The EU achieved progress in fighting terrorism, stepping up information exchange, countering radicalisation, preventing violent extremism, and addressing cybersecurity; however, further efforts are needed. This is the main message of the “20th progress report towards an effective and genuine Security Union” that was presented by the European Commission on 30 October 2019. The report reveals that, since the attacks in Halle/Germany and in Paris/France at the beginning of October 2019, both right-wing extremism/anti-Semitism and jihadi inspired terrorism continue to be security priorities in the EU.

Within the framework of the report series (for the 19th progress report, see eucrim 2/2019, p. 82), the 20th progress report focuses particularly on the following:

• Cybersecurity of 5G networks;
• Countering disinformation;
• External dimension of cooperation in the Security Union.
• In the field of legislative priorities, the report highlights the following issues:
• In order to prevent radicalisation (both jihadi and right-wing violent extremism), the legislative proposal to prevent the dissemination of terrorist content online is considered essential. According to the Commission, this legislation would set clear rules and safeguards obliging internet platforms to take down terrorist content within one hour upon receipt of a reasoned request by competent authorities and to take proactive measures (for the proposal, see eucrim 2/2018, pp. 97-98 and the article by G. Robinson, eucrim 4/2018, p. 234). The European Commission calls on the legislators (Council and EP) to swiftly conclude negotiations by the end of 2019.
• Within the framework of the EU Internet Forum, internet companies agreed on their commitment to the EU Crisis Protocol – an enhanced cooperation mechanism ensuring coordinated and rapid reaction to contain the spread of viral terrorist or violent extremist content online.
• Implementation of interoperability of the systems for security and border/migration control is one of the top priorities for the Commission in 2020. The report points out the necessity of stronger and smarter information exchange. However, further legislation to complete established legislation on interoperability (see eucrim 2/2019, pp. 103-104 is needed. Therefore, the EP and Council are called on to swiftly reach agreement on the pending proposals on technical amendments to ETIAS and the reforms of the Visa Information System and Eurodac.
• While welcoming the launch of the European Judicial Counter Terrorism Register at Eurojust (see eucrim 2/2019, p. 100), the Commission calls on the EP to quickly advance the legislative proposal of law enforcement access to e-evidence (see, in this context, the latest news in the category “Law Enforcement Cooperation”).
• Cybersecurity remains a key area of EU action. In this context, the report points to the EU cybersecurity certification framework (see eucrim 2/2019, p. 98), which now needs to be implemented. The legislative initiative for a European Cybersecurity Industrial, Technology and Research Competence and Network of National Coordination Centres, however, is still pending and should be concluded soon. In addition, work continuous on tackling hybrid threats. This includes the elaboration of a “conceptual model” framework to support Member States in identifying the type of hybrid attack they might face. For hybrid threats on the EU agenda, see also eucrim 2/2019, p. 85.

Cybersecurity and resilience of 5G networks is another hot topic where EU action is required in the near future. The progress report highlights the risk assessment report by the Member States (with the support of the European Commission and the European Agency for Cybersecurity) published on 9 October 2019. The report identifies a number of important cybersecurity challenges for 5G that authorities, suppliers, and users are likely to face in the future. The report reveals that suppliers will be the focus of cyberattacks, in particular those from non-EU countries. The Commission calls on Member States to swiftly agree on a toolbox of mitigating measures to address the identified cybersecurity risks at the national and Union levels, as recommended by the Commission in March 2019.

The Commission also takes stock of the progress made in countering disinformation and in protecting elections against other cyber-enabled threats. The Commission, inter alia, evaluated the Code of Practice on Disinformation for online platforms and the advertising sector that became applicable in October 2018. It acknowledges efforts made by the signatories; however, more consistent actions are necessary because actions taken by the platforms vary in terms of speed and scope in order to ensure the implementation of their commitments.

As in previous reports, the Commission is not satisfied with the implementation of core EU legislation in the fields of terrorism and cybercrime. The Commission urges Member States to fully transpose, inter alia, the following EU legislation:

• The EU Passenger Name Record Directive;
• The Directive on combating terrorism;
• The Directive on control of the acquisition and possession of weapons;
• The 4th Anti-Money Laundering Directive.

Ultimately, the report provides updates on the external dimension of the EU’s security policy. It highlights the proposed opening of negotiations for an agreement allowing the exchange of personal data between Europol and the New Zealand authorities to fight serious crime and terrorism. New Zealand has been added to the list of priority countries for such agreements; negotiations with eight other priority countries from the Middle East/North Africa (MENA) region are ongoing.

Alongside the Europol cooperation with third countries, another cornerstone is the transfer of passenger name record data (PNR). The Commission points out its recommendation to the Council to authorise negotiations for an EU-Japan PNR agreement. It is envisaged that arrangements be in place before the start of the Olympic games in Tokio in 2020. Negotiations with Canada on a new PNR agreement are on track. On the international level, the Commission presented a proposal to the Council for a decision on the EU position in the International Aviation Organization with regard to standards and recommended practices on passenger name record data.

Security cooperation with the Western Balkans remains at the top of the EU agenda. In this context, the progress report refers to the bilateral anti-terrorism arrangements with Albania and North Macedonia, which were signed on 9 October 2019 and which implement the 2018 Joint Action Plan on Counter-Terrorism for the Western Balkans. The arrangements include tailor-made, concrete priority actions which the countries should take in the course of 2019 and 2020, and set out the Commission’s support in this regard. In addition, the Commission signed an agreement with Montenegro on border management cooperation between Montenegro and the European Border and Coast Guard Agency.

In conclusion, the 20th progress report on the Security Union states that, besides the need for the swift conclusion of pending legislative proposals, agreed measures and instruments must “be turned into an operational reality on the ground” in the EU Member States.