EU plans new Russian gas ban despite opposition
The European Commission is expected to propose a ban on EU imports of Russian gas and liquefied natural gas by the end of 2027, employing legal measures to ensure member states such as Hungary and Slovakia cannot block the plan.
These proposals will outline how the European Union intends to solidify its commitment to end long-standing energy ties with Russia, its former top gas supplier, following Moscow's full-scale invasion of Ukraine in 2022.
According to an internal Commission summary seen by Reuters, the proposal would legally enforce a ban on imports of Russian pipeline gas and LNG from January 1, 2026, with extended deadlines for specific contracts.
Short-term Russian gas deals signed before June 17, 2025, would have a one-year transition period, expiring on June 17, 2026.
Imports under existing long-term Russian contracts would then be prohibited from January 1, 2028, effectively ending the EU's reliance on Russian gas by this date.
Companies like TotalEnergies and Spain's Naturgy have Russian LNG contracts extending into the 2030s.
EU LNG terminals would also face a gradual ban on providing services to Russian customers, and companies importing Russian gas would be required to disclose their contract information to EU and national authorities.
The plans could still change before they are published.
EU energy commissioner Dan Jorgensen said on Monday the measures were designed to be legally strong enough for companies to invoke the contractual clause of "force majeure" - an unforeseeable event - to break their Russian gas contracts.
"Since this will be a prohibition, a ban, the companies will not get into legal problems. This is force majeure, as it [would be] if it had been a sanction," Jorgensen told reporters.
Slovakia and Hungary, which have sought to maintain close political ties to Russia, still import Russian gas via pipeline and say switching to alternatives would increase energy prices. They have vowed to block sanctions on Russian energy, which require unanimous approval from all EU countries, and have opposed the ban.
To get around this, the Commission's proposals will use an EU legal basis that can be passed with support from a reinforced majority of countries and a majority of the European Parliament, EU officials said.
While most other EU countries have signalled support for the ban, officials said some importing countries have raised concerns about the risk to companies of financial penalties or arbitration for breaking contracts.
Around 19 per cent of Europe's gas still comes from Russia, via the TurkStream pipeline and LNG shipments - down from roughly 45 per cent before 2022. Belgium, France, the Netherlands and Spain are among those that import Russian LNG.
"We fully support this plan in principle, with the aim of ensuring that we find the right solutions to provide maximum security for businesses," French industry minister Marc Ferracci told reporters on Monday.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Sky News
15 minutes ago
- Sky News
23andMe fined millions by UK watchdog over 'profoundly damaging' cyber attack
The genetic testing company 23andMe is being fined £2.31m by the UK's privacy watchdog over their 2023 data breach that saw the personal information of seven million people stolen. More than 150,000 Britons had their personal information taken by hackers. Family trees, health reports, race and ethnicity information may all have been stolen, along with addresses, dates of birth and profile pictures. A database shared on dark web forums and viewed by Sky News' US partner network, NBC News, contained a list of 999,999 people who allegedly had Ashkenazi Jewish heritage, according to 23andMe's genetic profiling. "Crazy. This could be used by Nazis," said one person at the time who appeared in the database. The ICO's fine comes after a joint investigation with Canada's privacy watchdog. It is the most severe punishment the watchdog can impose and reflects repeated failures to protect extremely sensitive data, according to the information commissioner. "This was a profoundly damaging breach that exposed sensitive personal information, family histories, and even health conditions of thousands of people in the UK," said John Edwards, the UK's Information Commissioner. "23andMe failed to take basic steps to protect this information. "Their security systems were inadequate, the warning signs were there, and the company was slow to respond. This left people's most sensitive data vulnerable to exploitation and harm." Despite the attack starting in April 2023, 23andMe did not open an investigation until October that year, when an employee discovered the stolen data had been advertised for sale on Reddit. The company's defences only became strong enough to halt the attack by the end of that year - but that was not the end of 23andMe's troubles. 