concept of creating a new legal category of participants in the digital market – "gatekeepers companies" (Eng. gatekeepers), which carry out the actual control of digital business access to the end consumer. The author's proposals on current directions for improving the supranational legal regulation of the EU single digital space, presented in the final part, are also interesting. The bibliography is presented by a wide range of relevant sources of scientific, theoretical and applied nature. A wide range of legal acts that the author has studied. The article may be of interest to the readership. I recommend publishing it.