Overview
This report provides an analytical synthesis of Parliamentary Questions (PQs) and Commission replies published from 17.05.2026 till 24.05.2026. The material highlights critical developments across several major policy areas, including aggressive enforcement of the Digital Services Act (DSA), the transposition of cybersecurity frameworks like the NIS2 Directive, the implementation of the AI Act, and the geopolitical dimensions of digital sovereignty. The institutional tone of the Commission is notably resolute, framing the enforcement of its digital rulebook not merely as a technical exercise, but as a robust defence of European sovereignty, democratic integrity, and the safety of its staff. For public-affairs and regulatory professionals, these developments underscore a decisive shift from legislative negotiation to vigorous, uncompromising implementation across the EU’s digital single market.
DSA Enforcement & Platform Accountability
❗ Commission Defends Staff and Enforcement Sovereignty Under the DSA
MEPs raised concerns regarding the publication of sensitive information in Parliamentary Question E-000880/2026. In a response on 20 May 2026, Executive Vice-President Virkkunen clarified that while the Digital Services Act requires the publication of decisions, companies are given the opportunity to redact sensitive business information. She noted that publishing unredacted personal data of EU staff exposes companies to potential GDPR liability, and the Commission is exploring a complaint to the competent Data Protection Authority. Virkkunen firmly framed the enforcement of EU digital regulations as a sovereign matter, emphasising that the Commission will fully support its staff against threats or defamatory acts.
❗ Age Verification Blueprint and Addictive Design Addressed
Detailing the protection of minors online in Parliamentary Question E-001173/2026, Executive Vice-President Virkkunen highlighted on 19 May 2026 the Commission’s newly developed zero-knowledge proof age verification solution. This mechanism allows users to confirm they are over 18 without revealing their identity. Virkkunen also noted that the Commission recently adopted preliminary findings against TikTok under the DSA, requiring the platform to disable features that contribute to excessive use and addictive design.
❗ Interplay Between the DSA, DMA, and Audiovisual Media Services Directive
The regulatory overlap for video-sharing platforms was addressed in Parliamentary Question E-000976/2026, where Executive Vice-President Virkkunen detailed on 19 May 2026 how the upcoming Audiovisual Media Services Directive review aims to streamline business compliance. She emphasised that the DSA requires transparency in recommender systems, noting the ongoing investigation into X, while the Digital Markets Act ensures contestability on platforms like YouTube, TikTok, and Instagram. The response positions the Commission as a vigorous enforcer of EU competition law in digital markets.
❓ Concerns Raised Over Meta’s Content Moderation Transparency
Potential transparency deficits in Meta’s content moderation were highlighted in Parliamentary Question E-001841/2026, submitted on 6 May 2026. The inquiry presses the Commission on whether Meta is sufficiently complying with its risk assessment obligations under the DSA, citing reports of reach restrictions and account suspensions affecting influencers discussing women’s health and LGBTQI issues. A response from the Commission is pending.
❓ Cross-Border Enforcement Against Online Abuse Networks
The obligations of online platforms regarding global abuse networks were questioned in Parliamentary Question E-001667/2026, submitted on 22 April 2026. The inquiry asks the Commission to evaluate a reported network using platforms like Telegram to facilitate the drugging and abuse of women, seeking clarity on enforcement actions under existing EU legislation. A response from the Commission is pending.
Cybersecurity (NIS2) & AI Act Implementation
❗ Infringement Proceedings Launched Over NIS2 Transposition
Addressing cybersecurity vulnerabilities, Executive Vice-President Virkkunen confirmed on 19 May 2026, in response to Parliamentary Question E-000973/2026, that the Commission has initiated an infringement procedure against Spain for failing to fully transpose the NIS2 Directive. The Commission underscored that robust cybersecurity is a strategic imperative in the current global threat landscape, explicitly framing compliance not just as a legal obligation but as a fundamental requirement to protect critical public administration infrastructure.
❓ MEPs Scrutinise the Operational Capacity of the EU AI Office
The operational readiness of the newly established EU AI Office was scrutinised in Parliamentary Question E-001864/2026, submitted on 6 May 2026. The inquiry focuses on reports that the office is understaffed and lacks access to advanced AI models, such as Anthropic’s Mythos, which could pose critical infrastructure risks. A response from the Commission is pending, which will likely clarify its strategy for institutional strengthening under the Artificial Intelligence Act.
❓ European Commission Faces Scrutiny Over Internal Cybersecurity Breaches
The credibility of the Commission’s own cybersecurity infrastructure was challenged in Parliamentary Question E-001941/2026 following a recent cyberattack on the Europa.eu platform. The inquiry highlights vulnerabilities in the open-source supply chain and questions institutional accountability in light of the NIS2 Directive requirements imposed on Member States. A response from the Commission is pending.
❗ Safeguarding Freedom of Expression in Online Moderation
Concerns about the EU Internet Forum’s handbook were addressed in Parliamentary Question E-001160/2026, where Mr Brunner clarified on 19 May 2026 that the guidance supports voluntary efforts to keep users safe and does not equate Eurosceptic speech or political satire with violent extremism. The Commission underscored that the DSA and the Terrorist Content Online Regulation contain strong fundamental rights safeguards to ensure content moderation remains non-discriminatory and lawful.
