From Westphalia to San Francisco: A cyber and digital perspective on the changing nature of European diplomacy and transatlantic relations

Oisín Herbots Interviews

Gerard de Graaf is no stranger to EU digital policies. He serves as EU Senior Envoy for Digital to the US and currently heads the EU Office in San Francisco. Prior to his recent appointment, de Graaf was Director responsible for the Digital Services and Digital Markets Acts in the Directorate-General for Communications Networks, Content and Technology, and co-chaired two of the EU-US Trade and Technology Council (TTC) working groups. In an EU career that has spanned more than 30 years, Gerard de Graaf is a veritable fount of knowledge on EU digital policies and negotiations.

Diplomacy is changing. A decade ago, European diplomats tended to focus on fields such as trade policy, development aid and peace negotiations. Today, diplomats are specialising in areas such as cyber, digital and green diplomacy. Last July, the EU stressed that ‘Digital Diplomacy become a core component and an integral part of the EU external action’ and it encouraged strengthening multilateral, regional and multi-stakeholder relationships. Two months later, the EU opened an office in San Francisco – home to the world’s largest tech companies.

To better understand the Office’s contributions to changing the nature of European diplomacy and its role within the wider context of transatlantic digital and cyber relations and regulations, the Directions blog spoke with Gerard de Graaf, Head of the EU Office.

Similar goals, different approaches – EU & US digital regulations and relations

The interview commenced with a question regarding de Graaf’s thoughts on the current state of EU-US relations. Taking a broader perspective, de Graaf pointed out that there are many risks, tensions and threats menacing the world. In California, Indo-Pacific geopolitical tensions and diverging future democratic and authoritarian digital models rank high on the figurative ‘risk list’. Replying to a follow-up question on whether the war in Ukraine had strengthened EU-US relations, de Graaf answered positively and stressed that it is ‘of vital importance that the EU and US stick together’ because ‘if the EU and US fell out, that would be a very bad situation with unpleasant consequences that both sides understand well’.

Moving on to the specific ties and tensions of EU-US digital relations, we enquired as to how the EU’s landmark Digital Services Act (DSA) and Digital Markets Act (DMA) compare with US policy initiatives. de Graaf’s response made a distinction between the objectives of the EU regulations and the regulations themselves. ‘There is a high degree of convergence between the EU and US on the big picture digital objectives’, he noted. Referring to the jointly prepared 2022 Declaration on the Future of the Internet, the digital policy principles agreed in the TTC and President Biden’s Wall Street Journal op-ed, de Graaf argued that the US government shares many of the same objectives of the DSA and DMA, like promoting safety, making digital markets contestable and defending fundamental values and democracy. de Graaf also singled out AI as an area where the EU and US have similar regulatory objectives: the ‘[US] AI Bill of Rights is a carbon copy of the [EU] AI Act. The only difference is that the AI Bill is voluntary whereas once the EU AI Act is adopted, it will become a binding piece of legislation’.

Gerard de Graaf, Senior Envoy for Digital to the U.S. and head of the EU office in San Francisco

However, when it comes to the form – the actual regulating or the ‘how do you do it’ – de Graaf went on to say that the EU and US tend to follow diverging paths, at least for now. The EU has already taken steps to regulate Big Tech with the DSA and DMA and ‘there is more coming down the pipeline: for example, the Data Act, Cybersecurity Act, Resilience Act, AI Act and the digital wallet. The EU has the capacity and the political will to translate its vision and its objectives in the digital space through binding legislation – the US does not have said capacity at this stage. Historic, legal traditions and political division in Washington, DC explain why the US is taking a different approach from the EU’.

Bay watch – an EU Office perspective on upcoming US tech regulation

Intrigued by de Graaf’s previous remarks, the subsequent question inquired as to the likelihood of US Congress passing legislation to regulate Big Tech, given that the two parties agree regulations are needed, but disagree over the aim and scope of such regulations. de Graaf commented: ‘Everything is possible, but the odds are against anything happening in the near future. If something were to happen, it would be around privacy and the protection of minors, rather than the wholesale approach that is being taken in the DSA and DMA’. He also raised the fact that the upcoming US primary and presidential elections will soon dominate the legislative agenda, much like the upcoming 2024 EU Parliamentary elections.

It is at the state level that de Graaf sees interesting developments occurring. ‘States have taken over regulatory leadership in light of the gridlock in Washington. California has been regulating in the areas of social media and privacy – not dissimilar from GDPR’. The Golden State has already passed laws on online age verification and is in the process of preparing a bill on AI. Because of its size and influence, there is a ‘California effect’ in the US as many other states follow its lead, much as there is a ‘Brussels effect’ globally.

