Overview
This report covers Parliamentary Questions (PQs) and replies published from 10.05.2026 till 17.05.2026. The material highlights critical developments across several main policy areas, including Digital Services Act (DSA) and Digital Markets Act (DMA) enforcement, AI Act implementation, cybersecurity resilience, and the intersection of digital platforms with geopolitical security. The institutional tone of the Commission remains firmly procedural and compliance-oriented, frequently pointing to established regulatory dialogues, designated national competent authorities, and upcoming legislative evaluations rather than proposing immediate new interventions. For public-affairs and digital-policy professionals, these developments matter because they illustrate the European Union’s definitive shift from drafting its digital rulebook to navigating the complex, multi-jurisdictional realities of enforcing it.
DSA & DMA Enforcement
❗ Commission Clarifies DSA Enforcement Jurisdiction for Telegram
In Parliamentary Question E-001428/2026, the Commission was asked about Telegram’s infrastructure enabling technology-facilitated gender-based violence. In a response on 13 May 2026, Executive Vice-President Virkkunen confirmed that Telegram is not designated as a Very Large Online Platform (VLOP) under the DSA. Consequently, because Telegram has appointed its legal representative in Belgium, the Belgian Institute for Postal Services and Telecommunications (BIPT) serves as the competent Digital Services Coordinator to enforce the platform’s obligations, with the Commission remaining in regular contact with the BIPT.
❗ Commission Defends DSA Content Moderation and Fact-Checking Mechanisms
In Parliamentary Question E-000341/2026, concerns were raised regarding content restriction and the role of fact-checkers. In a response on 13 May 2026, Executive Vice-President Virkkunen noted that the DSA entitles users to statements of reasons and access to out-of-court dispute settlement, leading to millions of reversed moderation decisions since 2024. The Commission highlighted ongoing proceedings against Meta regarding the suspected demotion of political content and confirmed that a full evaluation of the DSA’s impact on freedom of expression will be conducted by November 2027.
❗ Commission Engages Alphabet on DMA Compliance for App Distribution
In Parliamentary Question E-001534/2026, the Commission was asked about Google’s planned developer verification process for Android and its compatibility with the DMA. In a response on 13 May 2026, Executive Vice-President Ribera stated that Article 6(4) of the DMA obliges gatekeepers to enable third-party app distribution, though proportionate security measures are permitted if duly justified. The Commission confirmed it is actively engaged in a regulatory dialogue with Alphabet to ensure apps can be effectively distributed outside Google Play.
❓ MEPs Question Google’s ‘Advanced Flow’ Mechanism Under the DMA
In Parliamentary Question E-001411/2026, submitted on 8 April 2026, the Commission was asked whether Google’s burdensome ‘advanced flow’ installation process for unverified developers constitutes a technical barrier undermining platform openness under the DMA. A response from the Commission is pending.
❓ Concerns Raised Over EU Age Verification App and Anonymity
In Parliamentary Question E-001771/2026, submitted on 30 April 2026, the Commission was asked to address reported technical vulnerabilities in the EU’s recently launched age verification app and clarify whether all social media users will be subjected to mandatory government ID linking. A response from the Commission is pending.
Cybersecurity & Vulnerability Research
❓ Commission Pressed on EU Capabilities for AI-Driven Vulnerability Discovery
In Parliamentary Question E-001844/2026, submitted on 6 May 2026, the Commission was asked how it plans to strengthen EU-level capabilities for large-scale, AI-assisted vulnerability research following the release of advanced autonomous models by non-EU actors, and whether current frameworks like NIS2 and the Cyber Resilience Act are sufficient. A response from the Commission is pending.
❓ Regulatory Gap Highlighted Regarding Offensive AI Capabilities
In Parliamentary Question E-001843/2026, submitted on 6 May 2026, the Commission was asked whether it intends to address a structural gap in Article 2(3) of the AI Act, which excludes military and defence AI systems from its scope, potentially allowing private actors developing dual-use offensive cyber models to operate in an unregulated space. A response from the Commission is pending.
❓ Scrutiny Over Public Procurement of AI Analytics in Security and Defence
In Parliamentary Question E-001813/2026, submitted on 4 May 2026, the Commission was asked to assess whether Member State contracts with companies like Palantir for large-scale data analytics in security comply with the GDPR and the Law Enforcement Directive, particularly concerning international data transfers. A response from the Commission is pending.
❓ Confidentiality Clauses in Data Centre Environmental Ratings Questioned
In Parliamentary Question E-001796/2026, submitted on 4 May 2026, the Commission was asked to justify a confidentiality clause in Delegated Regulation (EU) 2024/1364 that restricts public access to individual data centre environmental impacts, and whether this broad presumption of secrecy violates the Aarhus Convention. A response from the Commission is pending.
❓ Legal Uncertainty Flagged for Third-Country Stablecoins Under MiCAR
In Parliamentary Question P-001874/2026, submitted on 6 May 2026, the Commission was asked how it intends to clarify the regulatory treatment of third-country multi-issuer stablecoin schemes under the Markets in Crypto-Assets Regulation (MiCAR) ahead of the July 2026 transition deadline, following warnings from the ECB and ESRB. A response from the Commission is pending.
