The US-EU Trade and Technology Council: Assessing the record on data and technology issues
Top lines
- The TTC has so far achieved tangible results in several areas, developing into a prime forum for US-EU alignment on the impact of digitalization on democracy.
- Yet, the TTC faces a dilemma. The body is most suited to addressing digital policy issues that do not require changes in domestic regulation, but regulatory concerns are precisely what stakeholders want it to address.
- During the next six months, the TTC must keep its forward-looking gaze, but also take steps to address challenging regulatory issues, either by oversight or direct discussion, or it will lose the essential support among stakeholders that can keep US engagement in the TTC alive.
Table of contents
Executive summary
Bridging perspectives in the TTC
Values alignment: A successful TTC story?
Common ambitions: Defining TTC success stories
Confronting the TTC dilemma: The path toward success
Conclusion
Appendix: About the “TTC Track 2 Dialogues” series
Executive summary
To date, the US-EU Trade and Technology Council (TTC) has provided mixed results in solving digital policy issues. However, after three meetings, it is now clear that the role of the TTC is not to address direct regulatory controversies but to seek “success stories” and set the stage for future collaboration in pressing data and technology policy issues.
In the last year and a half, the TTC has achieved tangible results in several areas, developing into a prime forum for US-EU alignment on the impact of digitalization on democracy. First, it has endorsed the Declaration for the Future of the Internet (DFI) and increased support for human rights defenders online. Second, it has successfully positioned itself as the framework to coordinate governance approaches to emerging technologies, publishing a roadmap for transatlantic cooperation on artificial intelligence (AI) and identifying quantum technologies as another priority.
The DFI and the Joint AI Roadmap are the first two success stories of the TTC. Prior to their endorsement, both the European Union and the United States had a shared vision about the urgency to defend an open and free cyberspace and to establish a trustworthy transatlantic AI area. In addition, both the White House and the European Commission agreed that the measures had to be future facing instead of reactive to legislation, especially in light of shared perceived external challenges like the rise of authoritarian digital regimes, such as China.
While these three aspects have facilitated the birth of the DFI and the Joint AI Roadmap, the TTC also faces a dilemma. Different approaches to technology and digital governance and the lack of regulatory autonomy make the TTC best suited to address emerging issues that do not require changes in legislation. Yet, this is precisely where stakeholders see the value of the TTC, which faces several unresolved questions challenging its continuity, such as how domestic politics will affect US or EU commitment to the TTC or whether it will remain important, especially for the business community, without having regulatory authority.
Considering these challenges, there are five things that the TTC can do to remain an important forum of US-EU cooperation in technology and digital issues:
- Make AI a test case and build from the lessons of the Joint AI Roadmap.
- Engage in issues where there is an initial strong value alignment and no regulation.
- Work on moonshot ideas such as the “metaverse” or low-earth orbit governance.
- Take oversight over the special task forces it has created to tackle critical issues such as the US Inflation Reduction Act.
- Think more actively about how to push its efforts into multilateral forums with like-minded partners.
Bridging perspectives in the TTC
The establishment of the TTC occurred during intense regulatory activity in the European Union (EU). When the Biden administration accepted the European Commission’s proposal to launch the TTC in the spring of 2021, the EU had already launched a comprehensive set of legislative proposals to regulate online platforms (i.e., Digital Services Act, Digital Markets Act) and artificial intelligence (i.e., AI Act).
Following in the footsteps of the General Data Protection Regulation (GDPR), these proposed rules were intended to increase data protection safeguards for EU citizens, improve algorithmic transparency, and secure a “level-playing field” for EU companies. Many in the EU were also convinced that creating a strong regulatory regime along these lines would help boost European innovation and provide a model for desirable international standards.
In the last year and a half, the TTC has achieved tangible results in several areas, developing into a prime forum for US-EU alignment on the impact of digitalization on democracy.
In the United States, the new administration did not yet have a defined technology agenda. In the absence of clear ambitions for data governance or tech policy, the US saw the TTC primarily as a way to rebuild the US-EU relationship and enlist the Europeans in addressing the challenges presented by China in the trade and technology fields. In the EU, the TTC was seen as an opportunity to reduce trade tensions and advance common approaches around the twin green and digital transitions.
