Helder Matos (master’s student in Human Rights at the School of Law of the University of Minho)

Introduction

In March 2024, the European Data Protection Supervisor (EDPS) revealed that the European Commission, the institution assuming the role of global vanguard in the matter of digital rights, violated the EU’s own data protection regulation due to its structural dependency on the Microsoft 365 ecosystem.[1]

Although the EDPS closed the case in July 2025 after the Commission updated its licensing agreements with Microsoft, this episode brings to the surface the underlying problem that this article proposes to address.[2]

Even as it received the green light to proceed with business-as-usual, the European Commission admitted its deep concerns regarding the crippling dependence on a non-European company for the digital platforms needed for normal day-to-day functioning.[3] The European Union (EU) does not control the technological infrastructure it runs on, as it is forced to negotiate the terms of its own data security with foreign corporations.

Vitória Menezes Sanhudo (master’s student in European Union Law at the School of Law of University of Minho)

The harmonisation of corporate sustainability disclosure criteria has become increasingly relevant as a guarantee of a level playing field among companies and for the efficiency of the Internal Market. In this context, Directive (EU) 2022/2464 (CSRD) amends previous provisions, aiming to promote a more standardised sustainability reporting obligation, using the double materiality principle (DMP). It is deemed as necessary to analyse the conceptual evolution of materiality, from its origin in accounting to double materiality (enshrined in the CSRD Directive), its enforcement in the Directive under consideration, to evaluate the benefits and challenges of this dual perspective from a theoretical approach and, subsequently, to assess it from a more practical viewpoint, taking into account conclusions that can already be drawn from its introduction in the CSRD Directive.

The research question is as follows: in what way does the evolution of materiality in sustainability reporting prove to be positive, particularly with the incorporation of the DMP in the CSRD?

The concept of materiality

For a complete understanding of the CSRD Directive and the DMP, firstly, it is crucial to establish the conceptual basis that underpins them: materiality as a legal principle. The concept of material information emerged in the field of accounting at the beginning of the 20^th century, and its importance and scope have expanded over the years. In the EU, the Accounting Directive[1] is the central instrument for corporate financial reporting. Generally, all definitions formulated imply that information is material when its omission or misrepresentation can influence the economic decisions of the users that this concept aims to inform and benefit. Naturally, the definition of materiality varies according to the objective pursued by the reporting.[2]

Renan Bendel Vaughan (master’s student in European Union Law at the School of Law of University of Minho and ENDE Research Grant Holder – UMINHO/BIM/2026/40)

Setting the scene: a political moment and a legal gap

The concept of hybrid threats has become one of the most frequently invoked analytical categories in contemporary European discourse in matters of security. Since its consolidation in the institutional vocabulary of the EU in sequence of the Joint Framework of 2016,[1] the expression migrated progressively from the strategic-military domain to the field of Union law, informing legislative instruments in matters of cybersecurity, critical infrastructures’ resilience and protection of the democratic institutions. However, its legal operability remains uncertain, given that the concept is invoked with increasing frequency in soft-law instruments and in policy frameworks, without this invocation being accompanied by a legal definition sufficiently precise to underpin the normative requirements placed upon it.

The Conclusions of the Council of the EU of 16 March 2026 on advancing the European Union’s capacity to counter hybrid threats constitutes the most recent institutional moment in this evolutive framework.[2] The Council of EU condemned the persistent hybrid threats of state and non-state actors aimed at compromising the security and stability of the Union and its Member States, specifically identifying the sabotage on critical infrastructures, the malicious cyber activities, the foreign information manipulation and interference (FIMI), the election interference, and instrumentalisation of migration. It called for the utmost implementation of the Directives NIS2 and CER, it highlighted the importance of the Cyber Blueprint as a mechanism of collective response and drew attention to the malicious use of emerging technologies, including AI and quantic technologies.

Ana Cardoso (PhD candidate & Master’s in European Union Law at the School of Law of University of Minho. FCT research scholarship holder – 2025.06747.BD.)

I.

On March 23, 2026 the European Commission took the final procedural step required for provisional application of the EU-Mercosur interim Trade Agreement (“iTA”), by notifying the Mercosur countries with a “note verbale”.[1] This means that as of May 1, 2026, the iTA has started being provisionally applied, despite the European Parliament’s decision to ask for the European Court of Justice’s (“CJEU”) opinion on whether the EU-Mercosur Free Trade Agreement (“EMTA”) is in conformity with the Treaties.[2]

This was possible because the EMTA is divided into two main documents: (i) the iTA covering trade liberalisation and (ii) a broader comprehensive Partnership Agreement; the first can take effect while the second faces the hurdles of full ratification.[3]

Given this somewhat unprecedented decision by the Commission – which ignores a long-standing gentleman’s agreement of institutional respect between the Commission and the Parliament – it is worth questioning if this provisional application might end up jeopardising the EU’s ambitious climate and environmental goals or if, on the other hand, the internal legal framework in this area is strong enough to prevent indirect backtracking.