Helder Matos (master’s student in Human Rights at the School of Law of the University of Minho)

Introduction

In March 2024, the European Data Protection Supervisor (EDPS) revealed that the European Commission, the institution assuming the role of global vanguard in the matter of digital rights, violated the EU’s own data protection regulation due to its structural dependency on the Microsoft 365 ecosystem.[1]

Although the EDPS closed the case in July 2025 after the Commission updated its licensing agreements with Microsoft, this episode brings to the surface the underlying problem that this article proposes to address.[2]

Even as it received the green light to proceed with business-as-usual, the European Commission admitted its deep concerns regarding the crippling dependence on a non-European company for the digital platforms needed for normal day-to-day functioning.[3] The European Union (EU) does not control the technological infrastructure it runs on, as it is forced to negotiate the terms of its own data security with foreign corporations.

Vitória Menezes Sanhudo (master’s student in European Union Law at the School of Law of University of Minho)

The harmonisation of corporate sustainability disclosure criteria has become increasingly relevant as a guarantee of a level playing field among companies and for the efficiency of the Internal Market. In this context, Directive (EU) 2022/2464 (CSRD) amends previous provisions, aiming to promote a more standardised sustainability reporting obligation, using the double materiality principle (DMP). It is deemed as necessary to analyse the conceptual evolution of materiality, from its origin in accounting to double materiality (enshrined in the CSRD Directive), its enforcement in the Directive under consideration, to evaluate the benefits and challenges of this dual perspective from a theoretical approach and, subsequently, to assess it from a more practical viewpoint, taking into account conclusions that can already be drawn from its introduction in the CSRD Directive.

The research question is as follows: in what way does the evolution of materiality in sustainability reporting prove to be positive, particularly with the incorporation of the DMP in the CSRD?

The concept of materiality

For a complete understanding of the CSRD Directive and the DMP, firstly, it is crucial to establish the conceptual basis that underpins them: materiality as a legal principle. The concept of material information emerged in the field of accounting at the beginning of the 20^th century, and its importance and scope have expanded over the years. In the EU, the Accounting Directive[1] is the central instrument for corporate financial reporting. Generally, all definitions formulated imply that information is material when its omission or misrepresentation can influence the economic decisions of the users that this concept aims to inform and benefit. Naturally, the definition of materiality varies according to the objective pursued by the reporting.[2]

Renan Bendel Vaughan (master’s student in European Union Law at the School of Law of University of Minho and ENDE Research Grant Holder – UMINHO/BIM/2026/40)

Setting the scene: a political moment and a legal gap

The concept of hybrid threats has become one of the most frequently invoked analytical categories in contemporary European discourse in matters of security. Since its consolidation in the institutional vocabulary of the EU in sequence of the Joint Framework of 2016,[1] the expression migrated progressively from the strategic-military domain to the field of Union law, informing legislative instruments in matters of cybersecurity, critical infrastructures’ resilience and protection of the democratic institutions. However, its legal operability remains uncertain, given that the concept is invoked with increasing frequency in soft-law instruments and in policy frameworks, without this invocation being accompanied by a legal definition sufficiently precise to underpin the normative requirements placed upon it.

The Conclusions of the Council of the EU of 16 March 2026 on advancing the European Union’s capacity to counter hybrid threats constitutes the most recent institutional moment in this evolutive framework.[2] The Council of EU condemned the persistent hybrid threats of state and non-state actors aimed at compromising the security and stability of the Union and its Member States, specifically identifying the sabotage on critical infrastructures, the malicious cyber activities, the foreign information manipulation and interference (FIMI), the election interference, and instrumentalisation of migration. It called for the utmost implementation of the Directives NIS2 and CER, it highlighted the importance of the Cyber Blueprint as a mechanism of collective response and drew attention to the malicious use of emerging technologies, including AI and quantic technologies.

Ana Cardoso (PhD candidate & Master’s in European Union Law at the School of Law of University of Minho. FCT research scholarship holder – 2025.06747.BD.)

I.

On March 23, 2026 the European Commission took the final procedural step required for provisional application of the EU-Mercosur interim Trade Agreement (“iTA”), by notifying the Mercosur countries with a “note verbale”.[1] This means that as of May 1, 2026, the iTA has started being provisionally applied, despite the European Parliament’s decision to ask for the European Court of Justice’s (“CJEU”) opinion on whether the EU-Mercosur Free Trade Agreement (“EMTA”) is in conformity with the Treaties.[2]

This was possible because the EMTA is divided into two main documents: (i) the iTA covering trade liberalisation and (ii) a broader comprehensive Partnership Agreement; the first can take effect while the second faces the hurdles of full ratification.[3]

Given this somewhat unprecedented decision by the Commission – which ignores a long-standing gentleman’s agreement of institutional respect between the Commission and the Parliament – it is worth questioning if this provisional application might end up jeopardising the EU’s ambitious climate and environmental goals or if, on the other hand, the internal legal framework in this area is strong enough to prevent indirect backtracking.

