This report covers Parliamentary Questions (PQs) and European Commission replies published between 6 and 12 October 2025. The key policy areas under scrutiny include the enforcement of the Digital Services Act (DSA), particularly concerning child safety and illegal content on platforms like X and Roblox, the implementation of cybersecurity rules under the NIS2 Directive, and the real-world impact of the AI Act on jobs and innovation. Other significant topics include the EU’s industrial strategy for cloud and AI infrastructure, the geopolitical dimension of information manipulation, and the application of digital rules to sectors from transport to media.
The Commission’s responses project an institution focused on the implementation and enforcement of its landmark digital legislation. It consistently frames its regulatory framework as a comprehensive, multi-layered system designed to protect citizens while simultaneously fostering technological sovereignty and competitiveness. The replies emphasize procedural correctness, the specific competencies of EU versus national authorities, and the strategic intent behind initiatives like the ‘AI Continent Action Plan’ and the ‘Competitiveness Compass’.
Digital Services Act (DSA) Enforcement & Scope
❗ Commission Confirms DSA Does Not Apply Outside the EU
In a reply on 8 October 2025, Executive Vice-President Virkkunen clarified that the Digital Services Act (DSA) applies solely within the European Union. The Commission stated it has never instructed or encouraged online platforms to apply the DSA’s rules extraterritorially. The response to question E-003271/2025 highlighted that platforms routinely adapt content moderation to comply with diverse global regulations and that the DSA empowers EU users with transparency and appeal rights, noting that nearly 35% of content removals by Meta and TikTok were overturned in the second half of 2024 thanks to these new mechanisms.
❗ Commission Clarifies Roblox is Not a VLOP; Dutch Authority is Competent
Responding to concerns about online grooming on the Roblox platform, the Commission stated that Roblox is not currently designated as a Very Large Online Platform (VLOP) as its user numbers are below the 45 million threshold. In its 9 October 2025 answer to question E-003320/2025, Executive Vice-President Virkkunen explained that supervision and enforcement of the DSA for Roblox falls under the exclusive power of the Dutch Digital Services Coordinator (DSC). The Commission also clarified that it does not have the power to suspend services directly but can request national DSCs to act under strict conditions, with the final decision resting with a national judicial authority.
❗ Commission Confirms Ongoing Investigation into X Regarding Illegal Content
In response to a question (E-003235/25) about the alleged distribution of child sexual abuse material (CSAM) on platform X, the Commission confirmed it has an ongoing investigation into the platform’s procedures for countering illegal content. In the 9 October 2025 reply, Executive Vice-President Virkkunen reiterated that under the DSA, platforms accessible to minors must ensure a high level of safety and have mechanisms to flag illegal content. The Commission also referenced its recently published guidelines on the protection of minors as a tool to assist platforms in meeting their obligations.
AI Act Implementation & Impact
❓ MEPs Question AI Act’s High-Risk Provisions Ahead of 2026 Deadline
A group of MEPs from the ECR group has questioned the Commission on the potential for the AI Act’s provisions on high-risk systems to hinder innovation and harm EU competitiveness. In question E-003745/2025, submitted on 26 September 2025, the members ask if the Commission intends to review or suspend these categories before they enter into force in August 2026, citing concerns from experts and the Act’s principal drafter. A response from the Commission is pending.
❗ AI Act Positioned as a Safeguard for Jobs, Not a Threat
The Commission has positioned the AI Act as a key safeguard for workers in the face of technological change. In a 9 October 2025 response to question E-003317/25, Executive Vice-President Mînzatu stated that AI is expected to automate certain tasks rather than replace entire professions. The reply highlights that the AI Act classifies AI systems in employment as high-risk, imposing strict requirements for transparency and human oversight. This, along with the Platform Work Directive and investments in skills, forms the Commission’s strategy to support ethical AI deployment and promote fair workplaces.