The TTC has become a place to discuss actions around emerging and current issues in which both parties see the benefit of transatlantic coordination. In that sense, the TTC has been all about bridging different perspectives around technology and data policy while respecting the different regulatory cultures. This has created some degree of US-EU convergence, most notably on supply chain issues and export controls. This convergence has been reinforced by the Russian invasion of Ukraine, which strengthened incentives to work together while also heightening concerns in Europe about the authoritarian use of technology. On both sides of the Atlantic, there is now increased understanding in policy and business circles of the importance of working together—and with other “like-minded” governments—on data and tech issues.
This external pressure has not, however, increased agreement on sensitive regulatory areas, such as platform regulation or data governance. Instead, the TTC has based its work on two guiding principles: values alignment and regulatory autonomy. As a result, the TTC has been distinctly limited in addressing some of the sharpest EU-US differences, including the Digital Services Act (DSA) and Digital Markets Act (DMA), which will impact many US tech companies. The TTC also has yet to formally address European concerns about the US Inflation Reduction Act (IRA) and its content rules for electric vehicles and batteries or significant subsidies for renewable energy. These issues have been discussed at TTC meetings, especially those held at the co-chair level, and the TTC has acted as a mechanism for ensuring that the views of each party are heard at a high political level. But these problematic issues have not been part of the formal agenda, and it is unclear whether the TTC discussions have contributed to any resolution. In some cases, the matter has been assigned to a task force outside of the TTC structure, as was done with the IRA.
Values alignment: A successful TTC story?
The effect that the TTC has had in aligning US-EU perspectives in certain digital and tech policy areas is undeniable. This success reflects a conscious attempt to subscribe to the values that undergird policy choices that have resulted in ambitious declarations. To date, these declarations have been both promising and limited. However, questions remain on how to operationalize them, not only because of restraints on the TTC’s ability to address current legislation but also because of the difficulties the transatlantic partnership faces in drawing in other like-minded partners. For that reason, it is helpful to examine two areas in which the TTC has clearly advanced: the fight against the authoritarian internet and artificial intelligence governance.
Democracy and digitalization: The Declaration for the Future of the Internet
While the TTC’s efforts to address platform governance quickly fizzled in the face of EU resistance to anything that might disturb current legislation, there has been some progress in building transatlantic harmonization in one area of platform governance—that related to the internet and its impact on democracy. Working Groups 5 (Data Governance and Technology Platforms) and 6 (Misuse of Technology Threatening Security & Human Rights) have focused, respectively, on transparency of content moderation, algorithmic amplification, and data access for researchers to address the spread of illegal and harmful content online and on the use of online tools by authoritarian regimes.
Both the United States and the EU have drawn on the 2022 Declaration for the Future of the Internet (DFI), which called on signatories to “actively support a future for the Internet (sic) that is open, free, global, interoperable, reliable, and secure.” The DFI further called on partners to work toward: the protection of human rights and fundamental freedoms; maintaining a global internet; ensuring inclusive and affordable access to the internet; fostering a trustworthy digital ecosystem; and strengthening multistakeholder internet governance. Building on that, at the December 2022 TTC meeting in College Park, the United States and the EU produced a joint statement outlining their commitment to protecting human rights defenders online. They also pledged to study the causes and frequency of internet shutdowns.
However, it must be stressed that the DFI is nonbinding for signatories. None of these efforts at supporting democracy online commits the United States or EU to any legislative initiative or any other specific action. In fact, a major question about the DFI is whether it will progress beyond an aspirational declaration by developing benchmarks against which signatories can be judged. Nor does the Joint Statement on Protecting Human Rights Defenders Online include any regulatory requirements. The TTC’s work in this area is a prime example of values alignment without requiring regulatory convergence or harmonization.
Emerging technologies governance: Joint roadmap for trustworthy AI and risk management
If the TTC’s record on data governance is mixed, it has been more successful in addressing emerging technologies, especially AI. Since its beginning, the TTC (through Working Group 1 and its AI subgroup) has focused on identifying common priorities and aligning governing principles for artificial intelligence based on trustworthiness, which both parties define differently at home. Both the United States and the EU have sought to build on their ongoing domestic efforts to frame the development of AI tools and services. In the United States, the National Institute of Standards and Technology (NIST) AI Risk Management Framework focuses on the effective management and mitigation of risks of AI systems, and the White House Office of Science and Technology Policy’s Blueprint for an AI Bill of Rights identifies five principles for trustworthy AI design. At the European Union level, the AI Act aims to implement harmonized rules on different risk-based categories of AI systems, creating special obligations for manufacturers and operators. In addition, the EU’s AI Liability Directive will establish broader protection for victims of AI misuse or damage, while the Product Liability Directive is also likely to have a significant impact.
