Overview
This report covers Parliamentary Questions (PQs) and replies published from 26.04.2026 till 03.05.2026. The legislative discourse during this period is heavily anchored in the practical implementation of major digital frameworks, with a pronounced focus on AI Act compliance, digital infrastructure security, data governance, and the enforcement boundaries of the Digital Services Act. The institutional tone of the European Commission is notably pragmatic and boundary-setting; it frequently clarifies the limits of its direct jurisdiction while robustly defending its strategic investments in technological sovereignty, such as the Chips Act and secure satellite communications. For public-affairs and regulatory professionals, these developments matter because they signal a definitive shift from legislative drafting to the granular realities of compliance costs, technical standards, and decentralized enforcement mechanisms.
❗ Commission Clarifies AI Act Compliance Costs for High-Risk Systems
In Parliamentary Question E-001210/26, Michael McNamara (Renew) asked the Commission to clarify the estimated compliance costs for high-risk entities under the AI Act, referencing external claims of up to EUR 600,000. In a response on 27 April 2026, Executive Vice-President Virkkunen refuted these high estimates, explaining that most high-risk AI systems will already be covered by existing product safety legislation requiring a quality management system (QMS). The Commission estimates that upgrading an existing QMS to meet AI Act requirements will realistically cost between EUR 23,850 and 40,400.
❓ MEPs Question AI Office Resources for Assessing Advanced Models
In Parliamentary Question P-001672/2026, submitted on 23 April 2026, Piotr Müller (ECR) asked the Commission about the technical capacity of the European AI Office to independently assess cutting-edge AI models developed outside the EU, specifically referencing Anthropic’s ‘Mythos’ model. A response from the Commission is pending.
❗ Commission Delineates DSA Enforcement and Website Blocking Powers
In Parliamentary Question E-000965/26, the Commission was asked about potential plans regarding the freedom.gov initiative. In a response on 29 April 2026, Executive Vice-President Virkkunen clarified that the Commission does not block websites in the EU, as this power lies exclusively with Member States’ authorities for illegal content. The Commission reiterated its responsibility to enforce the Digital Services Act fairly and without discrimination across all companies.
❗ Commission Explains Rapid Response System for Election Disinformation
In Parliamentary Question P-001161/26, the Commission was asked about the activation of the Rapid Response System (RRS) during elections. In a response on 29 April 2026, Executive Vice-President Virkkunen explained that the RRS is launched and managed by the signatories of the Code of Conduct on Disinformation, not the Commission. The system facilitates swift reporting of threats by independent fact-checkers and civil society, but content moderation decisions remain exclusively with the platforms.
❗ Commission Addresses Spanish Implementation of Short-Term Rental Regulation
In Parliamentary Question E-001106/26, Borja Giménez Larraz (PPE) and Elena Nevado del Campo (PPE) asked the Commission about Spain’s new single register of leases and its alignment with the EU Short-Term Rental (STR) Regulation. In a response on 27 April 2026, Executive Vice-President Séjourné noted that while the Commission has raised concerns regarding potential conflicts with local registration procedures, the STR Regulation only enters into force on 20 May 2026, meaning no breach currently exists.
❓ MEPs Raise Concerns Over Security Flaws in EU Age Verification App
In Parliamentary Question E-001619/2026, submitted on 21 April 2026, Elena Kountoura (The Left) asked the Commission how it plans to address identified technical weaknesses in the new European age verification app, including the protection of sensitive personal data and authentication bypass risks. A response from the Commission is pending.
❓ MEPs Press for Zero-Knowledge Approach in Age Identification App
In Parliamentary Question E-001614/2026, submitted on 20 April 2026, Fabio De Masi (NI) asked the Commission if it intends to postpone the launch of the age identification app due to reported cybersecurity flaws and whether it will adopt a stricter ‘zero-knowledge’ approach to ensure data protection. A response from the Commission is pending.
❓ MEPs Scrutinize Biometric Data Handling in EU Age Verification Tool
In Parliamentary Question E-001659/2026, submitted on 22 April 2026, Marieke Ehlers (PfE) and colleagues asked the Commission to address claims that the age verification app’s PIN and biometric limits can be easily bypassed, and questioned whether the app stores unencrypted facial images in potential violation of GDPR rules. A response from the Commission is pending.
❗ Commission Defers GDPR Compliance of FATCA Transfers to National Authorities
In Parliamentary Question E-000805/26, Saskia Bricmont (Verts/ALE) and Murielle Laurent (S&D) asked the Commission how it will ensure tax data transfers to the US under FATCA comply with the GDPR following a Belgian Data Protection Authority ruling. In a response on 29 April 2026, Commissioner McGrath stated that determining GDPR compliance falls to independent national data protection authorities and ultimately the CJEU, noting that an appropriate balance must be struck between data protection and fighting tax evasion.