Cybersecurity (NIS2, CRA, ePrivacy)
❗ Commission Notes Infringement Proceedings Over NIS2 Transposition
Following repeated IT failures on Spain’s rail network, the Commission noted the importance of correctly implementing EU cybersecurity and resilience legislation. In a 10 October 2025 answer to question P-003430/25, Commissioner Tzitzikostas confirmed that the Commission has launched infringement proceedings against Member States, including Spain, that have not communicated national transposition measures for the Critical Entities Resilience (CER) Directive. The reply emphasized that Member States have the main responsibility for mitigating national security implications under both the NIS2 and CER Directives.
❗ Commission Outlines Multi-Layered Legal Framework Against Cyber Threats
The Commission has detailed its robust legal framework for cybersecurity in response to a question on building resilience against hybrid threats. In an 8 October 2025 reply (E-003226/2025), Executive Vice-President Virkkunen highlighted the NIS2 Directive, the Cyber Resilience Act, and the EU Cyber Blueprint as key components. The response also noted that Member States can use a minimum harmonisation approach when transposing NIS2 to account for national circumstances, and pointed to the upcoming European Democracy Shield to counter foreign information manipulation.
❗ Commission Cites EMFA and Cyber Resilience Act in Response to Spyware Concerns
Addressing concerns over the use of spyware in Italy, the Commission stated that any illegal access to citizens’ data is unacceptable. In a 7 October 2025 reply (E-002375/25), Executive Vice-President Virkkunen pointed to several legal safeguards, including the newly applicable European Media Freedom Act (EMFA) for protecting journalistic sources, the ePrivacy Directive, and the Law Enforcement Directive. The Commission also noted that the forthcoming Cyber Resilience Act will make it more challenging for threat actors to deploy spyware by setting cybersecurity requirements for hardware and software.
❓ MEPs Raise Concerns Over NIS2 Directive’s Disproportionate Burden
MEPs have raised concerns that the NIS2 Directive is imposing disproportionate compliance costs on entities not originally intended to be covered, such as large schools with solar panel installations. In question E-003771/2025 submitted on 29 September 2025, MEP Wouter Beke (PPE) asks if the Commission will consider simplification measures, such as introducing clear thresholds or exemptions, to reduce the burden on such institutions. A response is pending.
Digital Markets Act (DMA)
❓ MEPs Question if DMA is Delaying Innovation for EU Consumers
A group of ECR MEPs has asked the Commission to respond to concerns that the Digital Markets Act (DMA) is delaying EU consumers’ access to digital innovations. The question (E-003802/2025), submitted on 30 September 2025, cites Apple’s announcement that new features like real-time translation via AirPods will not be available in the EU at the same time as other regions due to DMA interoperability obligations. The MEPs ask what steps are being taken to ensure the DMA does not undermine innovation. A Commission response is pending.
Child Safety Online
❗ Commission Details Comprehensive Toolbox for Protecting Minors Online
The Commission has outlined its multi-faceted approach to protecting children online, emphasizing a combination of legislative and strategic initiatives. In an 8 October 2025 response (E-003331/2025), Executive Vice-President Virkkunen identified the Audiovisual Media Services Directive (AVMSD), the DSA, and the Better Internet for Kids+ (BIK+) strategy as core components. The reply also highlighted ongoing DSA proceedings against TikTok, Meta, and adult content platforms, as well as the development of an EU age verification solution based on the EU Digital Identity Wallet.
❓ MEPs Propose EU-Funded AI for Parental Control
A group of MEPs from the PfE group has asked the Commission if it would consider financing the development of an AI model specializing in the protection of minors, to be used exclusively under parental control. The question (E-003837/2025), submitted on 1 October 2025, suggests such a tool could protect children from unsolicited contact, harmful content, and data theft. They also ask if agencies like Europol or Eurojust could provide data to train such a model. A response is pending.