The EU and the United States agree on the need to prevent AI from eroding democratic values, to respect fundamental rights, and for regulation to be based on a risk management framework.
On a superficial level, these efforts have contributed to a gradual convergence of EU and US views on AI. In particular, the EU and the United States agree on the need to prevent AI from eroding democratic values, to respect fundamental rights, and for regulation to be based on a risk management framework. But while this agreement on common values should be applauded, better alignment on rules is necessary to ensure that ongoing regulatory efforts (especially on the EU side) do not create barriers to transatlantic AI goods and services. The establishment of a transatlantic “trustworthy AI area” will be important for the EU and the United States to demonstrate the benefits of lawful and democratically governed AI versus authoritarian models that, like the Chinese approach, compromise individual rights and freedoms. To that end, at the College Park TTC, the United States and the EU issued a Joint Roadmap on Evaluation and Measurement Tools for Trustworthy AI and Risk Management. The roadmap aims to bring the US and EU approaches closer together and establishes an implementation plan for common transatlantic efforts across three categories: definitions and taxonomies; present and emerging AI risks; and technical standards.
Despite being a remarkable effort from both sides to reconcile different regulatory cultures by building cooperation from the ground up, the roadmap also indicates how far there is to go to make transatlantic cooperation truly concrete and effective. Achieving interoperable definitions of basic terms—including trustworthy, risk, harm, bias, robustness, and safety—can only be an initial step. Cooperation on international technical standards is a desirable goal, but the roadmap only touts the value of such cooperation rather than tying the United States or EU to any commitments. Once again, there is significant alignment on values and goals, but fewer specifics on achieving them. There are some important steps forward—a shared repository of metrics and methodologies to be developed and studies of existing standards—but again, these are initial steps.
The roadmap may even be too late, as Europe is already well advanced in its efforts to regulate AI. In December 2022, the Council adopted its position on the AI Act and the European Parliament is expected to do the same before the next TTC in mid-2023. This will limit the impact of the TTC’s efforts to agree on common definitions and taxonomies, especially that of risk, which will be, in practice, defined by the EU AI Act. However, if the TTC makes progress in defining common standards for AI systems, the roadmap’s recipe could become a replicable success for other emerging technologies, notably quantum computing or the governance of low-earth orbit satellite constellations.
Common ambitions: Defining TTC success stories
At College Park, the TTC identified new workstreams on additive manufacturing, plastics recycling, digital identity, postquantum encryption, and the Internet of Things (IoT) and identified quantum technologies as a new area of interest. Considering that the biggest success to date has been the publication of the AI Roadmap, it makes sense that the TTC would become more ambitious in reconciling approaches to emerging technologies while deciding that data issues should be tackled elsewhere, as has been the case for the new proposed EU-US Data Privacy Framework. Keeping that in mind, while the TTC’s attempts to generate US-EU cooperation are still relatively recent, a few key criteria for success have emerged:
1. Shared vision and ambitions. An essential indicator of successful US-EU cooperation is the shared vision of how that digital future should look (e.g., DFI) or shared ambitions for the use of a particular technology. These can be negative (i.e., AI should not be used for social scoring), or positive (i.e., AI should be human-centric and trustworthy). The TTC provides a forum for the EU and the United States to agree on these common ambitions at the political level and for EU and US experts to work on concrete deliverables to realize them. However, it remains to be seen whether cooperation can exist when there are also significant differences in the approach to reaching those aspirations. The AI example shows that success can be limited if the TTC does not have regulatory autonomy or the ambition to change how topics are dealt with at home. The US AI Blueprint is aspirational and nonbinding, while the EU’s AI Act will be enshrined into law by late 2023 or early 2024. But whether these differences in “tactics” could frustrate the achievement of a shared strategy toward AI is still unclear. In theory, cooperation can be productive even under these circumstances. AI standard setting is particularly promising. The United States and EU could still collaborate on standards development in multilateral standards organizations, despite their differing approaches, precisely because there is a shared understanding of how the technology should be used.