Ana Filipa Ribeiro (master’s student in European Union Law at the School of Law of University of Minho and ENDE Research Grant Holder – UMINHO/BIM/2026/33)

Regulation (EU) 2023/1114 on Markets in Crypto-assets (MiCAR)[1] is the European Union’s first comprehensive framework for crypto-assets that fall outside existing financial-services legislation,[2] designed to harmonise rules across the internal market, while pursuing objectives traditionally associated with public regulation, including investor and consumer protection, market integrity and financial stability.[3] MiCAR does so in large part by placing crypto-asset service providers (CASPs) at the centre of its governance architecture. A CASP[4] is a legal person or other undertaking that is authorised and supervised as an intermediary that provides one or more crypto-asset services to clients on a professional basis, including custody and administration of crypto-assets, operation of trading platforms, exchange, execution of orders and transfers on behalf of clients.[5] In practice, CASPs set and enforce platform rules, monitor activity, restrict access, freeze, or limit the movement of assets, suspend trading and delist tokens, often in real time and on the basis of risk assessments that combine regulatory obligations and internal policies.[6] It is therefore plausible to say that these entities go beyond acting as technical conduits and participate in a form of private ordering with structurally quasi-public effects, a claim developed below.

Because CASPs control the infrastructure through which most users access crypto markets, their decisions can function as immediate constraints on market access and on effective enjoyment of asset-related interests. Crucially, these decisions often give rise to dispute’s origin, by unilaterally altering a client’s position through measures such as freezing assets, restricting transfers, suspending trading, or delisting a token.[7] The resulting conflict is then typically channelled into an internal process designed and administered by the CASP itself, with the provider acting simultaneously as rule-maker, investigator, decision-maker, and initial reviewer.[8] This concentration of functions is a familiar source of legitimacy concerns in public governance, yet it has received limited conceptual attention in the MiCAR context.

Gonçalo Martins de Matos (PhD candidate in Public Legal Sciences at the School of Law of the University of Minho | Junior Researcher at JusGov | Member of the Editorial Support of this blog)

As the Hungarian legislative elections approach, we are reminded of what is at stake for the whole of the European Union (EU). Since 2010, the Hungarian State’s democratic and Rule of Law standards have backslid, turning this Eastern European State in a de facto illiberal democracy,[1] dominated by Viktor Órban and his Fidesz party. Órban’s rule has been generally uncontested, even with European institutions increasingly drawing attention to Hungary’s severe democratic decline.[2] However, his grip on the Hungarian State has been facing rising challenges, such as several infringement procedures[3] and the activation of the Rule of Law conditionality mechanism.[4] The 2024 European Parliament elections gave challenger Péter Magyar the upward momentum to hinder Órban’s illiberal agenda and shake the foundations of his firm grasp on Hungary’s legal political system.[5]

The possibility of halting or reversing Hungary’s democratic decline is exponentiated by an infringement procedure pending before the Court of Justice of the European Union (CJEU). Case C- 769/22 Commission v. Hungary[6] is currently awaiting the CJEU’s ruling. However, when the Advocate General’s Opinion was published in June 2025,[7] we soon realised that the implications may go beyond the Hungarian case and help found what has been referred to as the justiciability of Article 2 of the Treaty on European Union (TEU). In summary, the legal argument is that the values enshrined in Article 2 TEU create concrete legal obligations for the Member States. If Member States fail to fulfil those obligations, their non-compliance can be used as grounds for launching infringement procedures, well within the ordinary competences of the CJEU. If the upcoming judgment eventually adopts the justiciability argument, we may be looking at a whole new phase of the constitutionality control carried out by the CJEU, keeping alive the aspiration of a society in which pluralism, non-discrimination, tolerance, justice, solidarity and equality between women and men prevail.

Mariana Lima Rodrigues Carneiro (Masters in European Union Law from the School of Law of University of Minho)

The deployment of xAI’s Grok chatbot has become a focal point of systemic risk within the European digital landscape. The European Commission first opened formal proceedings against X in December 2023.[1] In January of 2026, the scope of this regulatory oversight was significantly expanded under the Digital Services Act (DSA) to investigate Grok’s functionalities.[2] This investigation specifically targets risks such as the dissemination of non-consensual sexual deepfakes and antisemitic discourse. These controversies reveal a programmed tendency towards neutral language that masks structural biases within AI systems.[3]

This article explores how this systemic opacity creates an insurmountable barrier for individuals seeking legal redress against algorithmic discrimination. The core objective is to analyse the failure of the current reversal of the burden of proof mechanism, as provided by European anti-discrimination directives, when faced with high-dimensional mathematical optimisation. Ultimately, this text examines the necessity of technical solutions to harmonise automated processing with the values of justice and equality that underpin the European legal order.