On 24 July 2019, the European Commission presented its 19th “progress report towards an effective and genuine Security Union.” The previous report was published on 20 March 2019 (see eucrim 1/2019, pp. 5-6). Within the framework of this series (see also eucrim 3/2016, p. 123), the 19th progress report focuses, in particular, on the following:

• The need for the Union’s co-legislators to deliver on pending legislative proposals;
• Enhancement of digital infrastructure security in connection with the fifth generation (5G) networks;
• Analysis of the current risks and vulnerabilities of the EU’s anti-money laundering framework (with a package of four reports presented on the same day, see “Money Laundering” in this issue);
• Areas needing further implementation by the EU Member States;
• Stocktaking of ongoing work to counter disinformation and to protect parliamentary elections against cyber-enabled threats, efforts to enhance preparedness and protection against security threats, and cooperation with international partners on security issues.

The report, inter alia, highlights progress made as regards the prevention of radicalisation online. Following the “Christchurch call to action” of 15 May 2019, the Commission and Europol initiated the development of an EU crises protocol that will allow governments and Internet platforms to respond rapidly and in a coordinated manner to the dissemination of terrorist content online. The Commission also points out its support of Member States and local actors in preventing and countering radicalisation on the ground in local communities, e.g., the EU-funded Radicalisation Awareness Network (RAN). However, there is an urgent need for the Council and the European Parliament to swiftly conclude the proposed Regulation on preventing the dissemination of terrorist content online (see eucrim 2/2018, pp. 97-98 and the article by G. Robinson, eucrim 4/2018, p. 234).

Likewise, the EU co-legislators are called on to reach swift agreement on the legislative proposals for a European Cybersecurity Industrial, Technology and Research Competence Centre and Network of National Coordination Centres as well as cross-border access to electronic evidence. Ensuring cybersecurity remains one of the key challenges for the EU. Although a lot still needs to be done, the Commission underlines the progress made during the past two years, including – most recently – efforts by the Commission to address sector-specific requirements and recent actions to tackle hybrid threats. In this context, the report also refers to the adopted sanctions regime, which allow the EU to impose targeted, restrictive measures to deter and respond to cyberattacks constituting an external threat to the EU and its Member States.

Another field of EU action is the strengthening of the EU information systems for security, border, and migration management. The European Parliament and Council are also called on here to accelerate their efforts in adopting new rules on Eurodac and the Visa Information System as well as the technical amendments necessary to establish the European Travel Information and Authorisation System (ETIAS, see also eucrim 2/2018, pp. 82/84).

A further critical point is the resilience of digital infrastructure. In this context, the report refers to the Recommendation on cybersecurity of 5G networks, setting out actions to assess the cybersecurity risks of 5G networks and to strengthen preventive measures (presented in March 2019). As initiated by this Recommendation, Member States completed national risk assessments, on the basis of which a joint review of risks at the EU level will be carried out by October 2019. A common toolbox of mitigating measures is planned for the end of 2019.

As regards the implementation of other priority files on security, the report lists a series of legislative acts that have not been fully transposed by the EU Member States; they are called on to take the necessary measures as a matter of urgency. These acts include:

• The EU Passenger Name Record Directive;
• The Directive on combating terrorism;
• The Directive on security of network information systems;
• The 4th Anti-Money Laundering Directive.

The fight against disinformation and related interference remains a major challenge for the EU’s democratic societies. The EU has put a robust framework in place for coordinated action against disinformation and it took up several measures in the last months. These include:

• The Joint Communication of 14 June 2019 on the implementation of the Action Plan against Disinformation;
• The Rapid Alert System set up in March 2019, which is to facilitate the sharing of insights related to disinformation campaigns and help coordinate appropriate responses;
• The European Cooperation Network on Elections, which held its first meeting on 7 June 2019;
• The envisaged in-depth evaluation of the implementation of commitments undertaken by online platforms and other signatories under the Code of Practice against Disinformation, which was endorsed by the European Council in its conclusions of 21 June 2019.

Ultimately, the report provides updates on the external dimension of the EU’s security policy. It stresses that leveraging the benefits of multilateral cooperation is an integral part of the EU’s efforts towards an effective and genuine Security Union. On 24 April 2019, the EU strengthened cooperation with the UN by signing the framework on counter-terrorism. It identifies areas for UN-EU cooperation and sets priorities until 2020. Several security cooperation measures have also been undertaken with the following partners:

• Western Balkans, e.g., the European Border and Coast Guard Status Agreement between the EU and Albania that entered into force on 1 May 2019);
• Middle Eastern and North African countries with which, for instance, negotiations were launched in view of an international agreement on the exchange of personal data by Europol and the competent national authorities;
• The United States, in relation of which the high-level workshop on battlefield information on 10 July 2019 and the evaluation of the Terrorist Financing Tracking Programme agreement between the EU and the United States (published on 22 July 2019) are highlighted.

In addition, the EU has concluded negotiations on the EU-Canada PNR Agreement with a view to finalising the Agreement as soon as possible. It will also soon begin joint evaluations of its existing PNR Agreements with Australia and the United States.