Posing a follow-up question, we asked if any action is expected from the Department of Justice (DOJ) or the Federal Trade Commission (FTC), and whether such legal decisions could have an impact beyond the US. ‘There might be some action, but agencies’ actions are not horizontal – they act on the strength of a particular mandate’, de Graaf said, admitting that while he would be surprised if nothing came out of the FTC or DOJ, what exactly to expect is hard to predict. The agencies might come under pressure to act when, for example, the DSA and the DMA confer benefits on European business and/or end-users that would not be available to their American counterparts.

 The Bay, the DSA and the DMA – The art of EU digital diplomacy

With the upcoming entry into force of the DSA and DMA, we asked de Graaf how the US views these landmark pieces of EU legislation and how the EU Office in San Francisco is promoting the merits of both laws while dispelling misconceptions surrounding them. de Graaf explained that there is not a single unified American perspective on the DSA and DMA, instead, there are three distinct groups each with their own unique view and understanding of the EU laws.

The first group de Graaf identified are the very large companies that fall within the scope of the DSA and DMA – i.e. ‘Big Tech’. This group, he reveals, ‘perfectly understands the legislation, they know the measures have been adopted, and they are seriously preparing for implementation because they know it’s the law of the land. There is no discussion amongst this group now and no wishing that it were different, even if they are not particularly fond of these new regulations. Because the EU is very important for them, they will comply’.

The second group de Graaf named is society, though not the proverbial ‘average American’, but an informed insider from academia and civil society. ‘This group is asking many of the same questions that we [the EU] have been asking about how you make the markets fairer, the internet safer, defend democracy and protect children and other vulnerable groups’. Part of this group includes businesses that suffer from the market power and lack of fairness of gatekeepers, and who hope that EU action, particularly under the DMA, will help create greater opportunities for innovation. de Graaf recounts that ‘many people are saying that the Europeans have a point and that its digital regulations are not stupid’. He notes that the EU Office in San Francisco is regularly in touch with academia and civil society in Silicon Valley and the State Legislature in Sacramento, where there is a lot of respect for what the EU is doing. Although de Graaf has encountered some disapproving Libertarians who believe government should stay as far away from the market as possible, he finds that there is interest in and broad support for what the EU is doing – ‘to the point that there are some that pin their hopes on the Europeans to resolve the problems that America is not politically capable of solving itself’.

However, de Graaf acknowledged that ‘the DSA and DMA are very comprehensive, conceptual, systemic approaches that might not even fit into the legal tradition of the US, which tends to focus on specific problems’. In other words, the DSA and DMA take a European approach that is more holistic in nature and not something Americans would likely follow: their approach is driven by problem solving. de Graaf added that ‘even if this informed insider group agrees with the EU’s analysis, it doesn’t mean they would come up with the same solution’.

The third group concerned with the DSA and DMA is the DC political cluster. de Graaf revealed that there are occasional accusations of the EU targeting American companies. All in all, many in Congress probably believe that Big Tech should be regulated, however, Republicans and Democrats diverge on how to do this. Some have described this as ‘Republicans wanting social media to keep everything up and Democrats wanting them to take everything down’. The challenge for the EU, de Graaf outlined, is that ‘if we regulate the internet and Big Tech, many tend to be US companies because they are some of the biggest who are highly successful in Europe. We wish it to be different, and hope that in the future there will be more digital European champions in the internet space’. However, de Graaf stressed that these regulations are not extraterritorial, as they apply only to activities within the EU Single Market, nor is the EU singling out US companies for regulation given that EU, and other non-EU (e.g. Chinese) companies will have to comply.

Behind the Bay – Big Tech, big differences

After discussing Big Tech and digital regulations at length, we raised the issue of whether these companies act as a monolithic, or likeminded, group that share the same interests in opposing digital regulations. de Graaf thinks not. He deflated the idea that Big Tech is one big homogenous group teaming up against the EU. He also admitted that ‘while they may have joint concerns about DSA and DMA, they are also competitors and are very keen that the full effects of said legislation apply to their competitors’.

When asked about how the EU Office organises meetings with Big Tech, de Graaf revealed that, ‘unlike in Brussels, where it is possible to gather Big Tech in a room and have a discussion, you’ll be hard pressed to get these companies in the same room in San Francisco’. All EU Office meetings are bilateral because Big Tech companies do not like to talk in the presence of their competitors. Yet another sign, de Graaf pointed out, that these companies like to see themselves as individuals.

Bridging Brussels & the Bay – The role of the EU Office

The work of diplomats can be metaphorically compared to bridge building. We asked de Graaf what the main purpose of the EU Office is, how it goes about promoting EU digital policies, and if he or his team have been successful in building any bridges between Brussels and ‘The Bay’.

