The main problem, says the EC, is the lack of an ‘EU brand’ in security. This has three primary causes: fragmentation within the market (security is often defined along and controlled by 27 national, rather than one European, priorities); a gap between research and the market (the lack of a harmonized market makes R&D risky); and the ‘societal dimension’ (where, for example, concern over the conflict between security and privacy deters investment).
To overcome these problems, the EC is proposing three primary policy actions. The first is to overcome market fragmentation by creating EU wide security standards, harmonizing conformity standards and assessments, and better exploiting synergies between security and defense technologies.
The second is to reduce the gap between research and market. Four approaches are highlighted. Firstly, European funding programs are to be aligned, and better use of IPR “on fair and reasonable grounds” to be made possible. Secondly, pre-commercial procurement (PCP) by the public sector will be harmonized and made easier across Europe. The EC intends to “devote a significant part of the security research budget on this instrument,” in order to bring “together industry, public authorities and end users from the very beginning of a research project.”
Thirdly, the EC intends to use its influence to get European trading partners to make their own internal markets as open as is the European market, “and to ensure European businesses have fair access to them.”
Finally, the EC is analyzing the legal and economic implications of third party liability limitation (TPLL). It notes that the US Safety Act provides this for US companies, and has launched a tender for a study into a possible European version that “will take due account of fundamental rights' implications.”
The third step in the overall action plan is “better integration of the societal dimension” of security. Societal ‘impact checking’ will be introduced during the development phase. This will allow development and purchase to proceed with confidence that products will be “accepted by society.” And to ensure this acceptance the EC is proposing that new products be developed with ‘privacy by design’ and ‘privacy by default’ principles via “an appropriate EU standard.” While this could be seen as counter-productive to new developments, the Commission says it is “convinced that there will be strong peer pressure for companies to follow such a standard which should gain a similar recognition value as for example the ISO 9000 management standard.”
The whole purpose of this action plan, says the EC, “is to provide to the EU security industry a strong home base from which to be able to expand into new and emerging markets.” The world security market is currently estimated at around €100 billion – and the EC wants Europe to have a larger share.