Privacy & Surveillance
❓ MEPs Challenge Commission on ‘Chat Control’ Regulation
MEPs Kostas Papadakis (NI) and Lefteris Nikolaou-Alavanos (NI) have strongly criticized the proposed ‘Chat Control’ regulation, labeling it a tool for mass surveillance and censorship. In their question E-003835/2025 of 1 October 2025, they argue the proposal abolishes privacy and transfers responsibility for child protection to large corporations. They ask for the Commission’s view on the collection of user conversations and the impact on freedom of expression. A response is pending.
❗ Commission Highlights Strategy to Triple EU Data Centre Capacity
The Commission has reaffirmed its commitment to strengthening the EU’s technological independence by investing in critical technologies like AI, quantum computing, and cloud infrastructure. In a 6 October 2025 reply (E-002507/2025), Commissioner Zaharieva highlighted the ‘Competitiveness Compass’ and the ‘AI Continent Action Plan’. The response announced a forthcoming ‘Cloud and AI Development Act’ aimed at tackling obstacles to infrastructure development, with the goal of tripling the EU’s data centre capacity in the next five to seven years to support technological sovereignty.
❓ MEPs Call for Enhanced Resilience of Mobile Networks After Blackouts
Following recent blackouts in Spain and Portugal, MEPs have urged the Commission to promote a more harmonised approach to strengthening the resilience of mobile network infrastructure. In question E-003786/2025 from 30 September 2025, they ask if the Commission will push for mobile network sites to be prioritised in electricity restoration plans and explore EU funding for backup power systems. A response from the Commission is pending.
❓ MEPs Inquire About Mandatory AI in Vehicle Inspections
An MEP has asked the Commission about its plans for integrating Artificial Intelligence into technical vehicle inspections. Question E-003818/2025, submitted on 1 October 2025, asks when the Commission plans to make AI use compulsory for tasks like visual inspection or emission measurements, what ethical standards would be required, and whether Horizon Europe funds could support pilot projects. A response is pending.
❗ Commission Affirms Support for Human Interpreters in the Age of AI
The Commission has expressed its commitment to supporting human interpreters as they adapt to AI, viewing technology as a complementary tool rather than a replacement. In a 7 October 2025 response to question E-003095/25, Commissioner Serafin stated that the Commission engages in dialogue with the sector, supports upskilling, and actively promotes the profession to attract new talent. The reply also confirmed ongoing cooperation with universities to train interpreters in language combinations needed by EU institutions.
❓ MEPs Fear Digital Fairness Act Threatens EU Video Game Industry
MEP Catherine Griset (PfE) has raised concerns that the upcoming Digital Fairness Act could undermine the competitiveness of Europe’s video game industry. In question E-003793/2025 of 30 September 2025, she asks the Commission to guarantee the Act will focus on self-regulation and investment support rather than restrictive rules that could benefit US and Asian competitors. A response is pending.
❓ MEPs Probe Commission on Funding of Dual-Use Tech in Horizon Europe
MEP Marc Botenga (The Left) has questioned the Commission over an apparent contradiction regarding the funding of dual-use technologies under the Horizon Europe programme. Question E-003892/2025, submitted on 3 October 2025, contrasts a previous Commission statement that Horizon Europe has an “exclusive focus on civil applications” with a more recent announcement implying that parts of the programme fund technologies with potential dual-use applications. A response is pending.
❗ Commission Frames ‘Competitiveness Compass’ as Key to Boosting EU Manufacturing
In a response concerning Greece’s economic challenges, the Commission highlighted its broader strategy to strengthen the EU’s business climate and domestic manufacturing. The 8 October 2025 reply from Commissioner Dombrovskis to question E-003038/2025 identifies the ‘Competitiveness Compass’ as a key policy framework. It also notes that strengthening domestic manufacturing capacity in critical technologies like AI and semiconductors is a priority for the post-2027 multiannual financial framework.
