This report covers Parliamentary Questions (PQs) and Commission replies published in November 2025. The documents reveal a significant focus on the implementation and clarification of core legislative frameworks, particularly the Digital Services Act (DSA). Key policy areas addressed include DSA enforcement, the interplay between the DSA and the European Media Freedom Act (EMFA), the scope of the EU’s cybersecurity architecture, and data protection principles in an increasingly interoperable digital environment. The Commission’s tone is consistently one of defending its established legal frameworks, clarifying their intended scope, and asserting its enforcement powers while respecting the boundaries of Member State competence. These developments are crucial for digital-policy professionals as they signal a definitive shift from legislative drafting to the practical realities of interpretation, enforcement, and the cross-sectoral impact of the EU’s digital rulebook.
❗ Commission Rejects Extraterritorial Jurisdiction for DSA/DMA
In a reply on 28 November 2025, Executive Vice-President Virkkunen clarified the geographical scope of the Digital Services Act (DSA) and Digital Markets Act (DMA). The Commission’s response to question E-003873/25 stated unequivocally that these laws apply exclusively to services offered to recipients within the EU and have no extraterritorial jurisdiction in the United States or elsewhere. The Commission also reiterated that the DSA does not define what content is illegal—a matter determined by national or other EU laws—but sets standards for platforms to protect user rights and address the circulation of illegal material through transparency and robust appeal mechanisms.
❗ Commission Outlines Comprehensive Cybersecurity Framework
Responding on 28 November 2025, Executive Vice-President Virkkunen detailed the EU’s multi-layered approach to cybersecurity. The answer to E-003871/25 highlights the NIS2 Directive and the Cyber Resilience Act (CRA) as the two landmark pieces of legislation. The Commission noted that the Cyber Solidarity Act will further bolster EU capacities, and a revision of the Cybersecurity Act is underway to enhance the mandate of ENISA, improve certification, and address supply chain security. This legislative suite is supported by policy tools like the EU Cyber Diplomacy Toolbox and the EU Hybrid Toolbox to counter state-sponsored interference.
❗ DSA and EMFA Safeguards for Media Content Moderation Explained
Executive Vice-President Virkkunen, on 28 November 2025, explained the complementary roles of the Digital Services Act (DSA) and the European Media Freedom Act (EMFA) in content moderation. In response to E-003962/25, the Commission noted that the EMFA requires Very Large Online Platforms (VLOPs) to give media service providers a 24-hour notice before removing their content. The DSA provides broader transparency tools, such as public databases and reporting, and gives users rights to appeal content moderation decisions. The Commission also cautioned that a causal link between new policies and content moderation rates cannot be easily derived from the available data.
❗ Commission Details Interplay of DSA, EMFA, and Hate Speech Code
In a reply dated 27 November 2025, Executive Vice-President Virkkunen clarified how different EU instruments address online content. The answer to E-004039/25 outlines that the voluntary Code of Conduct on countering illegal hate speech online complements the DSA’s mandatory obligations for Trusted Flaggers. Furthermore, the European Media Freedom Act (EMFA) provides specific safeguards for media service providers on VLOPs to prevent unwarranted content removal, which is described as fully complementary to the DSA’s framework on systemic risks.
❗ DSA Complements Anti-Piracy Efforts, Commission Confirms
On 28 November 2025, Executive Vice-President Virkkunen affirmed the Commission’s commitment to fighting online piracy, supported by the Digital Services Act (DSA). The response to E-004038/25 states that the DSA’s measures for combating illegal content support efforts to streamline removal processes. The Commission emphasized its direct enforcement competence over designated VLOPs but reiterated that the DSA does not define what content is illegal. The reply also mentioned an upcoming assessment of the 2023 Recommendation on combating online piracy of live events, which will determine if further EU-level measures are needed.
❗ Commission Confirms DSA Electoral Risk Guidelines Consultation
In a 24 November 2025 response, Executive Vice-President Virkkunen provided details on a stakeholder consultation for DSA guidelines. The answer to E-003285/25 confirmed that an exploratory consultation on draft guidelines for mitigating systemic risks to electoral processes under the Digital Services Act was held from February to March 2024, gathering 77 contributions. The remainder of the reply addressed a separate budgetary matter concerning funding for the European Partnership for Democracy (EPD).
❓ MEPs Press Commission on DSA Enforcement Against X and Chatbot Grok
A parliamentary question (E-003843/2025) submitted on 2 October 2025 by Pierre Jouvet (S&D) urges the Commission to act on alleged biases and pro-Nazi remarks generated by the chatbot Grok, part of the social network X. The questioners argue this is incompatible with the Digital Services Act (DSA), particularly Articles 34 and 35 concerning systemic risk assessments of algorithmic systems on fundamental rights. MEPs ask about the progress of existing DSA infringement investigations into X and whether a new, specific investigation into Grok will be launched. A response from the Commission is pending.