This shared understanding of how technology should be used, and the purposes of that use, has been lacking in the US and EU approaches to data management and platform governance. The EU seeks to regulate the market for industrial data (and restrict that for personal data), while the United States does not have a settled data policy, although the Biden administration has recently endorsed the idea of a privacy law at the federal level. The EU seeks to constrain the behavior of platforms through the DMA and DSA, while the United States has taken a more laissez-faire approach. This lack of consensus has stymied any serious cooperation in this area within the TTC. Whether President Biden’s January 2023 op-ed and his remarks in the State of the Union speech will provide a basis for closer cooperation at future TTC meetings is yet to be seen.
2. Sense of shared external threat or challenge. There is no doubt that the rise of China as a dominant player in the global digital economy and the Russian invasion of Ukraine have spurred transatlantic cooperation, especially since the United States accepted the invitation to establish the TTC precisely to create a united front against China. Therefore, it is worth asking if the TTC would have happened at all without the perception of China (and later of Russia) as an external threat shaping not only global geopolitics but also markets. This, in addition to the dual-use nature of emerging technologies and the need to diversify global supply chains, has made controlling the acquisition of strategic applications or fundamental technologies a necessary element of technology policy—as seen recently with semiconductors.
General-purpose technologies, such as artificial intelligence or quantum technologies, can be used to build disruptive applications which can result in military advantages or market dominance in certain innovative sectors (e.g., sensors). In addition, their impact on fundamental rights and freedoms, for example, in the case of mass surveillance or breaking encryption through quantum capabilities or using AI tools, has pushed the United States and the EU to find common solutions at the TTC—especially in the field of standards—and recapture the leadership role in this process from China.
3. Efforts should be future facing rather than reactive to legislation. Many countries and private companies already have their own data governance models, albeit some are more developed than others. In some jurisdictions, there are already specific regulations to counter the malicious use of data (e.g., GDPR to safeguard the privacy of EU residents), and, increasingly, to regulate the activities of platforms. Once those regulations are in place—or even proposed—it is extremely difficult to overturn or adjust them. Thus, efforts to use the TTC to dissuade the EU from pursuing the DMA and DSA came too late in the EU legislative process and collided with any jurisdiction’s tendency to resist limiting their own domestic rules because of international pressure.
For the TTC, emerging technologies—where few regulatory regimes already exist—offer a forward-looking, proactive opportunity to build cooperation from the ground up.
In contrast, approaches to emerging technologies are often aspirational and proactive. As technology reaches the maturity that allows for commercialization, the risk of misuse inevitably arises. Transatlantic coordination to avoid misuse often begins by framing innovation in a values-based manner. The European Commission’s High-Level Expert Group on artificial intelligence (HLEG AI) led to the proposal of an AI Act that puts forward a vision of “trustworthy” AI and proposes a risk-based approach to AI applications. In the United States, the Blueprint for an AI Bill of Rights creates a nonbinding framework that emphasizes what should be protected—especially in terms of civil rights and anti-discrimination measures—against the free ride of technological innovation. For the TTC, emerging technologies—where few regulatory regimes already exist—offer a forward-looking, proactive opportunity to build cooperation from the ground up. Similarly, efforts to identify and limit the negative use of digitalization by authoritarian regimes do not affect domestic rules but require cooperation with like-minded partners.
Confronting the TTC dilemma: The path toward success
These lessons from the past two years make the TTC’s dilemma clear: in the areas of data governance and emerging technologies, the TTC is most suited to addressing issues that do not require changes in domestic regulation. Yet, this is precisely what stakeholders, crucial for the TTC’s continuity, want it to address. For that reason, the TTC has been mostly successful in framing common approaches to emerging technology issues rather than discussing current discontent around data policy.
