This Week in ICT & Cybersecurity — Brussels (#17, 2026)
AI Act simplification: Parliament, Council strike deal; Ban on 'nudifier' apps; EU-wide age verification framework set; LIBE hearing on age assurance; Eurogroup reviews cyber risk; EU-Japan deepen digital ties.
May 03, 2026 to May 09, 2026
AI Act simplification: Parliament, Council strike deal; Ban on 'nudifier' apps; EU-wide age verification framework set; LIBE hearing on age assurance; Eurogroup reviews cyber risk; EU-Japan deepen digital ties.
📋 In This Week's Newsletter
• 🇪🇺 European Commission
• ⚖️ EU Legislation
• 🤝 EU Council
• ✒️ EP Committee Work
• 📚 What We're Reading This Week
European Commission
EU strikes political agreement on Digital Omnibus for AI, clarifies high-risk rules and bans 'nudification' apps
The European Commission announced a political agreement with the European Parliament and Council on the Digital Omnibus on AI on 6 May 2026. The package, proposed on 19 November 2025, is designed to simplify implementation of Regulation (EU) 2022/2065 (AI Act) while maintaining safety and fundamental rights. High-risk AI system rules will take effect from 2 December 2027 for systems in critical areas such as biometrics, education, and border control, and from 2 August 2028 for AI integrated into products like lifts or toys. The agreement clarifies the interplay with the Machinery Regulation, extends certain privileges for SMEs to small mid-caps, and expands access to regulatory sandboxes. It also bans AI systems that generate non-consensual sexually explicit content, including so-called 'nudification' apps. Next steps require formal adoption by Parliament and Council.
EU and Japan advance digital partnership: focus on AI, data, quantum, and chips
At the fourth EU-Japan Digital Partnership Council in Brussels, the Commission and Japanese ministers agreed new steps to deepen regulatory, research, and industry cooperation across AI, semiconductors, digital infrastructure, and data governance. Joint initiatives include a Data Strategy Working Group, expanded adequacy for research data flows, and a Cooperation Arrangement on AI research and safety. The parties welcomed the Q-Neko quantum project and joint 6G research, and confirmed intentions to address semiconductor supply chain dependencies. Discussions covered interoperable digital identities, platform regulation, and standardisation. The next Council meeting is set for Tokyo in 2027.
Payments under NextGenerationEU surpass €400 billion milestone
On 4 May 2026, the European Commission reported total Recovery and Resilience Facility (RRF) disbursements exceeding €400 billion, following payments of €4.6 billion to Germany and €1.25 billion to Slovakia. The funds support digital public administration, renewable energy, hydrogen research, and education. Germany has reached 80% of its €30.3 billion allocation; Slovakia has received 81% of its €6.4 billion. The RRF, central to NextGenerationEU, is performance-based and concludes by end-2026, with Member States required to submit final payment requests by September 2026.
Commission approves €813 million state aid package for Lithuanian development bank ILTE
On 4 May 2026, the Commission approved Lithuanian state aid for Investicijos į Lietuvos ekonomiką (ILTE) under Article 107(3)(c) TFEU. The package comprises €813 million in capital injections and €15 million per year in tax and dividend exemptions. ILTE will support investments in sectors facing market failures such as digital, renewable energy, defence, and infrastructure. The measures are limited to bridging market gaps, with safeguards to avoid crowding out private finance.
EU Legislation (Official Journal)
Commission Recommendation (EU) 2026/1035 establishes EU-wide framework for age verification technologies
Published in the Official Journal L on 8 May 2026 (CELEX: 32026X1035), the Recommendation sets out a common European framework for privacy-preserving, interoperable age verification solutions, to be available by end-2026. It references Regulation (EU) 2022/2065 and aims to ensure compliance with children's rights, data protection, and digital identity standards. Member States are encouraged to develop national age verification solutions, either as standalone apps or integrated into European Digital Identity Wallets, based on a Commission-defined blueprint.
EU Council
Eurogroup reviews operational resilience of banks, including cybersecurity and AI risks
At its 4 May 2026 meeting, the Eurogroup discussed economic impacts of the Middle East conflict and heard from the Single Supervisory Mechanism and Single Resolution Board chairs on banks' cyber resilience and AI usage.
EP Committee Work
LIBE Committee holds hearing on age verification, assurance, and estimation techniques to protect minors online
On 6 May 2026, the Committee on Civil Liberties, Justice and Home Affairs (LIBE) held a public hearing examining technical and rights-based aspects of age verification systems for online platforms. Panelists included Yvo Volman (DG Connect, European Commission), representatives from CNIL and AEPD, academics, and civil society. The hearing addressed privacy, data security, and the balance between child protection and digital rights.
What We're Reading This Week
- The European Digital Capacity Index: A new index measures and compares European countries’ digital readiness to guide policy and investment decisions.
