Technology, working in technology, is inherently impacting society, and must concern itself with the democratisation of access and use, and the flow of information. My focus has always been the agency technology can provide, specifically to those who don’t have such agency without it. How it can strengthen community and autonomy. Unintended consequences and externalised effects of creating and using technology do always exist and impact different groups too, and need to be considered in any technology choice. My work in government data is about information and power asymmetries, my work in digital ethics more generally seeks to incorporate a wide range of other values and considerations, my work in tech regulation and standards similarly is to enable agency and confirm and embed values. Ethics is not about saying no to things, it’s about shaping our actions towards each other. Seeing each other as part of every question, not othering others to cut them out of deliberations. Democracy is at its core.
My day to day work in my company is carried by it and my voluntary board work reflects it as well.

My work in technology has always been what I’ve come to call constructive activism. It’s an often less visible way to enable change though than through e.g. overtly campaigning for such change. You can work in relative quiet. There are times however when it becomes needed to more visibly get involved, to be seen to get involved. I increasingly feel we’ve been sliding into such a situation in the past years here in the West.

Defend Democracy is a young civil society organisation, working in Brussels, to strengthen democracy, and defend it against eroding forces from here, elsewhere and from technology. Like my other voluntary board memberships enabling agency is key here. At the Open State Foundation it’s about citizen’s agency based on increased government transparency and better information. At the Open Nederland association of Dutch makers in support of Creative Commons licensing, it’s about makers’ autonomy in what happens to what they make and how it can contribute to society. At the ActivityClub foundation it’s enabling public discourse through a non-toxic common infrastructure (mastodon.nl a.o.). At Defend Democracy it’s about what those other three organisations have in common. Strengthening and defending democracy.

I am joining the board of Defend Democracy as its treasurer.

Bookmarked Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence

Finalised in June, the AI Act (EU 2024/1689) was published yesterday 12-07-2024 and will enter into force after 20 days, on 02-08-2024. Generally the law will be applicable after 2 years, on 02-08-2026, with. a few exceptions:

  • The rules on banned practices (Chapter 2) will become applicable in 6 months, on 02-02-2025, as will the general provisions (Chapter 1)
  • Parts such as the chapter on notified bodies, general purpose AI models (Chapter 5), governance (Chapter 7), penalties (Chapter 12), will become applicable in a year, on 02-08-2025
  • Article 6 in Chapter 3, on the classification rules for high risk AI applications, will apply in 3 years, from 02-02-2027

The purpose of this Regulation is to improve the functioning of the internal market by laying down a uniform legal framework in particular for the development, the placing on the market, the putting into service and the use of artificial intelligence systems (AI systems) in the Union, in accordance with Union values, to promote the uptake of human centric and trustworthy artificial intelligence (AI) while ensuring a high level of protection of health, safety, fundamental rights as enshrined in the Charter of Fundamental Rights of the European Union (the ‘Charter’), including democracy, the rule of law and environmental protection, to protect against the harmful effects of AI systems in the Union, and to support innovation. This Regulation ensures the free movement, cross-border, of AI-based goods and services, thus preventing Member States from imposing restrictions on the development, marketing and use of AI systems, unless explicitly authorised by this Regulation.

A little over a decade ago I was at a small conference, where I happened to share the stage with a British lawyer, Polly Higgins, seeking to internationally criminalise ‘ecocide’, alongside various other speakers. One of those others was a self declared rationalist running a data driven research start-up with billionaire funding. He believed the trickle down innovation trope that usually ends in pulling up the ladder behind them, which can be readily found around all things tech-singularity. And he called himself a futurist. After the talks we as speakers stood on and in front of the stage chatting about the things that had been presented. The futurist, addressing me and one other speaker, chuckled that ‘that eco-lady’ had a nice idea but a naive unrealistic and irrational one that obviously had zero probability of happening. At the time I found it jerkish and jarring, not least given the guys’s absence of expertise in the fields concerned (environment and international law). It’s one of the key moments I remember from that conference, as the condescending remark so strongly clashed with the rest of the event and atmosphere.

