A draft item circulated to FCC commissioners last week appears to be the anticipated order creating the FCC’s Space Bureau (see 2211030032). The draft order, titled “Establishment of the Space Bureau and the Office of International Affairs and Reorganization of the Consumer and Governmental Affairs Bureau and the Office of the Managing Director" was circulated Dec. 6, but an FCC spokesperson declined to say whether it had received any votes. Chairwoman Jessica Rosenworcel said creating the bureau would involve reorganizing the International Bureau to create a Space Bureau to handle satellite issues and a separate Office of International Affairs for the other operations formerly handled by the IB. The order is expected to get bipartisan support (see 2211090061).

Artificial intelligence systems should be safe and respect human rights, EU telecom ministers said Tuesday, agreeing on a negotiating stance on the proposed EU Artificial Intelligence Act. Among other things, the European Council narrowed the original European Commission definition of an AI system to those developed through machine learning approaches and logic- and knowledge-based approaches to distinguish them from simpler software systems. It extended the prohibition against using AI for social scoring to private actors and broadened the bar against using AI to exploit vulnerable people to those who are vulnerable due to their social or economic situation. The council also clarified when law enforcement agencies should, in exceptional cases, be allowed to use real-time remote biometric identification systems in public spaces; and added protections to ensure high-risk AI systems aren't likely to cause serious fundamental rights breaches. A new provision addressed situations where AI can be used for many different purposes (general purpose AI) and where such AI technology is then integrated into another high-risk system. The council version explicitly excluded national security, defense and military purposes from the scope, as well as AI used solely for research and development. It also set more proportionate caps on fines for small and mid-sized businesses and start-ups. The legislation needs approval from the council and the European Parliament, whose negotiating stance hasn't been finalized. The negotiating document sparked criticism from a consumer group and a member of the European Parliament. The European Consumer Organisation said ministers "reached a disappointing position for consumers" by leaving too many key issues unaddressed, such as facial recognition by private companies in publicly accessible places, and by watering down provisions about which systems would be classified as high risk. It urged EU lawmakers to stand up for consumers. One legislator, Patrick Breyer of the Greens/European Free Alliance and Germany, agreed. The Council approach is "extremely weak" on the use of AI for mass surveillance purposes, he emailed: "With error rates (false positives) of up to 99%, ineffective facial surveillance technology [bears] no resemblance to the targeted search that governments are trying to present to us."

EU governments approved stronger cybersecurity rules Monday. Once the revised network and information security directive (NIS2) takes effect, EU members will have 21 months to enact it into national law, the European Council said. NIS2 will "set the baseline for cybersecurity risk management measures and reporting obligations across all sectors that are covered by the directive, such as energy, transport, health and digital infrastructure." It will apply to providers of public electronic communications services, digital services and domain name system services (see 2103220038). It will harmonize cybersecurity requirements and the way they're implemented in different countries. Under the original directive, it was up to governments to determine which entities met the criteria to qualify as essential services subject to the rules, but NIS2 introduces a size-cap rule. It also adds additional provisions "to ensure proportionality, a higher level of risk management and clear-cut criticality criteria" to allow national authorities to determine if other entities should be covered. NIS2 won backing from the European Parliament Nov. 10.

Airlines will now be allowed to provide in-flight 5G services, the European Commission announced. Its updated decision on spectrum for mobile communications on aircraft will enable passengers to use their phones in the same way they do terrestrial networks, paving the way for widespread 5G deployment. The in-cabin service will use pico-cells to connect users and route calls, text and data, usually via a satellite network. The EC also amended an order on 5 GHz bands to make them available for Wi-Fi in cars, buses and other road transport. EU countries must make the spectrum available as soon as possible, or by June 30, 2023 at the latest.

Europe is upping its game on cyberdefense, European Commission officials said at a Thursday briefing. Cyberspace is "increasingly contested and the number of cyber-attacks against the EU and its Member States continues to grow," an EC Q&A noted. Russia's attack on the KA-SAT satellite network, which disrupted communications for several public authorities and Ukrainian armed forces, shows how much civilian and defense players rely on the same critical infrastructure, it said. The European security and defense package encompasses a cyberdefense policy and a plan for free movement of military forces by cutting bureaucracy and ensuring up-to-date infrastructure and digitalized procedures, said Margrethe Vestager, EC executive vice president-Europe Fit for the Digital Age. One common thread for both is the need for better cooperation between military and civilian actors, said EU High Representative for Foreign Affairs and Security Josep Borrell. The plan intends to, among other things, create an EU cyberdefense coordination center and a network of military computer emergency and response teams akin to civilian ones, and to address gaps in the cyberdefense workforce, he said. Bad actors can also do damage through 5G networks, Vestager said. Nearly three years after the EC adopted a 5G toolbox to keep networks secure, some EU countries haven't done so, she said: Those that haven't imposed restrictions on high-risk suppliers must act quickly. Asked how vulnerable Europe is to cyberattacks, Vestager noted worrying incidents around Europe, including assaults on Danish and German railroads and on the Nord Stream pipelines, not to mention the attack on Ukraine: "It is piling up." The defense and military mobility package is part, but not all, of the answer, she said.