The Head of the EU Office responded by pointing out some of the obvious reasons why the EU needs officials in San Francisco: geography. California is ‘far far away’ from Brussels. There is a distance of more than 9,000 kilometres and a nine-hour time difference between Brussels and California. The Bay’s business day begins when Brussels’s ends. Further justifying the need for the EU Office, de Graaf acknowledged that, ‘Culturally on the West Coast, people don’t think much about the EU, they tend to focus more on the Pacific, so it is necessary for the EU Office to be in California to explain what we are doing. Otherwise, people make up their own minds and fill the void with caricatures, myths and misunderstandings – such as: Europe is killing innovation because they can’t compete in technology so they regulate’. In other words, de Graaf clarified, one of their main aims is ‘to make sure that the EU’s voice is heard, to tell people what the EU is doing in the digital sphere, why it is doing this, and what the impacts will be’. However, the inverse is also true: like an EU delegation, the EU Office feeds information back to Brussels. ‘We are the eyes and ears of the EU on the ground and we can learn a lot from Silicon Valley and the US West Coast, which remains a dynamic and vibrant region’, de Graaf stated.

Building on our conversation, we asked de Graaf if the EU Office is in touch with Big Tech firms over their global employee layoffs and the implementation of the DSA and DMA. On DSA compliance, he clarified that it is the Directorate-General for Communications Networks, Content and Technology (DG CONNECT) that enforces the DSA, and DG CONNECT and the Directorate-General for Competition that enforce the DMA. The EU Office will support these DGs but, ‘it is not a sheriff outpost enforcing the DSA and DMA’. Furthermore, de Graaf noted that companies are responsible for having adequate resources to comply with the DSA; the EU is not micromanaging these companies with specific employment mandates. When it came to job losses in the tech world, de Graaf expected that many of the people who have lost their jobs due to Big Tech’s post-COVID downsizing would find other jobs. Furthermore, Big Tech companies, apart from a few exceptions, have informed the EU Office and policymakers in Brussels that their safety and security teams will be protected against job cuts as much as possible.

Aware of de Graaf’s involvement in the Trade and Technology Council (TTC), we asked how successful it has been and if the EU Office is contributing to it in anyway. de Graaf affirmed that the TTC has been successful in a number of areas, from cooperation on AI, common standard-setting, and promoting market access to coordinating export controls and sanctions on Russia. This is due to the TTC’s format, which fostered familiarity and close personal relations between officials on the other side of the Atlantic, allowing for quick coordination. de Graaf describes this familiarity, or the ability to ‘know who to call to avoid surprises’, as a soft output of the TTC.

On dealing with other digital issues in the TTC, de Graaf said that, ‘we are learning from each other’ and that a lot of coordination is taking place not only on DSA and DMA but also on topics such as semiconductors, quantum, AI and making AI technologies and digital investments more available to the Global South. However, he reaffirmed divergences in the EU and US approaches to digital regulation and digital standards. Whereas the US tends to adopt voluntary, industry-set standards, the EU sees standardisation as part of a legislative approach and a condition to market entry. He noted that the EU Office contributes to TTC by helping to spread knowledge and bring the right people to the negotiating table, for example, on the issue of protecting minors online, which is a top priority in both the EU and the US.

Beyond the Bay – the future of EU digital diplomacy

What lies ahead for this model of digital diplomacy? We asked the Head of the EU’s first diplomatic tech-oriented office whether the EU might open similar digital delegations in cities such as Shenzhen or Bengaluru, building on the success stories of the San Francisco Office. de Graaf pointed out that he clearly sees the future of the EU Office entwined with the changing nature of diplomacy: ‘old diplomacy is focused on security and trade and political affairs, while new diplomacy is around digital, health, climate change, immigration’. He elaborated further, stating that, ‘the job of a diplomat is changing rapidly, and it’s why the EU has chosen to set up an office outside of the capital, so that we [EU Office] can keep an eye on what happens in, for example, AI, chips, quantum, cyber security and extended and immersive reality, while promoting mutually beneficial cooperation and keeping Brussels abreast of technological innovation’. Sharing his final thoughts on this question, de Graaf acknowledged that, ‘the EU Office is a pilot and if it works well for the EU, particularly for the EU here in San Francisco, it could be possible in other major economies such as India and China, with their very large regional tech centres. It is definitely something that the EU will reflect on. And of course, between reflecting and doing, there will need to be time and further considerations that come into play’.

Thumbnail image: Credits to @Pedro Gandra on Unsplash


About the Author

Oisín Herbots

Oisín Herbots is an Administrative Officer in the Cyber Security Policy Unit in the Irish Department of Justice. He is primarily involved in developing Ireland’s cybercrime policy and regularly represents Ireland at international cybercrime fora and negotiations. Oisín was a former International Cyber and Digital Trainee for the European Union Institute for Security Studies (EUISS).

Share this Article