❓ MEPs Question Commission on Meta’s Revenue from Scam Advertising
Veronika Cifrová Ostrihoňová (Renew) and other MEPs submitted a question on 17 November 2025 (E-004574/2025) regarding Meta’s alleged revenue from scam advertising. Citing reports that a significant portion of Meta’s revenue may originate from fraudulent ads, the MEPs ask if the Commission is aware of the scale of the issue for EU users and whether it has assessed the revenue linked to such ads in the EU. They also query if the Commission will examine these practices as potential infringements of the Unfair Commercial Practices Directive. A response is pending.
❓ MEPs Raise Concerns Over Big Tech’s Impact on Media Independence
In a question filed on 12 November 2025 (E-004498/2025), a cross-party group of MEPs including Tomáš Zdechovský (PPE) and Nathalie Loiseau (Renew) highlighted the threat to Europe’s independent media from the dominance of very large online platforms and the rise of AI. They argue that existing EU legislation has failed to rebalance the value distribution and that AI models further harm publishers by using content for training without directing users to original sources. The MEPs ask if the Commission will take action to incentivise or redirect advertising investment towards trusted European media. A response is pending.
❓ MEPs Question Regulatory Burden and Call for Digital Sovereignty Plan
Harald Vilimsky (PfE) and Georg Mayer (PfE) submitted a question on 19 November 2025 (E-004609/2025) expressing concern that digital regulations like the DSA and AI Act are creating excessive bureaucratic burdens, particularly for SMEs. They ask what measures are being taken to review regulations for effectiveness and feasibility, how the Commission will ensure non-digitally literate citizens can access public services, and why there is no coherent European investment plan for achieving digital sovereignty. A response from the Commission is pending.
❗ Commission Defends EU Data Protection Rules Amid Spyware Concerns
On 25 November 2025, the Commission responded to a question (E-003048/25) regarding alleged police infiltration and surveillance in Italy. While stating it is not competent to investigate specific national police operations, Commissioner McGrath reiterated the Commission’s firm position that any illegal access to citizens’ data via spyware is unacceptable. The reply highlights that even where national security is invoked, national checks and balances must be in place. The Commission pointed to the comprehensive protection offered by the ePrivacy Directive and the Law Enforcement Directive, which are subject to control by supervisory authorities and judicial review.
❗ Commission Clarifies Stance on WiFi Calling and Emergency Services
In a reply dated 28 November 2025, Executive Vice-President Virkkunen addressed the topic of WiFi calling. The response to E-003604/2025 clarifies that under the European Electronic Communications Code (EECC), national authorities should not impose or discriminate in favour of a particular technology. The decision to offer WiFi calling is left to service providers. Regarding emergency communications, the Commission notes that providers must ensure caller location information is available, and if WiFi calling limits this capability, operators might use traditional services to comply with the legal requirements.
❓ MEPs Seek Safeguards Against “Function Creep” in EU Digital Systems
Christine Anderson (ESN) submitted a question on 17 November 2025 (E-004566/2025) concerning the risk of “function creep” if GDPR rules on secondary data use are relaxed. The question highlights the increasing interoperability between systems like the European Digital Identity Wallet, travel databases, and platforms under the DSA. The MEP asks what safeguards will prevent cross-system profiling, whether the Commission will conduct a cumulative fundamental rights assessment of relaxing GDPR, and how it will ensure interoperability is not used to justify broader data flows. A response is pending.
❗ Commission Highlights Digital and Health Initiatives for Autism Support
On 24 November 2025, Commissioner Lahbib responded to a question (E-003625/25) on support for individuals with autism. The reply notes that the Biotech Act and the European Health Data Space will support earlier diagnosis through advanced digital tools and biomarkers. The Commission also mentioned the role of the European Reference Network ITHACA in coordinating care and diagnosis. The response further detailed how EU Cohesion Policy Funds and Erasmus+ can support accessible infrastructure and inclusive education, respecting Member States’ competences in this area.
❗ Copernicus and Cohesion Policy Funds Available for Forest Risk Management
In two separate replies, the Commission detailed the EU tools available for managing forest risks like droughts and fires. On 25 November 2025, in response to E-003911/25, Executive Vice-President Fitto confirmed that the Copernicus Emergency Management Service (CEMS) provides near real-time data on drought impacts on vegetation without needing activation. On 26 November 2025, responding to E-003686/25, the Commission noted that Cohesion Policy, CAP, and the RRF provide Member States with flexibility to design forestry interventions, with billions allocated for risk prevention. The European Forest Fire Information System provides data to support risk assessment and fund allocation.
