EUInternationalDigitalStrategy
BDI’s Recommendations for Shaping the EU’s Global Digital Role
21 May 2025
Executive Summary
The global digital transformation is progressing at unprecedented speed and scale – increasingly shaped by geopolitical fault lines, fragmented regulatory regimes, and rising competition for technological leadership. In this context, the BDI welcomes the European Commission’s initiative to develop a coherent external digital agenda for the EU by issuing a “Joint Communication on an International Digital Strategy”. The EU must assert itself as a global digital actor – not only through regulation, but foremostthroughastrategic,value-drivenandindustry-orientedexternaldigitalpolicy.Additionally,the EUhastounderpinsuchastrategywiththeappropriatefundingmechanismsprovidingunbureaucratic and efficient support to competewith the huge investment programs adopted by global competitors.
From the perspectiveofGermanindustry,internationaldigital policy isnot aperipheralissuebut akey pillar of economic resilience, technological sovereignty, and long-term competitiveness. The EU must engage with international partners through strategic alliances, promote international standards and shape global digital governance – all while ensuring open markets, secure infrastructure, andresilient supply chains.
Todeliveronthesegoals,theEU’sapproachmustgobeyondhigh-leveldeclarations.Thetransatlantic TradeandTechnologyCouncil(TTC) has demonstratedboththe potential andthelimitations ofdigital diplomacy: numerous working groups and dialogues have been launched, but tangible outcomes remainlimited.Thus,futurecooperationsshouldshiftfrompolicyannouncementtopolicydelivery.Moreover, a closer involvement of key stakeholder groups, such as businesses and civilsociety, is crucial.
This requires a clear prioritization of action, structured public-privatecollaboration, and a stronger link between the EU’s external digital agenda and its overall industrial competitiveness. In particular, the BDI recommends:
Geopolitical diversification of digital supply chains and partnerships, while fostering the traditionally strong transatlantic and intra-EU relations.
Afocusonareasonabletechnologicalsovereignty,includingthroughinitiativeslikeEuroStack, to reduce dependency on critical digital infrastructures and technologies.
Theformationand deepeningofstrategicallianceswithpartner countries,grounded inshared principles and concrete cooperation.
An implementation-oriented governance model for international digital policy, involvement of private-sector actors, and better coordination across EU institutions and Member States.
The following pages outline concrete measures on AI, connectivity, cybersecurity and data.
1. ArtificialIntelligence
International cooperation on digital policies becomes increasingly significant with the rise of highly complex Artificial Intelligence (AI) systems. Internationally operating businesses face difficulties in compliance as soon as competing frameworks and legislation enforce contradicting regulations. The FederationofGermanIndustries(BDI) callsforandwillsupportinternationalcooperationandplanning certainty. Business-friendly, unbureaucratic, harmonized, and trustworthy legal frameworks with riskbasedandtechnology-neutral approaches to AIarevitalfor athriving,competitive,globallyconnected and innovativeEUindustry sector.TheEuropeanUnionneedstodevelopan influentialroleininternational AI governance structures. Cooperation, innovation-driven leadership and strong participation of state and non-governmental actors are key factors for an AI regulatory framework that enables EU enterprises to compete onthe international stage.
German industry calls on legislators to address the following measures in the process of developing future-proof and balanced international AI governance:
Ensureharmonizedlegislationwithcomplementaryframeworksrather thancompetingregulation to safeguard a consistent level playing field, enable innovation, and mitigate risks across markets.
Maintain an open regulation that does not give preference to any particular technology. Minimizing the negative impacts for society and environment while maximizing the development and application of innovative AI products and AI based solutions, is only possible by keeping toarisk-basedAIregulationapproach.Keeplegislationproportionateandnon-bureaucraticto minimize administrative burdens and foster innovation - the reporting obligations for companies should be kept to a minimum. The same applies to the regulatory framework on product liability. An AI liability directive will not contribute to the aforementioned objectives – a withdrawal by the EU Commission is therefore strongly supported.
Internationally align definitions, sub-categories, terminologies, taxonomies, and ontologies on already existing wording – such as the one provided by the OECD.
Promote AI awareness by reinforcing AI literacy, skilled labor and holistic approaches to the whole AI ecosystems, including the strengthening of semiconductor supply chains and HPCprograms.