Meanwhile we’re some 10 years into the future of that conference. The futurist’s efforts collapsed soon after the conference it seems and there are no recent online traces of him. Polly Higgins is no longer alive, but her cause has very much outlived her. On 26 March the final step in the legislative path of a renewed Directive on the protection of the environment through criminal law has been taken, when the Council of the EU formally approved the text agreed (last November) with the European Parliament. In that new ecocrimes directive preamble 21 uses the phrase ecocide to describe specific crimes covered in the Directive (PDF).

Criminal offences relating to intentional conduct listed in this Directive can lead to catastrophic results, such as widespread pollution, industrial accidents with severe effects on the environment or large-scale forest fires. Where such offences cause the destruction of, or widespread and substantial damage which is either irreversible or long-lasting to, an ecosystem of considerable size or environmental value or a habitat within a protected site, or cause widespread and substantial damage which is either irreversible or long-lasting to the quality of air, soil, or water, such offences, leading to such catastrophic results, should constitute qualified criminal offences and, consequently, be punished with more severe penalties than those applicable in the event of other criminal offences defined in this Directive. Those qualified criminal offences can encompass conduct comparable to ‘ecocide’, which is already covered by the law of certain Member States and which is being discussed in international fora.

Good work barrister Higgins, and the Stop Ecocide organisation.


A photo taken by Polly Higgins of me as we had fun together driving an all electric ‘motor bike’ around the venue’s hallways at that conference in 2013.

Polly Higgins about to take the e-chopper for a spin through the venue.

Bookmarked Commission opens non-compliance investigations against Alphabet, Apple and Meta under the Digital Markets Act (by European Commission)

With the large horizontal legal framework for the single digital market and the single market for data mostly in force and applicable, the EC is initiating first actions. This announcement focuses on app store aspects, on steering (third parties being able to provide users with other paths of paying for services than e.g. Apple’s app store), on (un-)installing any app and freedom to change settings, as well as providers preferencing own services above those of others. Five investigations for suspected non-compliance involving Google (Alphabet), Apple, and Meta (Facebook) have been announced. Amazon and Microsoft are also being investigated in order to clarify aspects that may lead to suspicions of non-compliance.

The investigation into Facebook is about their ‘pay or consent’ model, which is Facebook’s latest attempt to circumvent their GDPR obligations that consent should be freely given. It was clear that their move, even if it allows them to steer clear of GDPR (which is still very uncertain), it would create issues under the Digital Markets Act (DMA).

In the same press release the EC announces that Facebook Messenger is getting a 6 month extension of the period in which to comply with interoperability demands.

The Commission suspects that the measures put in place by these gatekeepers fall short of effective compliance of their obligations under the DMA. … The Commission has also adopted five retention orders addressed to Alphabet, Amazon, Apple, Meta, and Microsoft, asking them to retain documents which might be used to assess their compliance with the DMA obligations, so as to preserve available evidence and ensure effective enforcement.

European Commission

Bookmarked US lawmakers vote 50-0 to force sale of TikTok despite angry calls from users (by Jon Brodkin at Ars Technica)

Apple may be misinterpreting what the EU Digital Markets Act and Digitale Services Act are about, so perhaps this example of how the US is working their own anti trust laws, here w.r.t. TikTok helps them realise what’s at stake.

If an application is determined to be operated by a company controlled by a foreign adversary—like ByteDance, Ltd., which is controlled by the People’s Republic of China—the application must be divested from foreign adversary control within 180 days.

Jon Brodkin at Ars Technica

A final draft of the European AI Regulation is circulating (here’s an almost 900 page PDF). The coming days I will read it with curiosity.

With this the ambitious legal framework for everything digital and data that the European Commission set out to create in 2020 has been finished within this Commission period. That’s pretty impressive.
In 2020 there was no Digital Markets Act, Digital Services Act, AI Regulation, Data Governance Act, Data Act, nor an Open Data Directive/High Value Data implementing regulation.
Before the European elections coming spring, they are all in place. I’ve closely followed the process (and helped create a very small part of it), and I think the result is remarkably consistent and level headed. DG CNECT has done well here in my opinion. It’s a set of laws that are very useful in themselves that which simultaneously forms a geo-political proposition.

The coming years will be dedicated to implementing these novel instruments.