The Commission strikes back: regulatory authority and legitimacy in European technology standardization. A commentary on Cantero Gamito and Kamara

Abstract

This commentary intends to provide a scholarly reaction on the two papers in this Special Issue, that discuss the emerging European legislation in the field of technology standards. The contribution of Marta Cantero Gamito addresses the (draft) Artificial Intelligence Act (AIA), whereas the contribution of Irene Kamara covers the (draft) Cyber Resilience Act (CRA). Both pieces of legislation use the ‘New Approach’ regulatory technique, whereby the European Commission requests three European standards bodies to develop technical standards in support of its policies in the fields of AI and cyber resilience respectively. Drawing on the findings of these contributions, this paper starts from the premise that through its recent policy initiatives, the European Commission attempts to gain regulatory authority in the technological domains by tightening its regulatory muscle around ETSI. In doing so, the Commission invokes its concerns about ETSI’s legitimacy and procedural safeguards. Yet, as this commentary concludes, such practices are potentially detrimental to the EU’s role as a global technology actor but also to the legitimacy of European standardization.