'Sue you to oblivion' By March this year, the best-known genetic testing company in the world had filed for bankruptcy, unable to rebuild trust after the hack and make enough money from its business model. It will now be sold for $305m (£225m) to 23andMe's original co-founder, Anne Wojcicki and her non-profit TTAM. But a blistering exchange in the US Senate last week laid out fresh concerns for the sensitive data users have shared with 23andMe. Senator Josh Hawley accused Joseph Selsavage, the interim chief executive of 23andMe, of lying to his customers when he says they can delete their genetic data from the company's databases. "You're not deleting it," he said, "because if you were, your company wouldn't be worth $300m." "I hope [users] will rush to the courthouse [...] to sue you into oblivion." Mr Selsavage denied Senator Hawley's claims, saying his company deletes all user data when requested. James Moss, the director of cyber investigations at law firm Addleshaw Goddard, told Sky News the ICO's fine was "about as serious as it gets" but an enforcement order, a notice from the watchdog that dictates how data can be used in the future, would be "more important". "That's the notice which looks forward and says, 'look, you have a legal obligation under UK law to continue to protect the personal data of these 150,000 UK citizens'. And that's arguably the more important," he said. A total of 28 US attorneys general last week launched a legal case against 23andMe to protect user data during the sale, and urged customers to purge their information from the firm's database, given the sensitivity of the data it has collected over the years. 23andMe already sells its users' genetic data and has made at least 30 deals with biotech and pharmaceutical companies like GSK. A spokesperson for the 23andMe buyer, TTAM, told Sky News the non-profit had made "several binding commitments to enhance protections for customer data and privacy". These include allowing individuals to delete their account and opt out of research at any time, notifying customers at least two days before the deal closes about what TTAM's acquisition means for them and agreeing, if TTAM were to sell the company again, only to sell it to someone who agrees to adopt TTAM's privacy polices and comply with data laws. Customers will also be offered two years of free Experian identity theft monitoring, while TTAM will continue to allow "de-identified data" to be used for scientific and biomedical research at universities and nonprofits. No money for UK victims The £2.31m fine money will go to the state rather than to individuals affected by the hack. In the US, victims of the hack won $30m in a class action lawsuit last year, but that's not an option in the UK, despite the incredibly sensitive information that was shared. Class action lawsuits for data breaches could "improve and increase accountability for data-protection breaches", according to solicitor Alex Lawrence Archer from the data law agency AWO. "But also help individuals who are affected get something back, help them get redress, because a fine paid to the ICO doesn't achieve that. Although [the fine] is welcome, it doesn't help individuals." For anyone thinking about using one of the many genetic testing companies that have sprung up since 23andMe was founded in 2006, Mr Lawrence Archer has cautionary advice. "Handing over your genetic data is a really big step, and it's something that [...] people have hitherto been encouraged to take quite lightly," he said. "There's no hard and fast rule like you should or you shouldn't do it, but it's something that you should think really carefully about. "It can be a quite permanent step that's very difficult to undo. It's not something that should be done lightly."
The Guardian
16 minutes ago
- The Guardian
DNA testing firm 23andMe fined £2.3m by UK regulator for 2023 data hack
The genetic testing company 23andMe has been fined more than £2.3m for failing to protect the personal information of more than 150,000 UK residents after a large-scale cyberattack in 2023. Family trees, health reports, names and postcodes were among the sensitive data hacked from the California-based company. It only confirmed the breach months after the infiltration started and once an employee saw the stolen data advertised for sale on the social media platform Reddit, according to the UK Information Commissioner's Office – which levied the fine. The information commissioner, John Edwards, called the months-long incident across the summer of 2023 a 'profoundly damaging breach'. The compromise of UK data was just a fraction of the wider losses, with the data of 7 million people affected. 23andMe charges users £89 to have their DNA screened using a saliva-based kit, allowing them to discover where their distant ancestors came from in terms of their ethnicity and location. But many customers asked for their DNA data to be deleted from the company's archives after the hack and it filed for bankruptcy protection in the US in March. The fine came as a $305m bid to buy the company led by its former chief executive, Anne Wojcicki, looked poised to retake control of the company in a bankruptcy auction. Edwards said the data breach 'exposed sensitive personal information, family histories and even health conditions of thousands of people in the UK'. 