Renan Bendel Vaughan (master’s student in European Union Law at the School of Law of University of Minho and ENDE Research Grant Holder – UMINHO/BIM/2026/40)

Setting the scene: a political moment and a legal gap

The concept of hybrid threats has become one of the most frequently invoked analytical categories in contemporary European discourse in matters of security. Since its consolidation in the institutional vocabulary of the EU in sequence of the Joint Framework of 2016,[1] the expression migrated progressively from the strategic-military domain to the field of Union law, informing legislative instruments in matters of cybersecurity, critical infrastructures’ resilience and protection of the democratic institutions. However, its legal operability remains uncertain, given that the concept is invoked with increasing frequency in soft-law instruments and in policy frameworks, without this invocation being accompanied by a legal definition sufficiently precise to underpin the normative requirements placed upon it.

The Conclusions of the Council of the EU of 16 March 2026 on advancing the European Union’s capacity to counter hybrid threats constitutes the most recent institutional moment in this evolutive framework.[2] The Council of EU condemned the persistent hybrid threats of state and non-state actors aimed at compromising the security and stability of the Union and its Member States, specifically identifying the sabotage on critical infrastructures, the malicious cyber activities, the foreign information manipulation and interference (FIMI), the election interference, and instrumentalisation of migration. It called for the utmost implementation of the Directives NIS2 and CER, it highlighted the importance of the Cyber Blueprint as a mechanism of collective response and drew attention to the malicious use of emerging technologies, including AI and quantic technologies.

Ana Cardoso (PhD candidate & Master’s in European Union Law at the School of Law of University of Minho. FCT research scholarship holder – 2025.06747.BD.)

I.

On March 23, 2026 the European Commission took the final procedural step required for provisional application of the EU-Mercosur interim Trade Agreement (“iTA”), by notifying the Mercosur countries with a “note verbale”.[1] This means that as of May 1, 2026, the iTA has started being provisionally applied, despite the European Parliament’s decision to ask for the European Court of Justice’s (“CJEU”) opinion on whether the EU-Mercosur Free Trade Agreement (“EMTA”) is in conformity with the Treaties.[2]

This was possible because the EMTA is divided into two main documents: (i) the iTA covering trade liberalisation and (ii) a broader comprehensive Partnership Agreement; the first can take effect while the second faces the hurdles of full ratification.[3]

Given this somewhat unprecedented decision by the Commission – which ignores a long-standing gentleman’s agreement of institutional respect between the Commission and the Parliament – it is worth questioning if this provisional application might end up jeopardising the EU’s ambitious climate and environmental goals or if, on the other hand, the internal legal framework in this area is strong enough to prevent indirect backtracking.

Ana Filipa Ribeiro (master’s student in European Union Law at the School of Law of University of Minho and ENDE Research Grant Holder – UMINHO/BIM/2026/33)

Regulation (EU) 2023/1114 on Markets in Crypto-assets (MiCAR)[1] is the European Union’s first comprehensive framework for crypto-assets that fall outside existing financial-services legislation,[2] designed to harmonise rules across the internal market, while pursuing objectives traditionally associated with public regulation, including investor and consumer protection, market integrity and financial stability.[3] MiCAR does so in large part by placing crypto-asset service providers (CASPs) at the centre of its governance architecture. A CASP[4] is a legal person or other undertaking that is authorised and supervised as an intermediary that provides one or more crypto-asset services to clients on a professional basis, including custody and administration of crypto-assets, operation of trading platforms, exchange, execution of orders and transfers on behalf of clients.[5] In practice, CASPs set and enforce platform rules, monitor activity, restrict access, freeze, or limit the movement of assets, suspend trading and delist tokens, often in real time and on the basis of risk assessments that combine regulatory obligations and internal policies.[6] It is therefore plausible to say that these entities go beyond acting as technical conduits and participate in a form of private ordering with structurally quasi-public effects, a claim developed below.

Because CASPs control the infrastructure through which most users access crypto markets, their decisions can function as immediate constraints on market access and on effective enjoyment of asset-related interests. Crucially, these decisions often give rise to dispute’s origin, by unilaterally altering a client’s position through measures such as freezing assets, restricting transfers, suspending trading, or delisting a token.[7] The resulting conflict is then typically channelled into an internal process designed and administered by the CASP itself, with the provider acting simultaneously as rule-maker, investigator, decision-maker, and initial reviewer.[8] This concentration of functions is a familiar source of legitimacy concerns in public governance, yet it has received limited conceptual attention in the MiCAR context.