Residential broadband demand in Ukraine is rebounding, with Ukrtelecom connecting 2,000 residential subscribers a week to fiber networks since June, Point Topic analyst Jolanta Stanke wrote Monday. More than 13,000 SpaceX Starlink terminals have been donated to Ukraine, she said. She said 87% of Ukrainian settlements covered by Ukrtelecom have internet access, including those in the Kharkiv region liberated by Ukrainian forces earlier this fall. Ukrtelecom deployed nearly 5,000 kilometers of fiber in 2022, with its fiber subscriber base up 33% over September 2021. The start of war in February meant Ukrainian ISPs limiting broadband speeds to residential subscribers as they dedicated more bandwidth to Ukrainian military needs. Services have returned to normal, with main backbones now having significant redundancy, she said.

Hikvision USA said an FCC proposal to further clamp down on gear from mostly Chinese companies, preventing the sale of yet-to-be authorized equipment in the U.S. (see 2210130076), would be “unprecedented, unjustified and unlawful.” The China-based company said there's no justification for banning the gear it sells in the U.S. “Even when this equipment is connected to a public telecommunications or broadband network, the equipment itself generally operates on private networks, and only traverses public networks when instructed to do so by end users,” said a filing posted Thursday in docket 21-232: “This video surveillance equipment simply has nothing to do with the operation, safety, and security of telecommunications and broadband networks, and nothing in the record establishes that this peripheral end user equipment poses any threat to those public telecommunications and broadband networks, or to the end users who purchased this equipment.”

China’s Dahua Technology, one of the companies on the FCC’s list of companies deemed to be a threat to U.S. networks, offered concessions as the FCC looks at whether to bar the gear it sells in the U.S. from being authorized for use here (see 2210200056). The company met with an aide to Commissioner Geoffrey Starks, said a filing posted Monday in docket 21-232. “Although Dahua USA believes that the Security Equipment Act does not cover any products that Dahua USA currently sells” in the U.S. market “and does not authorize the commission to exclude all Dahua USA equipment from the … equipment authorization process” the company is “prepared to accept reasonable safeguards, including labeling, recordkeeping, and certification requirements to alleviate any national security concerns,” the filing said.

Net neutrality rules need updating for an evolving internet ecosystem, the U.K. Office of Communications said in an Oct. 21 consultation. EU net neutrality legislation enacted in 2016 became part of U.K. law after Brexit, but because the rules constrain ISPs' activities, they may be viewed as hampering ISPs' ability to innovate, develop new services and manage their network for better user experiences, said Ofcom, seeking comments by Jan. 13. It proposed allowing ISPs to: (1) Offer premium quality packages and services, such as for people who have high-quality virtual reality apps. (2) Develop "specialized services" for content and applications that need to be optimized. (3) Use traffic management measures to manage their networks. (4) Offer zero-rating (where the data used by certain websites or apps is not counted toward a customer’s overall data allowance) in most cases. The regulator is also considering possible new laws that would allow retail packages to offer different quality standards (such as for a package that only has a specific gaming app that needs guaranteed low latency); and give ISPs more flexibility to use traffic management for specific content to address congestion. Ofcom also waded into the debate on whether ISPs should be able to charge content providers for carrying traffic (see 2210130001), saying, "While there are potential benefits to a charging regime, we have not yet seen sufficient evidence that this is needed." That's a decision for the government and Parliament, Ofcom noted. A statement is due next fall.

China Unicom (Americas) asked the FCC to reconsider its September decision to add it to the agency’s list of "covered" equipment suppliers -- deemed to present security concerns (see 2209200045). CUA questioned whether it had been given adequate opportunity to respond and said an April 2020 letter asking the company to explain why the FCC shouldn't begin the process of revoking its domestic and international authorizations can’t be used to place it on the covered list. “Two years after receiving a letter that explicitly declined even to recommend any action, including under the Secure Networks Act, and five months after CUA ceased offering services under section 214 of the Communications Act, the [Public Safety] Bureau has concluded that the two-year-old 2020 Letter was a determination that the now-terminated services are currently capable of posing a threat to national security,” CUA said in a filing posted Friday in docket 18-89. “That conclusion is inexplicable,” the company said: “It is contrary to the Secure Networks Act; a non-recommendation presenting unsigned ‘views,’ developed without any process or participation by the affected company, could not have been a determination triggering a Secure Networks Act listing with all its consequences, even at the time it was made, much less two years later.”