Photo of Matthieu Coget

Matthieu Coget

Matthieu Coget's practice sits at the intersection of law and policy, with a focus on European economic security. He advises on the EU’s evolving trade, industrial policy and regulatory tools in response to growing geopolitical and trade tensions, including relevant legal and regulatory frameworks, as well as the geopolitical and reputational risks arising from cross-border transactions pertaining to strategic supply chains.

Matthieu also regularly supports clients in designing and implementing policy engagement strategies, and building and coordinating coalitions at both EU and Member State level.

Matthieu also maintains an active pro bono practice.

Contact:Read more about Matthieu CogetEmail

In previous blogs, we have written about the EU-China relationship and how the EU was increasingly focused on delivering its policy of Strategic Autonomy. We are beginning to see the concrete implementation of this strategic intent, with the EU Commission approving a €902 million German State aid measure to support the construction of an electric vehicle battery production plant.  As Margrethe Vestager, EVP for Competition Policy noted, this is the first individual aid to have been approved under the Temporary Crisis and Transition Framework since March 2023 and its approval will keep the battery plant in the EU, rather than it moving to the US.

And the EU is planning to take further measures to enhance and protect its economic security in pursuit of the goal of strategic autonomy. On December 10, the Commission unveiled its Agenda outlining for items to be addressed in early 2024. Of note is the European Economic Security Package (EESP), due for discussion on 24 January.

It had been planned to adopt the EESP by the end of 2023.  However, its adoption faced delays due to Member States’ concerns about ceding authority to Brussels in an area traditionally reserved for national competence. For its part, the Commission argues that a “Europeanization” of the EU trade rules was required to ensure consistency across the bloc following decisions by various Member States to issue their own trade measures (for example, on export controls).

Although full details of the EESP have not yet been released, key components of the EESP will include a revision of the Foreign Direct Investment Screening Regulation and an initiative regulating outbound investments. The Agenda for 24 January also includes a non-binding Communication restricting export of dual-use items.

Continue Reading The European Economic Security Package

On December 14, 2023, the U.S. Congress passed the National Defense Authorization Act for FY 2024 (NDAA), authorizing $886 billion in defense spending. Amid its numerous provisions, there is the concept of the “national technology and industrial base,” which now includes the United States, Canada, the United Kingdom, Australia, and New Zealand and could potentially serve as the basis for wider industrial cooperation with European and other global partners. This could provide useful synergies with ongoing efforts in Europe to galvanize defense production and help ensure an enduring competitive edge for the wider West over potential adversaries—within NATO and with global partners.

The Global “National Technology and Industrial Base”

The national technology and industrial base (NTIB) is defined in U.S. law as “the persons and organizations that are engaged in research, development, production, integration, services, or information technology activities” in national security and dual-use areas. First established in 1994, NTIB initially included only Canada in addition to the United States. In 2016, however, United Kingdom and Australia were added, followed by New Zealand in 2022. NTIB entities may receive preference for certain limited procurement actions and may be exempted from certain foreign ownership or control/influence requirements.

The logic behind this initial expansion was to foster industrial defense cooperation among the Five Eyes allies, which already had provisions for intelligence sharing potentially required for sophisticated military projects. And the expected benefits were to leverage economies of scale, promote innovation, and increase interoperability.

Given Russia’s large-scale war of aggression against Ukraine and the longer-term challenge from China, the NTIB could be expanded further to ensure that the wider West is able to produce the military materiel required to deter and confront any security challenges. The United States and its NATO Allies have already faced stockpile constraints in providing weapons supply to Ukraine to continue waging its defense. Now, the 2024 NDAA has added Israel and Taiwan to a program started to expedite delivery and replenishment of munitions to Ukraine, which will put further pressure on existing production. The NTIB could also serve as the fulcrum to leverage European defense initiatives in light of Russia’s war of aggression.

European Defense Initiatives

The European defense landscape has long been characterized by severe under-investment and fragmentation among Member States, with less than one-fifth of investments in defense programs conducted in cooperation. In 2009, the European Union expressed its willingness to facilitate joint procurement with the adoption of procurement rules for munitions, arms, and war material in the Defense Procurement Directive. However, implementation was lacking, and most procurement contracts were still awarded without an EU-wide tender.

Continue Reading U.S. Defense Bill’s Implications for European and Global Partners

A would-be technical development could have potentially significant consequences for cloud service providers established outside the EU. The proposed EU Cybersecurity Certification Scheme for Cloud Services (EUCS)—which has been developed by the EU cybersecurity agency ENISA over the past two years and is expected to be adopted by the European Commission as an implementing act in Q1 2024—would, if adopted in its current form, establish certain requirements that could:

  1. exclude non-EU cloud providers from providing certain (“high” level) services to European companies, and
  2. preclude EU cloud customers from accessing the services of these non-EU providers.

Data Localization and EU Headquarters

The EUCS arises from the EU’s Cybersecurity Act, which called for the creation of an EU-wide security certification scheme for cloud providers, to be developed by ENISA and adopted by the Commission through secondary law (as noted in an earlier blog). After public consultations in 2021, ENISA set up an ad hoc working group tasked with preparing a draft.

France, Italy, and Spain submitted a proposal to the working group advocating to add new criteria to the scheme in order for companies to qualify as eligible to offer services providing the highest level of security. The proposed criteria included localization of cloud services and data within the EU – meaning in essence that providers would need to be headquartered in, and have their cloud services provided from, the EU. Ireland, Sweden and the Netherlands argued that such requirements do not belong in a cybersecurity certification scheme, as requiring cloud providers to be based in Europe reflected political rather than cybersecurity concerns, and therefore proposed that the issue should be discussed by the Council of the EU.

Continue Reading Implications of the EU Cybersecurity Scheme for Cloud Services