❗ EEAS Details Response to Chinese Information Manipulation Tactics
The European External Action Service (EEAS) has outlined its strategy for countering foreign information manipulation and interference (FIMI) from China. In an 8 October 2025 answer (P-003237/25) on behalf of the Commission, High Representative/Vice-President Kallas described Chinese tactics that include using private firms and influencers, as well as transnational suppression to silence critical voices. The EEAS response involves boosting situational awareness, enhancing counter-manipulation capabilities, and developing policies to impose costs on FIMI perpetrators, complemented by the Commission’s work on the democracy shield.
❓ MEPs Question if Signal App Falls Under EU Communications Code
MEP Markéta Gregorová (Verts/ALE) has asked the Commission whether the messenger application Signal falls under the definition of a service “normally provided for remuneration” as defined in the European Electronic Communications Code. The question (E-003714/2025), submitted on 24 September 2025, seeks to clarify the regulatory scope of the Code for free-to-use applications. A response from the Commission is pending.
❓ MEPs Challenge Ryanair’s Move to Digital-Only Boarding Passes
The Commission has been asked to assess whether Ryanair’s decision to scrap paper boarding passes in favour of a mandatory mobile app complies with EU non-discrimination and consumer protection laws. Question E-003825/2025 from 1 October 2025 raises concerns that the move could discriminate against digitally excluded people or those with limited digital skills. A response is pending.
❗ Commission Open to Revising Public Procurement Rules for Digital Media
The Commission has indicated it will consider expanding public procurement exemptions to include print and digital media in a future revision of the relevant directives. In a 10 October 2025 reply to question E-003247/25, Executive Vice-President Séjourné acknowledged the important role of professional media in informing citizens. While the current evaluation of the 2014 directives is ongoing, the Commission will consider options to shape a new proposal, including on the scope of exemptions, in line with its priority of supporting independent media.
❗ Commission Responds to ‘Pfizergate’ SMS Query with Procedural Reply
In response to a priority question (P-003182/25) regarding deleted SMS messages between the Commission President and Pfizer’s CEO, the Commission has referred to a new confirmatory decision adopted to implement a General Court judgment. The 6 October 2025 reply from Mr Šefčovič directs the MEP to the publicly available decision C(2025)5429, which provides a more detailed explanation for its position that it does not hold the requested documents, thereby avoiding a direct answer on whether messages were deleted or devices were tampered with.
Based on the Commission’s replies from this period, several cross-cutting themes emerge that offer insight into its current digital policy posture. Firstly, there is a clear and consistent emphasis on enforcement and implementation. The Commission actively highlights its supervisory role, detailing ongoing DSA investigations into major platforms, launching infringement proceedings for delayed NIS2 transposition, and monitoring the CER Directive. This suggests a deliberate effort to project an image of an institution that is moving beyond legislation into active, hands-on governance of the digital single market.
Secondly, the Commission frames its digital legislative arsenal as a comprehensive and interconnected shield. When faced with specific issues—be it spyware, child safety, or the impact of AI on jobs—its responses rarely rely on a single piece of legislation. Instead, they weave together multiple regulations (e.g., DSA, EMFA, ePrivacy, AI Act, Cyber Resilience Act) to demonstrate a holistic approach. This narrative positions EU digital policy not as a collection of disparate rules, but as a coherent, multi-layered system designed to address complex, overlapping challenges from various angles.
Finally, the Commission consistently positions its regulatory framework as a core component of its strategy for competitiveness and technological sovereignty. While MEPs frequently voice concerns that rules like the AI Act or DMA could stifle innovation, the Commission’s replies counter this by linking regulation directly to strategic industrial goals. Initiatives like the ‘Competitiveness Compass’ and the ‘AI Continent Action Plan’ are presented as complementary to the legal framework, with the ultimate aim of fostering EU leadership in critical technologies like AI and cloud infrastructure. This framing suggests the Commission views a well-regulated market as a prerequisite for, rather than an obstacle to, long-term economic strength and strategic autonomy.
