At the beginning of a new year, we are looking ahead to five key technology trends in the EMEA region that are likely to impact businesses in 2023.
1. Technology Regulations across EMEA
If 2022 was the year that the EU reached political agreement on a series of landmark legislation regulating the technology sector, 2023 will be the year that some of this legislation starts to bite:
- The Digital Services Act (DSA): By 17 February 2023, online platforms and online search engines need to publish the number of monthly average users in the EU. Providers that are designated as “very large online platforms” and “very large search engines” will need to start complying with the DSA in 2023, and we may start to see Commission investigations kicking off later in the year too.
- The Digital Markets Act (DMA): The DMA starts applying from 2 May 2023. By 3 July 2023, gatekeepers need to notify their “core platform services” to the Commission.
- The Data Governance Act (DGA): The DGA becomes applicable from 24 September 2023.
Also this year, proposals published under the European Data Strategy—such as the Data Act and European Health Data Space—and EU legislation targeting artificial intelligence (AI) systems—including the AI Act, AI Liability Directive and revised Product Liability Directive—will continue making their way through the EU’s legislative process. These legislative developments will have a significant impact on the way that businesses ingest, use and share data and develop and deploy AI systems. In addition, the new liability rules will create potentially significant new litigation exposure for software and AI innovators.
What will the UK achieve on tech regulation in 2023? That is harder to predict. While the Online Safety Bill remains stuck in the political quagmire, the expectation is that the bill will pass through the legislature by the end of the current UK parliamentary term in April 2023. Additionally, as we reported here, in 2022 the UK published its proposed approach to regulating AI in the UK via the AI Governance and Regulation: Policy Statement. We anticipate the publication of the UK Government’s White Paper on AI governance in 2023. We also expect to see the UK publish the Digital Markets, Competition and Consumer Bill in the first quarter of this year, which will introduce new competition and consumer law rules for the tech sector, similar to those brought in by the DMA.
Middle East and Africa
Policymakers are steadily developing regulatory regimes to address the evolving technology landscape. In 2023, the following trends are worth tracking:
- Data protection: Data protection will continue to be a hot topic for technology and internet governance across the Middle East and Africa. The proliferation of data protection has largely been propelled by the EU’s GDPR and a greater understanding amongst governments that it is their responsibility to ensure the privacy of their citizens. In the Middle East, we expect several jurisdictions to issue important data privacy legislation in 2023. We also expect to see data privacy-related legislative developments in Africa as more and more global tech companies, manufacturers of consumer goods and retailers identify Africa as a growth market for tech innovation and digital services.
- Tax: A growing number of African policymakers have strongly advocated for digital services taxes. We expect this trend to continue into 2023, and African governments exploring ways to tax multinational technology companies. In addition, African governments in countries such as Kenya and Nigeria have also introduced taxes on social media, e-commerce and mobile money as a means of growing government revenue.
At Covington, we are closely tracking developments affecting the technology and digital sector. You can find out more via our EMEA Tech Regulation Toolkit.
2. Cybersecurity Frameworks across EMEA
Cybersecurity threats and related regulation will continue to be important issues for organizations in 2023 and beyond. We expect several cyber-related legislative developments across the EU in 2023, including:
- Member States beginning the process of transposing the recently-adopted Network and Information Security 2 (NIS2) Directive, which replaces the NIS Directive, into national law (deadline of Q3 2024).
- Ongoing negotiations on the proposed Cyber Resilience Act, which seeks to impose cybersecurity-related obligations on a range of hardware and software products placed on the EU market, including smart speakers, games, and operating systems.
- Development of IT security standards for financial services institutions that will be regulated by the recently-adopted Digital Operational Resilience Act (DORA).
The UK recently has consulted on cybersecurity rules in various sectors, including data centers and cloud services. In 2023 we expect to see more of a sector-by-sector approach to regulating cybersecurity. This follows developments in 2022, such as the Product Security and Telecommunications Infrastructure Act and related regulations and code of practice that set out specific security requirements for electronic communications networks and service providers in the UK, including new rules on governance and supply chain monitoring.
Middle East and Africa
We predict seeing an increase of cyber threats in 2023. Recent events of cybercrime, including an 85% increase in cyberattacks in the Middle East, the major hack of Uganda’s mobile money network in October 2020, a cyber-attack on South Africa’s second-largest hospital operator in June 2020, and the discovery of a security breach of the communication channels at the African Union headquarters in early 2018, have amplified calls for more relevant legislation and robust cybersecurity measures. Consequently, many Middle East and African governments are introducing regulatory regimes and creating awareness to address cyberattacks and vulnerabilities. From a regional perspective, the African Union has appointed a Cybersecurity Expert Group to provide leadership and momentum for the ratification and deployment of the African Union Convention on Cybersecurity and Personal Data by more African countries, and African governments.
3. Pressure on International Data Flows and Technology Deals
European Union and United Kingdom
There will be increasing pressure on international data flows and technology deals, meaning the world may become less interconnected in 2023.
In 2022, we saw the passing of the deadline to implement the new EU Standard Contractual Clauses (EU SCCs) and, in the UK, the publication of the International Data Transfer Agreement and UK addendum to the EU SCCs. Following the EU Court of Justice’s 2020 ruling in Schrems II, we have also seen the European Commission propose opening up data flows between the EU and U.S. via publication of a draft adequacy decision for the EU-U.S. Data Privacy Framework. Despite the conclusion of a number of bilateral trade deals focused on data flows, however, more jurisdictions are eyeing their own transfer rules and requirements. This all means greater complexity for many global technology and commercial projects in 2023 and beyond.
At the same time, we are seeing a number of jurisdictions adopt measures that are likely to result in a more inward looking tech sector, including a proliferation of national security and foreign direct investment controls, and other policy initiatives such as the U.S. Chips Act designed to encourage domestic investment in the U.S. semiconductor industry.
Middle East and Africa
In the Middle East and Africa, we can expect to see progress in 2023 on governments entering into free trade agreements to facilitate commercial ties between countries, which are likely to include data protection protocols and provisions. In Africa specifically, we will see governments engaging on ways to operationalize harmonization efforts using the African Continental Free Trade Agreement as a framework. We anticipate that current challenges related to cross-border data flows, among other matters, will be addressed via the much anticipated Digital Protocol.
4. Shift in Investment Focus in the Technology Sector Following Geopolitical Developments
Geopolitical considerations and a push for data sovereignty will likely redirect investment priorities in the technology sector in 2023. This may include strategic investments to secure key technologies, and also the development of local infrastructure, expertise and capabilities. Capacity-building may feature increasingly in strategic technology collaborations.
Increased foreign direct investment scrutiny of deals in the technology sector is expected to continue in 2023 throughout the UK and EU area. In particular, the chilling effect on outbound China M&A in those areas looks set to continue amid ongoing geopolitical tensions — and that situation may become even more complex if U.S. authorities follow through on suggestions that they are considering regulating outbound investment flows from the U.S. The regulatory hurdles to deal conclusion may well shift medium to long term investment strategies to a more regional focus than we have seen in recent years.
5. Middle East and Africa Demand to Drive Growth in Investment in Data Infrastructure
Although global economic conditions remain challenging, we see mandates coming in from the Middle East and Africa, where there remains tremendous opportunity to develop and roll out technology infrastructure and services. We expect to see this continue in 2023, especially in markets where strong domestic champions and/or government initiatives are focused on digitalization of key sectors as strategic imperatives. This means more investment in data centers, communications networks, and an increasing maturity of associated regulatory frameworks governing the same.
If you have any questions concerning the material discussed in this client alert, please contact the members of our firm.