❓ Cross-Border Enforcement Sought for Online Financial Advertising Fraud
In Parliamentary Question E-001834/2026, submitted on 6 May 2026, the Commission was asked to evaluate the effectiveness of current EU frameworks in combating algorithmic investment scams and identity theft in online financial advertising. A response from the Commission is pending.
❗ VAT in the Digital Age Package Positioned to Combat Carousel Fraud
In Parliamentary Question E-000896/2026, the Commission was asked about measures to combat Missing Trader Intra-Community (MTIC) VAT fraud. In a response on 11 May 2026, Commissioner Hoekstra pointed to the ‘VAT in the Digital Age’ package, which will provide Member States with real-time cross-border transaction data by July 2030, alongside ongoing reviews of the EU’s anti-fraud architecture involving OLAF and EPPO.
❗ European Health Data Space Highlighted for Healthcare Efficiency
In Parliamentary Question E-000983/2026, the Commission was asked about addressing extreme healthcare waiting times. In a response on 11 May 2026, Commissioner Várhelyi noted that while healthcare organization remains a Member State competence, the primary use aspects of the European Health Data Space (EHDS) Regulation can lead to systemic efficiency gains and free up health professionals’ time.
❓ Clarification Sought on AI Act Support Measures for Creative SMEs
In Parliamentary Question E-001597/2026, submitted on 20 April 2026, the Commission was asked for a timeframe and details regarding the AI Act’s Article 96 guidelines, specifically concerning practical tools, standard templates, and sandbox access for micro and small enterprises in the creative manufacturing sector. A response from the Commission is pending.
❗ Commission Outlines Cybersecurity and Resilience in Solar Supply Chains
In Parliamentary Question E-000545/2026, the Commission was asked about protecting critical energy infrastructure. In a response on 12 May 2026, Commissioner Jørgensen highlighted that the proposed Industrial Accelerator Act (IAA) builds on the Net-Zero Industry Act and the Cybersecurity Act to prevent high-risk suppliers from participating in renewable energy auctions, noting an ongoing risk assessment of the EU solar value chain due in Q3 2026.
❗ Digital Product Passport Central to E-Commerce Market Surveillance
In Parliamentary Question E-000764/2026, the Commission was asked about tackling non-compliant and dangerous e-commerce imports. In a response on 12 May 2026, Executive Vice-President Séjourné stated that the Digital Product Passport (DPP) will improve traceability across the Single Market, complementing the upcoming revision of the Market Surveillance Regulation aimed at enhancing the accountability of EU-based economic operators.
❗ DSA Leveraged Against Extremist Narratives Amid Red Sea Crisis
In Parliamentary Question E-001007/2026, the Commission was asked about securing maritime routes and combating digital extremism related to the Yemen conflict. In a response on 11 May 2026, High Representative/Vice-President Kallas emphasized that the DSA requires providers of very large online platforms to diligently identify, assess, and mitigate systemic risks, including the dissemination of terrorist content and online manipulation.
❗ Commission Details Digital and Cyber Responses to Russian Hybrid Threats
In Parliamentary Question E-000441/2026, the Commission was asked about countering escalating sabotage and drone espionage by Russia. In a response on 11 May 2026, Commissioner Kubilius outlined a web of digital and physical security frameworks, including the NIS2 Directive, the Critical Entities Resilience Directive, the DSA, and the Joint Communication on Defence Readiness 2030, which integrates counter-drone systems and cyber protection.
❗ Evaluation of Dual-Use Regulation to Address Cyber-Surveillance Exports
In Parliamentary Question E-001285/2026, the Commission was asked about the transparency of export controls. In a response on 13 May 2026, Commissioner Šefčovič announced that a formal evaluation of the Dual-Use Regulation (EU) 2021/821 will launch in May 2026. The review will specifically examine the effectiveness of the EU ‘catch-all’ control on cyber-surveillance exports in light of evolving technologies.
A review of the Commission’s responses during this period indicates a strong institutional reliance on established regulatory frameworks and designated national authorities rather than a pivot toward immediate new legislation. In the realm of platform regulation, the Commission consistently frames its enforcement strategy through the procedural mechanisms of the DSA and DMA—such as relying on the Belgian DSC for Telegram’s oversight and utilizing formal regulatory dialogues with Alphabet. This suggests a deliberate, process-driven approach to market correction, prioritizing compliance dialogues and upcoming statutory evaluations (such as the DSA review in 2027) over ad-hoc interventions.
Furthermore, the intersection of digital policy with geopolitical security emerges as a prominent cross-cutting theme. The Commission’s answers position digital frameworks—such as the DSA, NIS2, and the Cyber Resilience Act—as foundational tools for addressing broader physical and hybrid threats, ranging from maritime security in the Red Sea to Russian sabotage and supply chain vulnerabilities in the solar sector. The upcoming evaluation of the Dual-Use Regulation regarding cyber-surveillance exports further underscores this trend.
Ultimately, the material reveals a phase of regulatory maturation and implementation. The Commission’s focus on the Digital Product Passport, the European Health Data Space, and real-time VAT data reporting suggests that the EU is currently prioritizing the operationalization of data-sharing and traceability mechanisms to achieve its broader market surveillance and efficiency goals. For digital-policy professionals, this signals a critical period where advocacy and compliance efforts must be directed toward technical implementation, delegated acts, and national-level enforcement bodies.
All Parliamentary Questions and Commission Answers are accessible via Policy-Insider.AI.