Promoteawareness oncybersecurity for AI(on data,training,models) as well as theopportunities of AI for cybersecurity.
Develop international, technical-sound, performance-based standards for an inclusive ethical use of AI, promoting democratic values, and providing legal certainties to EU companies. Strengthening European participation and representation in internationalstandardization bodies.
2. Connectivity
Connectivityplaysamajorroleforallindustriestodayandwill onlygrow inimportanceinthefuture,as the economy becomes even more digitalized and integrated. The reason for this lies in the increasing relevance of technologies and business models, which require high quality digital infrastructure. This
trend is also visible on a macroeconomic level. The report “Shaping the digital transformation in Europe”, which was published in 2020 by the European Commission1, has shown that by 2030, the cumulativeadditionalGDPcontributionofnewdigitaltechnologiescouldamounttoEUR2.2trillioninthe EU-28 (EU-27 and the United Kingdom)1.The report also identifies high-impact technologies that will shape the EU’s economy and society. If a closer look is taken at the technologies identified, it can be seen that digital infrastructure is central to practically all of them. Whether it's AI, cloud computing or autonomousvehicles,allofthesetechnologiesrequireresilientnetworksthatprovideahighbandwidth and reliability as well as low latency. Additionally, the next generation of mobile networks, 6G, will go beyond traditional communication to unlock new fields of application.
This importance of digital infrastructure is rightly reflected in theEuropean Commission’s recent focus onenhancingtheresilience ofunderseacableinfrastructure–thephysicalbackboneofglobalinternet connectivity. The EU Action Plan on Cable Security appropriately highlights the need for coordinated prevention, detection, response, and deterrence measures across Member States. It also foresees stronger cooperation with established security partners such as NATO and the G7, as well as the development of joint surveillance and repair capacities. To achieve technological leadership early on, ensure technological sovereignty and provide secure connectivity in Germany and the EU, German industry urges the European Commission to consider the following recommendations when drafting the European Union’s Internation Digital Strategy:
Itisessentialtoactivelypromotethedevelopmentof6Gtechnologyasaglobalindustrystandard and to continue collaboration with relevant international partners and organizations. For example,thetransatlanticcooperationon6G launchedwithinframeworkssuchasTransatlanticTradeandTechnologyCouncil(TTC)shouldbeintensified,andtheEuropeanTelecommunications Standards Institute(ETSI) should be further strengthened.
Equally important is enabling industrial players to participate in international standardization activitiesofconnectedtechnologiessuchas 5Gand6G.Sincethesetechnologiesoftenserve merely as enablers rather than a core business activity, many companies require appropriate support mechanisms to contribute meaningfully to standard-setting processes. Therefore, it is essentialthattheEuropeanUnionfacilitates broadindustryinvolvementtogetherwithitsinternational partners to ensure that 6G becomes usable across vertical industrial applications.
Time-Sensitive Networking (TSN), whencombined with emerging wireless standards such as Wi-Fi7andtheanticipatedWi-Fi8,playsanimportantroleinadvancinggloballyinteroperable industrialapplications.StandardizedTSN-over-Wi-FitechnologiesareenablersofIndustry4.0 solutions, allowing real-time automation and smart manufacturing while increasing flexibility. Strengthening Europe’s role in the global standardization of deterministic communication protocols – in coordination with international partners – will be key to ensuring resilience and security of digitalindustrial infrastructure.Therefore, anchoringTSNinglobalframeworks and supporting European industry’s participation in shaping these standards is crucial.
Reducing bureaucracy at the EU level in funding programs, increasing the efficiency of resource use, and raising overall funding volumes is crucial. Only in this way can national and Europeanfundingprogramseffectivelysupportthecreationofthedigitalnetworksofthefuture and remain competitive in light of the massive investment programs of global rivals.
1 EuropeanCommission. 2020. Shaping the digital transformation in Europe.
WhiletheEU ActionPlanonCableSecurityrightlyemphasizesstrengthenedcooperationwith NATO,the G7,strategicpartners,and third countries, the EU should also use its International DigitalStrategy toactivelyextenditscablediplomacytoemergingeconomiesandlike-minded partnersintheIndo-Pacific,Africa,andLatinAmerica.Thisincludesembeddingcablesecurity into Digital Partnerships and ensuring active industry involvement in the development and implementation of global cable resilience standards.