'As one of those impacted told us: once this information is out there, it cannot be changed or reissued like a password or credit card number,' he said. 23andMe failed to take basic steps to protect the information and their security systems were inadequate, the UK data protection regulator found. The breaches included failing to install tougher user authentication. The hacker exploited a common weakness caused by users reusing passwords that had already been stolen in other unrelated data breaches. Hackers then used automated tools to try these passwords in a tactic called 'credential stuffing'. 'The warning signs were there, and the company was slow to respond,' said Edwards, who carried out the investigation jointly with the privacy commissioner of Canada. 'This left people's most sensitive data vulnerable to exploitation and harm.' Sign up to First Edition Our morning email breaks down the key stories of the day, telling you what's happening and why it matters after newsletter promotion A spokesperson for the company said 23andMe had since implemented multiple steps to increase security to protect individual accounts and information. They said that as part of the deal to acquire 23andMe, Wojcicki's non-profit, the TTAM Research Institute, has made 'binding commitments to enhance protections for customer data and privacy, including allowing individuals to delete their account and opt out of research at any time' and 'agreeing not to sell or transfer genetic data under a subsequent bankruptcy or change of control', and offering customers two years of free identity theft monitoring. The fine is among several multimillion pound punishments meted out by the ICO in recent years for failure to protect data from hacks and ransomware attacks. In 2022, it fined the construction company Interserve £4.4m when staff data was compromised, including contact details, bank accounts, sexual orientation and health. In March this year it fined an NHS IT supplier, Advanced Computer Software Group, nearly £3.1m for security failings that put the personal information of nearly 80,000 people at risk.
BBC News
17 minutes ago
- BBC News
UK watchdog fines 23andMe for 'profoundly damaging' data breach
DNA testing firm 23andMe has been fined £2.31m by a UK watchdog over a data breach in 2023 which affected thousands of Information Commissioner's Office (ICO) said the company - which has since filed for bankruptcy - failed to put adequate measures in place to secure sensitive user data prior to the incident."This was a profoundly damaging breach that exposed sensitive personal information, family histories, and even health conditions," said Information Commissioner John Edwards.23andMe is set to be sold to a new owner, TTAM Research Institute, which said it had "made several binding commitments to enhance protections for customer data and privacy." 23andMe's users were targeted by what is known as a "credential stuffing" attack in October 2023. This saw hackers use passwords exposed in previous breaches to access 23andMe accounts for which people had used the same or similar were able to access 14,000 individual accounts - and, through those, download information relating to about 6.9m people linked to as possible relations on the to the ICO, this included access to personal data belonging to 155,592 UK residents, such as names, year of birth, geographical information, profile images, race, ethnicity, health reports and family data did not include DNA records."As one of those impacted told us: once this information is out there, it cannot be changed or reissued like a password or credit card number," said Mr Edwards. Due to its more sensitive nature, genetic data is considered special category data under UK data protection law and requires further protections and controlling it should consider having additional security measures in place to help secure it, according to the ICO's investigation - launched along with Canada's privacy commissioner last June - found that 23andMe breached UK data protection law by not having appropriate authentication and verification measures for customers during its login included not having mandatory multi-factor authentication to allow users logging in to verify themselves through additional means or company also did not have secure password requirements or more verification requirements for users trying to download raw genetic data, it Edwards said such failures and delays in resolving them "left people's most sensitive data vulnerable to exploitation and harm"."Their security systems were inadequate, the warning signs were there, and the company was slow to respond," he company says it resolved the issues identified during the ICO and the Office of the Privacy Commissioner of Canada (OPC)'s probe by the end of watchdogs recently called on 23andMe to protect the sensitive personal data of its customers amid its bankruptcy company was initially set to be sold to biotechnology company Regeneron Pharmaceuticals in a $256m 23andMe said on Friday it had agreed to the sale of its assets to TTAM Research Institute - a non-profit biotech organisation led by its co-founder and former chief executive Anne said the purchase of the company for a new price of $305m would come with binding commitments to uphold existing policies and consumer protections, such as letting customers delete their accounts, genetic data and opt out of research.A bankruptcy court is scheduled to hear the case for its approval on Wednesday.
