.svg)
The European Commission has confirmed it will present a dedicated EU Action Plan on Online Fraud to boost collective efforts to combat scams that increasingly target vulnerable groups, including older people.
In a written response to a parliamentary question from Italian MEP Aldo Patriciello, the EU’s commissioner for internal affairs, Magnus Brunner, said the plan will formalise existing initiatives under the ProtectEU Strategy and the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
These frameworks already coordinate cross-border law enforcement against online fraud, but will now be expanded to include preventive measures and victim protection schemes.
Brunner acknowledged that responsibility for tackling telephone scams largely lies with member states, but emphasised the EU’s role in supporting digital literacy and security standards.
Programmes such as the Digital Education Action Plan and Media Literacy for All aim to improve digital skills across age groups, with particular attention to older adults, who are disproportionately affected by fraudulent calls.
Telecoms and security measures
The Commission also used the response to highlight progress made under existing EU legislation requiring telecoms operators to strengthen their defences.
For example, under the European Electronic Communications Code and the ePrivacy Directive, providers must implement robust security measures.
Eleven member states have already introduced anti-spoofing rules, obligating operators to block fraudulent calls from abroad, register SMS sender IDs and deploy caller authentication technology.
Further measures are under review as part of the forthcoming Digital Networks Act, which could expand obligations on providers to counter scams.
Patriciello’s original question, which was filed in July 2025, highlighted the severe economic, emotional and psychological harm telephone scams cause to older people, who are often targeted with fake emergency requests, bogus service offers and extortion attempts.
He called for a harmonised EU framework and dedicated awareness campaigns to help victims and their families recognise and report fraud.
The Commission has responded by suggesting that its forthcoming Action Plan on Online Fraud will be the key vehicle for enhancing cooperation between member states, regulators, telecoms providers and consumer organisations, while boosting prevention and victim support.
What could the action plan look like?
Work on the action plan could take many forms. Many in the payments world will be familiar with the EU’s Retail Payments Strategy and its Digital Finance Strategy, both launched in the autumn of 2020.
These strategies were consequential for the following years’ legislative work, and included influential regulations such as the Digital Operational Resilience Act (DORA) and the Markets in Crypto-Assets (MiCA) frameworks, as well as payments legislation such as the Instant Payments Regulation (IPR) and updates to the Payment Services Directive.
The action plan may also involve marketing, including collaboration with both member state regulators and the private sector.
It could also include campaigns modelled on Cybersecurity Month and intended to reach vulnerable groups such as older people, as well as fraud-specific digital literacy programmes building on the Digital Education Action Plan and Media Literacy for All.
The plan could also provide practical guidance for consumers and businesses on recognising scams, similar to the European Banking Authority’s (EBA) financial consumer guidelines.
Lessons from the UK
Should the EU be looking for inspiration, it may turn to the UK and its Online Fraud Charter.
Signed in November 2023 by major tech platforms and the government, this is a voluntary agreement that commits companies such as Google, Meta, Amazon and TikTok to block fraudulent content and ads, improve data sharing with law enforcement, respond quickly by removing scams and suspending accounts, and provide better reporting tools and support for victims.
The charter has attracted some criticism, with calls for the UK government to reinforce the rules and, like the EU, introduce reimbursement requirements for tech and telecoms platforms.
Nevertheless, it could be a starting point for the EU to consider when developing its action plan.
With updates to the Payment Services Directive potentially including tougher liability expectations, and the added muscle of legislation such as the Digital Services Act, the EU is building a stronger toolkit that could place higher expectations on companies to tackle consumer harms arising from fraud.