Overall, the European Union must ensure in its international cooperation (e.g.in its digital dialogues) that, like 5G, 6G andTSN (WiFi7 and WiFi8), areestablished as aglobalstandardthrough jointinternational standardization efforts and promote secure backbone connectivity in order to safeguard the interests of the EU industry worldwide and tolay the groundwork for scalable applications.
3. Cybersecurity
Increasing global digital interconnectedness also leads to a steady rise in cyber-attacks on public institutions,civilsocietyandbusinesses.Theannualdamagecausedbycyber-attackstoGermanindustryaloneamountedto178.7billionEuroslastyear.2 Forbusinesses,cybercrimeincreasinglybecomes anexistentialthreat.Therefore,GermanindustrysupportstheEuropeanCommissioninenhancingthe cyber-resilience of both entities and products through dedicated regulatory acts. However, in light of the global digital interconnectedness, regional solutions are not sufficient to counter globally oriented threat actors. Since nine in ten companies assume that the number and intensity of cyber-attacks is expected to rise significantly in the coming years, the European Commission should enhance its cooperationwith international partners to counter the repercussions of cybercrime.
Toenhanceglobalcyber-resilience,GermanindustryurgestheEuropeanCommissiontoconsiderthe following recommendations when drafting the European Union’s Internation Digital Strategy:
Effortstoenhancethecyber-resilienceofproductsandentitiesarecurrentlyhighlyfragmented. For example, over 150 nations have their own cybersecurity and data protection regulations, making it especially difficult for multinational companies to navigate the web of multiple intersectingandoverlappinglaws.3 Inaddition,severalnationsarestillintheprocessofdeveloping their own frameworks. In these regulatory frameworks, there are huge discrepancies in the definitionof“criticalinfrastructures”and“incidents”.Thisrisingregulatory complexity results in additional compliance costs for companies without enhancing the cyber-resilience of companies,publicentities,or societywrit large.Rather, itforcescompanies to invest scarceITsecurity personnel to adapt their internal security processes according to local, national or supranational requirements, rather than hardening their systems and products. Consequently, the European Commission should leverage international digital partnerships as well as other cooperations, such as the EU-India Trade and Technology Council, to minimize the regulatory hotchpotchbystreamliningdefinitions,consistentlyimplementinginternationalstandards,such as ISO 27001, and sharing best practices.
Sharinginformationofcurrentcyberattackvectorsiscrucialtoenhanceglobalcyberresilience. Companies are currently confronted with a divergent scope of reportable incidents across countries – both inside the EU (due to the fragmented implementation of the NIS-2-Directive)
2 Bitkom. 2024. Wirtschaftsschutz 2024. https://www.bitkom.org/Presse/Presseinformation/Wirtschaftsschutz-2024
3 B20 India. 2023. Digital Transformation. https://api.b20india2023.org/b20docs/c7f5ce5f-d0c0-4f8d-b038-2e4d74c1da8c.pdf
as well as at a global scale, with some requiring reporting beyond significant incidents and others applying different cross-border impact criteria. Consequently, rather than focusing on incidentpreventionandmitigation,companieshavetoinvesthugefinancialandorganisational resources in fulfilling reporting requirements. The European Commission – together with its international partners – should develop common cyber incident reporting requirements both within the framework of Trade and Technology Councils as well as International Digital Partnerships.
Enhancingan organization’scyber-resiliencerequires up-to-datethreatinformation. Aspeedy exchangeofinformationaboutnewattackandthreatvectorsisparamountforaneffectiveand timely response to new cyber threats. At the same time, globally various platforms exist to exchange information about cyber-incidents as well as vulnerabilities. Often, information silos exist between platforms since they are mostly not interlinked, which hampers the speedy strengtheningofcompanies’andstates’cyber-resilience.Thisprovidesmaliciouscyberactors with a significant advantage. To efficiently enable companies to mitigate cyber threats, the European Commission should enhance its threat information sharing with international partners. Such information should also be made available to companies in a timely manner to ensure that they can protect themselves against current threats.