❓ MEPs Highlight GDPR Complexity for Sole Traders’ Business Data
In Parliamentary Question E-001668/2026, submitted on 23 April 2026, Christophe Gomart (PPE) and colleagues asked the Commission how it plans to reform GDPR enforcement to allow proportionate processing of sole traders’ business data, arguing that the lack of distinction between personal and professional data undermines SME competitiveness. A response from the Commission is pending.
❗ Commission Clarifies E-Money Tokens in CSDR Reform
In Parliamentary Question E-000798/26, Sibylle Berg (NI) asked the Commission whether e-money token (EMT) models qualify as settlement in central bank money under the Central Securities Depositories Regulation (CSDR). In a response on 28 April 2026, Commissioner Albuquerque clarified that proposed CSDR amendments enable settlement with certain EMTs regulated under MiCAR, and that the European Securities and Markets Authority (ESMA) is mandated to draft technical standards for operationalizing DLT-based settlement.
❗ Commission Defends Progressive Rollout of the Entry/Exit System
In Parliamentary Question E-000788/26, Petra Steger (PfE) and Mary Khan (ESN) asked the Commission about reported delays and biometric technology issues in the Entry/Exit System (EES) rollout. In a response on 29 April 2026, Commissioner Brunner stated that the vast majority of Member States successfully registered border crossings without significant disruptions, noting that the legal framework allows for temporary derogations to address exceptional technical issues.
❗ Commission Highlights Strategic Investments Under the Chips Act
In Parliamentary Question E-000081/26, Virginie Joron (PfE) asked the Commission about the effectiveness of EU funding for microchips and progress on market share. In a response on 29 April 2026, Executive Vice-President Virkkunen defended the EU’s technological sovereignty strategy, citing EUR 80 billion in announced manufacturing investments under the Chips Act, EUR 1.8 billion in pilot lines, and projecting a European semiconductor market share of 11.5% by 2030.
❗ Commission Outlines Security Protocols for EU Satellite Infrastructure
In joint Parliamentary Questions E-000481/26 and E-000524/26, MEPs asked the Commission about the vulnerability of European satellites to Russian proximity operations and interception. In a response on 27 April 2026, Commissioner Kubilius detailed the General Security Requirements (GSR) and the role of the Security Accreditation Board (SAB) in auditing EU space infrastructures. He noted that while commercial satellites may be more exposed, the upcoming EU Space Act aims to enhance resilience across both commercial and governmental systems.
❓ MEPs Urge Action Against Russian SIM Cards in Hybrid Warfare
In Parliamentary Question E-001646/2026, submitted on 22 April 2026, Krzysztof Brejza (PPE) asked the Commission if it has a strategy to counter the use of Russian SIM cards by military forces for drone guidance and hybrid warfare within EU roaming zones. A response from the Commission is pending.
❗ Commission Condemns Internet Shutdowns in Iran
In Parliamentary Question E-001020/26, Hannah Neumann (Verts/ALE) asked the Commission about its response to state-controlled internet blackouts in Iran. In a response on 28 April 2026, High Representative/Vice-President Kallas confirmed the EU’s strong condemnation of the shutdowns, highlighted restrictive measures targeting Iran’s cyber police, and stated the EU is considering options to support internet access that prioritize the safety of beneficiaries.
A central theme emerging from the Commission’s recent replies is the strict delineation of institutional responsibilities and enforcement boundaries. The Commission consistently frames its role within precise legal parameters, frequently deferring to Member States for direct interventions—such as website blocking under the DSA—or to independent bodies like national Data Protection Authorities and the Code of Conduct signatories for specific oversight tasks. This suggests a strategic effort to manage expectations regarding the Commission’s direct executive powers in decentralized regulatory frameworks.
Simultaneously, the Commission strongly positions its industrial and security initiatives as robust and adequately funded. In responses concerning the Chips Act and space infrastructure, the Commission relies on concrete investment figures and established accreditation protocols to counter narratives of technological vulnerability or strategic failure. Furthermore, the Commission’s effort to correct inflated estimates regarding AI Act compliance costs indicates a proactive approach to stabilizing the regulatory environment for industry stakeholders.
Overall, the material reveals an institutional focus transitioning from legislative ambition to the complex realities of implementation. The Commission appears highly focused on defending the structural integrity of its newly established digital rulebook while ensuring that the burden of compliance and enforcement is distributed appropriately across national authorities, independent agencies, and the private sector.
All Parliamentary Questions and Commission Answers are accessible via Policy-Insider.AI.