Should the outcomes of the 2024 US election decrease political support for the TTC, the business community’s support would be crucial for its continuation despite, paradoxically, the lack of involvement of the multistakeholder community in these conversations.1At the time this paper was written, the European Commission had only recently launched the “Trade and Technology Dialogue” (TTD), an initiative designed to help TTC coordination by improving stakeholder engagement. The Atlantic Council and European Policy Centre’s “TTC Track 2 Dialogues” series, of which this paper is a product, is independent and not affiliated with the TTD. The European Parliament’s elections will also occur in 2024, but in this case, it is unlikely that the results would challenge the new Commission’s support for the TTC. Therefore, for the TTC to remain important over the next months and beyond, it must prove itself capable of addressing regulatory questions so that it can grow support from relevant stakeholders on the one hand, and new success stories on the other. During the next six months, the TTC can build its credibility as an effective transatlantic forum on digital and tech issues, not only by scoping out future cooperation on emerging technologies and defending democracy from authoritarian abuse of the internet but also by moving beyond values alignment to addressing regulatory differences.
In particular:
The TTC should make AI a test case. Before the TTC co-chairs convene in mid-2023, it is possible that the European Parliament will have finished its position and the AI Act will enter the negotiation phase with the rest of the institutions (trilogues), leaving little to no room for any change. At the same time, it is hard to imagine that the TTC would have made sufficient advancements in negotiating common taxonomies and definitions around AI by then, thereby reducing the TTC’s chances to impact the co-regulatory process in Europe. Therefore, the challenge for the Europeans will be to make the TTC agree on definitions that echo those in the AI Act, while for the United States, it will be to identify and agree on definitions that are interoperable with those used in Europe. As the AI roadmap working groups advance in their work, will the AI Act put forward a definition of “high risk” that is compatible with TTC deliberations? This will be a crucial test.
Efforts to identify and limit the negative use of digitalization by authoritarian regimes do not affect domestic rules but require cooperation with like-minded partners.
If the final content of the AI Act effectively limits the possibilities for US-EU cooperation, the TTC will be weakened. Now is a key time for the TTC to engage on this important test, both at the expert level and among the co-chairs and their deputies.
The TTC should engage on other issues (beyond AI) where strong alignment on values and regulation is now beginning to grow. One of the striking elements of the TTC continues to be the absence of cybersecurity. Although the EU-US Cybersecurity Dialogue addresses issues related to threat assessment and protection of critical infrastructure, some elements of cybersecurity could fit well in the TTC structure, especially in the wake of the EU’s NIS2 directive and the proposed Cyber Resilience Act, which the Commission adopted and will be reviewed by the European Parliament and Council. Both the United States and EU are moving toward improving their cybersecurity regulation landscape. However, as usual, the EU will develop formal rules while the US government will rely more on “soft law” guidelines.
At College Park, the TTC inaugurated two cybersecurity-related workstreams, one on postquantum encryption and another on IoT. While it is expected that by 2030 quantum computers will be able to break most public-key encryption algorithms, transatlantic efforts to coordinate the transition to postquantum or quantum-proof encryption algorithms have been scarce. The Biden administration issued a series of memoranda urging federal agencies to create an inventory of cryptographic systems and transition to quantum-resistant protocols. The US NIST has spearheaded a process of standardization of postquantum algorithms. In the EU, there has been little coordination on the transition to postquantum encryption apart from the technical attention of the EU’s Agency for Cybersecurity (ENISA).
Similarly, the IoT is increasingly subject to ongoing regulatory processes on both sides of the Atlantic. In the EU, the Cyber Resilience Act will create new cybersecurity obligations for all things connected, including both hardware and software. In the United States, the Software Bill of Materials, which requires developers to inventory software components, will be fundamental for software security, especially in identifying third-party supply-chain risks. Both efforts will affect which devices can be placed on the market and under which requirements.
Further discussions on these two areas—IoT and postquantum encryption—as well as the broader question of how to regulate to reinforce cybersecurity efforts, could be an important addition to the TTC agenda. It will be hard to advance on these new tracks if cybersecurity issues are only addressed elsewhere.
The TTC should begin working now on one or two moonshot efforts in the digital and tech arena. This could involve developing a joint approach to the metaverse for example. Such a venture could both give the TTC a higher profile and address an issue that could become divisive in the future, especially as the EU is already exploring the possibility of regulation. If this ambition moves forward, it would be useful to have a shared understanding of the metaverse, its challenges and opportunities, and perhaps even develop a joint approach. This could fall within the TTC’s remit through Working Groups 5 and 6.