Currently, theEUis workingtowards the introduction of horizontalcybersecurity requirements forallproductswithdigitalelementswithintheframeworkoftheCyberResilienceAct.Producersofproductswithdigitalelementswillhavetoassesstheconformityoftheirproductsagainst European or international technical standards or will even have to obtain a certification by a thirdparty.Atthesametime,internationalpartners,suchasthe UnitedStates,aredeveloping security-by-design and security-by-default principles and practices as the baseline for products. For manufacturers and developers of such hardwareand software products, internationally recognised standards against which such products have to be tested as well as globally accepted labels is of utmost importance. To reduce the time to market as well as costs for conformity assessments, the Commission should integrate in international digital agreements mutual-recognition clauses for product-related cybersecurity labels and certifications, such as those pursuant to the Cyber Resilience Act. A fragmentation of cybersecurity requirements and respective labels for products must be avoided to support international trade.
As part of its International digital efforts, the European Commission – together with i. a. the EuropeanUnion’scybersecurityagencyENISAaswellasnationalauthorities,suchastheBSI – should contribute to international standardization organizations. By having a stronger footprint in international standardization bodies, the EU could counter the ever-increasing dominance of Chinese actors in such organizations. In addition, the EU should always reference respective standards in digital legislative acts.
Germanindustry welcomes official cybersecurity formats betweenthe EU and its international partners, such as the US-EU-Cyber-Dialogue, as they offered structured exchanges on a range of topics, including updates on respective cyber policy frameworks, cooperation in multilateral fora, cyber diplomacy and deterrence, collaboration on crisis response, resilience as well as capacity building in third countries. German business would appreciate, if apart from government officials, business representatives were also allowed to join this format. Companiescouldprovidedirectinputontheircyber-resiliencestrategiesandshareknowledgedirectly with European and international counterparts.
4. Data
Theuseandexchange ofdataplaysacrucialroleinthedigitalizationofindustry.Notonly consumers, but also companies are producing data (“Internet of Things”). Data is increasingly becoming the raw material for new services and business models. The size of the Internet economy is expected to more than double for the G20 economies, with an even higher growth rate for developing countries. This data production has a significant impact on companies and their production processes. In the age of digitalisation, production and trade are highly dependent on the increasing ability to transport, store and use digital information (data) across borders while protecting sensitive data as a core know-how of companies. The use of data facilitates, for example, the coordination of international production processes along global value chains. Small and medium-sized enterprises (SMEs) will have easier accesstoglobalmarkets,andlargerfirmswillalsobenefitfromincreasinglydigitalisedoperations.The transfer of personal data to and from headquarters, for example, the sending of data to research and development (R&D) institutions abroad and after-sales services will be simplified.
German industry calls on legislators to address the following measures in the EU digitalstrategy
Cross-border data exchange is often hampered by protectionist laws in third countries. As a result,inimportantthirdmarketsEUcompaniesarediscriminatedagainstinanunjustifiedway in relation to their competitors. It is therefore important to counter these protectionist tendencies comprehensively through trade agreements and other international arrangements and to strengthen free trade while ensuring that industrial know-how is protected.
Companies need legal certainty for the international transfer of personal data. Therefore, the adoption of adequacy decisions in accordance with Art. 45 GDPR must, therefore, be further developed.
Develop international, industry-driven standards for data exchange, e.g. via data spaces. Strengthening European participation and representation in international standardization bodies.
Support the concept of freedom of contract in order to foster innovative industry business modes, especially in cross-border context.
Imprint
Federation of German Industries e.V. (BDI)
Breite Straße 29, 10178 Berlin www.bdi.eu
T: +49 30 2028-0
Registered at the German Bundestag: R000534
Registered in the EU’s Transparency Register: 1771817758-48
Editors
Philipp Schweikle
Senior Manager, Digitalisation and Innovation
T: +49 30 2028-1632
P.Schweikle@bdi.eu
Steven Heckler
Deputy Head of Department, Digitalisation and Innovation
T: +49 30 2028-1523
S.Heckler@bdi.eu
PolinaKhubbeeva
Senior Manager, Digitalisation and Innovation
T: +49 30 2028-1586
P.Khubbeeva@bdi.eu
Dr. Michael Dose
Senior Manager, Digitalisation and Innovation
T: +49 30 2028-1560
M.Dose@bdi.eu
BDI document number: D2089