On April 9 2025, the European Commission published the AI Continent Action Plan (the Action Plan), which outlines the EU’s strategy to enhance innovation, competitiveness and regulatory compliance in artificial intelligence...more
On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more
4/16/2025
/ Cybersecurity ,
Data Protection ,
Digital Operational Resilience Act (DORA) ,
EU ,
European Commission ,
Financial Institutions ,
Information Technology ,
Regulatory Requirements ,
Risk Management ,
Subcontractors ,
Third-Party Service Provider
The Artificial Intelligence Act (AI Act) is the world's first comprehensive legal framework for AI regulation, which entered into force on August 1, 2024. The AI Act aims to ensure that AI systems are trustworthy, safe and...more
4/1/2025
/ AI Act ,
Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Enforcement ,
EU ,
European Commission ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector
On February 3 2025, the European Commission published an updated version of the Frequently Asked Questions (FAQs) about the Regulation (EU) 2023/2854 on harmonised rules on fair access to and use of data (Data Act). Key...more
2/27/2025
/ Compliance ,
DATA Act ,
Data Management ,
Data Privacy ,
Data Protection ,
Digital Marketplace ,
EU ,
European Commission ,
Regulatory Agenda ,
Regulatory Requirements ,
Technology Sector
The European Union Artificial Intelligence Act (AI Act) entered into force on 1 August 2024. The AI Act establishes a risk-based approach to AI, prohibiting certain practices that are deemed unacceptable, such as social...more
2/6/2025
/ Artificial Intelligence ,
Compliance ,
Data Protection ,
Enforcement Actions ,
EU ,
European Commission ,
Healthcare ,
Regulation ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
On December 2 – 3 2024, the European Data Protection Board (EDPB) met for its 99th plenary session. It subsequently issued several documents, one of which calls for the need for greater alignment between the GDPR and EU...more
12/12/2024
/ Artificial Intelligence ,
Data Protection ,
Digital Markets Strategy ,
Digital Services ,
Draft Guidance ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Legislative Agendas ,
Machine Learning ,
New Legislation ,
Regulatory Agenda
On November 14, 2024, the European Commission published the first draft of the General-Purpose AI Code of Practice (the Draft Code).
The Draft Code is designed to help providers of general-purpose AI models (GPAI) and...more
12/2/2024
/ Artificial Intelligence ,
Copyright ,
Corporate Counsel ,
Cyber Incident Reporting ,
Data Privacy ,
Data Protection ,
EU ,
European Commission ,
Risk Management ,
Robots ,
Taxonomy ,
Technology Sector ,
Transparency
On November 5, 2024, the European Data Protection Board (EDPB) issued its first report under the EU-U.S. Data Privacy Framework (DPF) and released a statement on the access to data for law enforcement. Both documents were...more
11/20/2024
/ Artificial Intelligence ,
Biometric Information ,
Corporate Governance ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Data Protection Board (EDPB) ,
Exporters ,
Exports ,
Machine Learning ,
New Guidance ,
Privacy Laws ,
U.S. Commerce Department
On October 9, 2024, the European Commission (the Commission) published a report on the first periodic review of the adequacy decision of July 10, 2023. This decision determined that the EU-U.S. Data Privacy Framework (the...more
11/20/2024
/ Certifications ,
Complaint Procedures ,
Compliance Monitoring ,
Corporate Governance ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Privacy Laws
On 6 September 2024, the European Commission published a set of frequently asked questions (FAQs) on Regulation (EU) 2023/2854 on Harmonised Rules on Fair Access to and Use of Data (the Data Act). More detail can be found in...more
On 1 July 2024, the European Commission (the ‘Commission’) announced its preliminary findings in an investigation of a leading social media platform, concluding that its ‘pay or consent’ advertising model implemented in the...more
7/23/2024
/ Advertising ,
Consent ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Digital Markets Strategy ,
EU ,
European Commission ,
European Economic Area (EEA) ,
Pay or Play ,
Privacy Laws ,
Social Media ,
Technology Sector
On 3 October 2023, the European Commission announced a public consultation regarding the draft implementing regulation (Draft Regulation) establishing the European Common Criteria-based cybersecurity certification scheme...more
On 10 July 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This decision enables the free flow of personal data from the EU and three EEA countries (Iceland,...more
The European Commission published its Proposal for a Regulation (on 4 July 2023) laying down additional procedural rules relating to the enforcement of GDPR (the Proposal), which aims to complement the GDPR by specifying the...more
The European Parliament’s committees for Civil Liberties, Justice and Home Affairs (LIBE) and for Internal Market and Consumer Protection (IMCO) adopted a report setting out the Parliament’s vision for the proposed EU...more
The European Commission issued its non-binding guidance on 1 February 2023 to help providers of online platforms and search engines comply with the requirement of the Digital Services Act (DSA) to publish information on their...more
On 28 September 2022, the European Commission published two proposals aimed at modernising product liability rules in the digital age. The proposal is the first specifically designed to address compensation for damage caused...more
On 15 September 2022, the European Commission published its proposal for a new Cyber Resilience Act (the Act) that introduces common cybersecurity rules for placing products with digital elements on the EU market. ...more
On 20 January 2022, the European Parliament finalised its position on the draft Digital Services Act (DSA), which was adopted with a broad majority during the plenary session....more
On 28 October 2021, the Committee on Industry, Research and Energy (ITRE) of the European Parliament agreed its approach to the text of the proposed revision to the Network and Information Systems (NIS) Directive (NIS2) and...more
On 15 December 2020, the European Commission published its Digital Services Act package which proposes two pieces of legislation: the Digital Services Act and the Digital Markets Act. This package will profoundly change the...more