❓ MEPs Flag Conflict Between Banking Rules and SME Reporting Simplification
A question submitted on 17 November 2025 (E-004575/2025) by Christophe Gomart (PPE) and other MEPs raises concerns about a potential conflict in EU legislation. They argue that while the omnibus package aims to simplify ESG reporting for SMEs under CSRD, prudential rules under the Capital Requirements Regulation (CRR) still require banks to request this data from SMEs for risk assessments. This, they claim, undermines the goal of simplification. The MEPs ask if the Commission will adapt the prudential legislation to align with the CSRD framework and genuinely reduce the administrative burden on SMEs. A response is pending.
❓ MEPs Question Frontex Data Sharing and Surveillance Technology in West Africa
Özlem Demirel (The Left) filed a question on 20 November 2025 (E-004645/2025) regarding a new Frontex mission conducting surveillance flights off the coasts of Senegal, Mauritania, and the Gambia. The question seeks details on the surveillance technology used, the company operating it, and which authorities in Cabo Verde, neighbouring countries, and Spain receive the data. Citing human rights concerns and risks to the principle of non-refoulement, the MEP asks what technical protocols and safeguards are in place to protect personal data.
❓ MEPs Allege Pressure on Telegram and Interference in Judicial Process
In a question submitted on 2 October 2025 (E-003854/2025), Tomasz Froelich (ESN) raises allegations made by Telegram’s founder concerning pressure from intermediaries linked to French intelligence. The question claims these intermediaries sought censorship of certain Telegram channels in Moldova in exchange for favourable outcomes in a French judicial case. The MEP asks if the Commission is aware of the allegations and whether EU law provides protection against such pressure on platforms to remove legal speech. A response from the Commission is pending.
❓ MEPs Question Proposed EU Electoral Law Reforms and “Democracy Shield”
Harald Vilimsky (PfE) and Georg Mayer (PfE) submitted a question on 19 November 2025 (E-004610/2025) regarding proposed reforms to EU electoral law. They ask how the Commission will ensure the “European Democracy Shield” is not misused for political censorship, particularly against Eurosceptic voices. The question also challenges the Commission on low voter turnout and its justification for harmonising national electoral laws, which they argue is a Member State competence. A response is pending.
❓ MEP Questions Treaty Limits on Potential EU Intelligence Body
Following media reports about a possible new EU strategic information unit, Christine Anderson (ESN) submitted a question to the Council on 19 November 2025 (E-004612/2025). The question seeks confirmation that the EU cannot establish a body with intelligence-gathering powers under the current Treaties without a unanimous revision by Member States, as national security remains a sole Member State responsibility under Article 4(2) TEU. The MEP asks if Member States have authorised any initiative towards a common EU intelligence capability. A response is pending.
The Commission’s replies from this period collectively project an image of a mature and comprehensive digital regulatory state moving into a phase of active implementation and defense. A primary cross-cutting theme is the positioning of the Digital Services Act (DSA) as a robust, yet carefully circumscribed, cornerstone of the EU’s digital order. The Commission consistently clarifies that the DSA’s role is not to define illegality but to enforce procedural accountability, transparency, and user rights, pushing back against suggestions of extraterritoriality (E-003873/25) and framing it as complementary to other targeted legislation like the European Media Freedom Act (E-003962/25).
A second insight derived from the Commission’s answers is its emphasis on an interlocking legislative arsenal. The response on cybersecurity (E-003871/25), which lists the NIS2 Directive, Cyber Resilience Act, Cyber Solidarity Act, and an upcoming Cybersecurity Act revision, indicates a strategy of creating a dense, multi-layered regulatory environment to address complex threats. This approach suggests that the Commission views individual legislative files not in isolation, but as interconnected components of a broader architecture designed to govern the digital space comprehensively, from infrastructure security to content moderation and data protection.
Finally, the Commission’s responses reveal a clear delineation of its own powers, carefully deferring to Member State competence where appropriate. It asserts its exclusive enforcement mandate over VLOPs under the DSA but simultaneously stresses that national law defines illegal content (E-004038/25). Similarly, it declines to investigate national police operations (E-003048/25), framing its role as ensuring the EU legal framework (e.g., ePrivacy Directive) is upheld. This consistent messaging reveals an institution focused on consolidating and enforcing its established digital rulebook within the precise boundaries of its Treaty-based authority.