In addition, adopting a common approach to the governance of low-earth orbit constellations could be the TTC’s next success story. As outer space remains mostly unregulated and technological advances and private-sector competition have reduced the costs of launching space assets, the new space race puts at risk current space-based services, such as weather forecasts or communications. This is because orbits, especially low-earth ones, are becoming more congested, increasing the risk of collision and new debris. This could fall within the TTC’s remit through Working Groups 4, 5, and 10.
The TTC should have oversight of the special task forces charged with resolving significant US-EU differences.
The TTC should have oversight of the special task forces charged with resolving significant US-EU differences. In the short term, the TTC is unlikely to resolve sharp differences on its own—such as those over the IRA—although they will inevitably be discussed. However, the TTC can be strengthened by making sure that task forces set up to address such disputes report to the co-chairs. Since these leaders generally must support any deal, this will both streamline the process and boost the credibility of the TTC. The final resolution of disputes will undoubtedly require approval at the executive level by both the White House and European Commission, but a review and buy-in by the TTC would be a constructive step.
The TTC should think more actively about how to push its efforts on digital and technology issues into multilateral forums. There is real value in a bilateral US-EU discussion, especially in laying the groundwork for cooperation on a range of issues. But the areas of successful cooperation in the digital and tech space will eventually require working with other like-minded governments. The United States and EU are already reaching out to other governments to enlarge participation in the DFI, for example. The TTC could also boost US-EU cooperation regarding the UN’s ongoing Global Digital Compact consultations and the International Telecommunication Union’s World Summit on the Information Society (WSIS) process. More specifically, establishing standards for AI, quantum, and other emerging technologies will also require cooperation with those who share US and EU values.
Such engagement will also boost the TTC’s credibility by giving it a broader international reach while demonstrating its ability to achieve tangible results. But this outreach should be accompanied by renewed diplomatic efforts to convince those countries on the edge between democracy and autocracy, most of them enjoying favorable trade and diplomatic relations with China and Russia. The establishment of an EU-India TTC, though still on paper, is a good sign, but it should be activated. Discussing TTC outcomes at the Organisation of Economic Co-operation and Development, Internet Governance Forum, Freedom Online Coalition, and the United Nations General Assembly could be a good way to test the waters and attract nonaligned countries.
The TTC must keep its forward-looking gaze, but also take steps to address challenging regulatory issues, either by oversight or direct discussion, or it will lose the essential support among stakeholders that can keep US engagement in the TTC alive.
Conclusion
Strengthening US-EU political leadership in digital matters and improving cooperation on technology to build transatlantic economic security are at the backbone of what the TTC wants to achieve. Yet, for effective transatlantic governance and the TTC to reign at the center of it, the United States and the EU must not lose sight of the lessons outlined above and their implications for productively addressing data and tech-related issues. At the same time, the TTC needs to stretch its ambition and begin working on some issues where regulations are pending. Values alignment is insufficient for success if regulatory autonomy is absolute. During the next six months, the TTC must keep its forward-looking gaze, but also take steps to address challenging regulatory issues, either by oversight or direct discussion, or it will lose the essential support among stakeholders that can keep US engagement in the TTC alive.
Frances G. Burwell is a distinguished fellow at the Atlantic Council’s Europe Center and senior director at McLarty Associates.
Andrea G. Rodríguez is the lead digital policy analyst at the European Policy Centre.
Appendix: About the “TTC Track 2 Dialogues” series
The “TTC Track-2 Dialogues” series was created by the Atlantic Council and the Brussels-based European Policy Centre to foster policy debate and stakeholder dialogue on the issues covered by the US-EU Trade and Technology Council. The series aims to connect US and EU stakeholders for discussions along three thematic tracks relating to the TTC’s priorities: (i) trade and supply chains issues; (ii) data and technology regulation, and the (iii) green transition. Each track consists of two separate workshops with transatlantic stakeholders, which are used to inform short policy briefs containing concrete recommendations for US and EU decision makers.
We thank all the participants in these workshops for the invaluable input they have provided to inform this policy brief.
The Europe Center promotes leadership, strategies, and analysis to ensure a strong, ambitious, and forward-looking transatlantic relationship.