Gonçalo Martins de Matos (PhD candidate in Public Legal Sciences at the School of Law of the University of Minho | Junior Researcher at JusGov | Member of the Editorial Support of this blog)

As the Hungarian legislative elections approach, we are reminded of what is at stake for the whole of the European Union (EU). Since 2010, the Hungarian State’s democratic and Rule of Law standards have backslid, turning this Eastern European State in a de facto illiberal democracy,[1] dominated by Viktor Órban and his Fidesz party. Órban’s rule has been generally uncontested, even with European institutions increasingly drawing attention to Hungary’s severe democratic decline.[2] However, his grip on the Hungarian State has been facing rising challenges, such as several infringement procedures[3] and the activation of the Rule of Law conditionality mechanism.[4] The 2024 European Parliament elections gave challenger Péter Magyar the upward momentum to hinder Órban’s illiberal agenda and shake the foundations of his firm grasp on Hungary’s legal political system.[5]

The possibility of halting or reversing Hungary’s democratic decline is exponentiated by an infringement procedure pending before the Court of Justice of the European Union (CJEU). Case C- 769/22 Commission v. Hungary[6] is currently awaiting the CJEU’s ruling. However, when the Advocate General’s Opinion was published in June 2025,[7] we soon realised that the implications may go beyond the Hungarian case and help found what has been referred to as the justiciability of Article 2 of the Treaty on European Union (TEU). In summary, the legal argument is that the values enshrined in Article 2 TEU create concrete legal obligations for the Member States. If Member States fail to fulfil those obligations, their non-compliance can be used as grounds for launching infringement procedures, well within the ordinary competences of the CJEU. If the upcoming judgment eventually adopts the justiciability argument, we may be looking at a whole new phase of the constitutionality control carried out by the CJEU, keeping alive the aspiration of a society in which pluralism, non-discrimination, tolerance, justice, solidarity and equality between women and men prevail.

Mariana Lima Rodrigues Carneiro (Masters in European Union Law from the School of Law of University of Minho)

The deployment of xAI’s Grok chatbot has become a focal point of systemic risk within the European digital landscape. The European Commission first opened formal proceedings against X in December 2023.[1] In January of 2026, the scope of this regulatory oversight was significantly expanded under the Digital Services Act (DSA) to investigate Grok’s functionalities.[2] This investigation specifically targets risks such as the dissemination of non-consensual sexual deepfakes and antisemitic discourse. These controversies reveal a programmed tendency towards neutral language that masks structural biases within AI systems.[3]

This article explores how this systemic opacity creates an insurmountable barrier for individuals seeking legal redress against algorithmic discrimination. The core objective is to analyse the failure of the current reversal of the burden of proof mechanism, as provided by European anti-discrimination directives, when faced with high-dimensional mathematical optimisation. Ultimately, this text examines the necessity of technical solutions to harmonise automated processing with the values of justice and equality that underpin the European legal order.

Robert Junqueira [Executive Coordinator of the Research and Scientific Careers Bureau of the Research Centre for Justice and Governance (JusGov)] [1]

As AI systems are developed and used by a wide range of individuals and organisations – not least military bodies, as recent events in Iran attest[2] –, it can become unclear who is responsible when something goes wrong. At its core, the debate surrounding responsibility for harm caused by a system (biological or otherwise) with a fractured or nonexistent legal personality is not unprecedented. Well before the age of algorithmic governance, legal and moral reasoning laid considerable groundwork for determining liability under circumstances wherein the link between intent and outcome is obscured by technical artefacts, chains of command, organisational setups, and status-based asymmetries.

In ancient Rome, for instance, legal issues around agency and liability were frequently addressed, prompting the legal order to evolve and respond with gradually emerging solutions. While not necessarily providing us with ready-made schemes, such precedents nonetheless draw our attention to the fact that legal issues involving responsibility have traditionally arisen and remedies were found as a result of incremental steps rather than by means of abrupt, one-off changes. This fact, the problems faced by our ancient peers, and the ways in which they managed them, offer valuable lessons and useful models when tackling today’s pressing AI regulatory challenges.[3]