This is what the EU wants as it pertains to 3 clicks.
After you open the e-mail you double click on the attachment that's one click.
After double-clicking the attachment it says view, open, save, cancel; assuming you click open that's two clicks.
Right now that puts the user in the program viewing the attachment.
However, they want one more click/warning letting the user know this could be a malicious attachment because it came from the Internet.