❓ MEPs Question Potential VPN Restrictions Linked to Age Verification
Public concerns over potential Virtual Private Network (VPN) restrictions linked to age verification were raised in both Parliamentary Question E-001916/2026 and Parliamentary Question E-001989/2026. The questions address fears that anti-circumvention measures could lead to indirect bans on VPNs, thereby threatening anonymous internet access and digital privacy. Responses from the Commission are pending.
❓ Surveillance Risks in National Security Legislation
The compatibility of Italy’s 2026 Security Law with the GDPR and NIS2 was questioned in Parliamentary Question E-001948/2026, submitted on 11 May 2026. The inquiry raises concerns over the expansion of interconnected video surveillance networks without minimum IT security or data protection requirements. A response from the Commission is pending.
❓ Rule of Law and Spyware Investigations in Member States
The rule of law and the handling of the Predator spyware case in Greece were raised in Parliamentary Question E-001962/2026. The inquiry questions whether the Supreme Court Prosecutor’s decision not to reopen the wiretapping investigation aligns with EU law and if the Commission will address it in its upcoming rule of law report. A response from the Commission is pending.
❗ Commission Reaffirms Sovereign Right to Enforce Digital Laws
When asked about the US freedom.gov initiative in Parliamentary Question E-001132/2026, Executive Vice-President Virkkunen declined on 22 May 2026 to speculate on the project’s intent. She clarified that the Commission lacks the legal authority to block websites, a power reserved for Member States. She firmly positioned the enforcement of EU digital law, including the DSA, as an expression of European sovereignty, asserting the Commission’s responsibility to regulate all companies operating in the EU fairly and without discrimination.
❓ EU-Canada Digital Partnership and Strategic Autonomy
The geopolitical implications of the EU-Canada Digital Partnership were questioned in Parliamentary Question E-001872/2026, submitted on 6 May 2026. The inquiry asks how the partnership aligns with the bloc’s broader goals for strategic autonomy in AI, probing whether such agreements might inadvertently return the EU to a state of technological dependence. A response from the Commission is pending.
❗ Commission Outlines Crisis Activation Protocols Under the EU Chips Act
The activation of crisis protocols under the EU Chips Act was the focus of Parliamentary Question E-001238/2026, to which Executive Vice-President Virkkunen responded on 21 May 2026. She clarified that activating the crisis stage requires evidence of serious disruptions and remains a prerogative of the Council, a threshold not currently met. The Commission indicated it is considering how to further reinforce the memory ecosystem in the forthcoming revision of the Chips Act, while maintaining that commercial supply arrangements primarily lie with the industry.
❗ Funding for Information Integrity and Disinformation Detection
Funding for technological tools to combat disinformation was outlined in Parliamentary Question E-001004/2026 by Executive Vice-President Virkkunen on 20 May 2026. She noted that around EUR 34 million€34MCited figure from Horizon Europe has funded projects like InVID and vera.ai under the European Democracy Shield. The Commission intends to continue supporting the EU information ecosystem through the proposed AgoraEU programme.
❓ Macroprudential Risks of AI in the Financial Sector
Macroprudential risks stemming from AI-assisted hacking were the subject of Parliamentary Question Z-000010/2026, directed to the European Central Bank on 13 May 2026. The inquiry asks the ECB to detail the measures it is taking regarding the dangers posed by applications like Anthropic’s models. A response is pending.
❓ Intersection of ESG Certifications and Data Protection
The intersection of corporate ESG certifications and GDPR compliance in Greece was examined in Parliamentary Question E-001867/2026. The inquiry questions whether linking a voluntary ‘Diversity Mark’ assessment of sexual orientation or nationality to funding opportunities complies with EU equal treatment directives and competition rules. A response from the Commission is pending.
An analysis of the Commission’s recent replies indicates a pronounced institutional shift toward rigorous enforcement and the assertion of digital sovereignty. The responses consistently frame the application of frameworks like the Digital Services Act and the NIS2 Directive not merely as administrative procedures, but as core sovereign duties. This positioning suggests an unwavering commitment to defending the EU’s regulatory autonomy against both external geopolitical initiatives and internal non-compliance, as evidenced by the initiation of infringement proceedings and the robust defence of Commission staff.
Furthermore, the material reveals a strategic effort by the Commission to balance strict platform accountability with fundamental rights. When addressing content moderation, age verification, and disinformation, the institution frames its technological solutions—such as zero-knowledge proofs—and statutory safeguards as sufficient to protect privacy and freedom of expression. This indicates a proactive narrative strategy to counter concerns regarding digital surveillance or regulatory overreach.
Overall, these communications suggest that the EU’s digital policy apparatus is fully transitioning into a mature enforcement phase. For public affairs professionals, the Commission’s tone indicates that regulatory leniency is unlikely, with a clear focus on structural compliance, systemic risk mitigation, and the unapologetic exercise of European digital sovereignty.
All Parliamentary Questions and Commission Answers are accessible via Policy-Insider.AI.
