On July 10 2025, the EU Artificial Intelligence Office (the AI Office) issued the final version of the General Purpose AI Code of Practice (GPAI Code). The GPAI Code is a non-binding set of guidelines created by independent...more
As regulatory frameworks tighten and cybersecurity threats grow in complexity, operational resilience is, now more than ever, a boardroom challenge for banks....more
The Artificial Intelligence Act (AI Act) is the world's first comprehensive legal framework for AI regulation, which entered into force on August 1, 2024. The AI Act aims to ensure that AI systems are trustworthy, safe and...more
4/1/2025
/ AI Act ,
Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Enforcement ,
EU ,
European Commission ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector
We are delighted to present our view of the most important developments in EU digital market regulation. We present our perspective on those developments as a snapshot of the current state of regulatory progress, and it will...more
11/8/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
Machine Learning ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Technology Sector
A new requirement to inform individuals of the exact personal data to be shared with the Administration des Contributions Directes.
The Luxembourg law of 18 December 2015 on the automatic exchange of financial account...more
Paying a cyber ransom will, allegedly, secure your data and give you back control of your systems. But there are legal, operational and ethical risks to consider....more
In the five years since the European Union’s General Data Protection Regulation came into force, what have been the main learnings for business, and what will the future hold?...more
Read the latest updates on the progress of legislation and regulation in the EU relating to technology, data, digital markets and cybersecurity....more
On 6 April 2022, following the announcement of the political agreement on a new EU-US Trans-Atlantic Data Privacy Framework having been reached between the European Commission and the United States on 25 March 2022, the...more
The future of finance is digital. The increased reliance on technology in finance heightens the vulnerability of ICT systems and worsens the impact of a potential cyberattack. To this end, the European Commission (the...more
On 1 October 2019, the Court of Justice of the European Union (CJEU) issued its long-awaited decision in the case Planet49 (Case C-673/17). The decision clarifies the requirements for valid cookie consent under Directive...more
10/3/2019
/ Consent ,
Cookies ,
Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular
The Luxembourg data protection authority (CNPD) has published a list of processing activities triggering a mandatory data protection impact assessment (DPIA) following review by the European Data Protection Board (EDPB)....more
Just before summer recess, Luxembourg Parliament has adopted the law of 1 August 2018 which implements certain parts of the General Data Protection Regulation (GDPR) and repeals the former data protection law of 2 August...more
The challenge and risks -
The topic of cybersecurity is seldom out of the press these days, occupying the minds of business leaders and politicians alike. From a business perspective, the ideal outcome would be to...more
On 18 December 2015, the agreed text of the Network and Information Security Directive (the NIS Directive) was released. With cybersecurity firmly established as a key business risk, the introduction of specific laws in this...more
After the controversial Google Spain decision (which besides the right to be forgotten also dealt with applicable law rules), the Court of Justice of the EU (CJEU) handed down another important – and yet again rather...more
10/16/2015
/ Cybersecurity ,
Data Protection ,
Data Protection Authority ,
Debt Collection ,
Edward Snowden ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
Google ,
Hungary ,
International Data Transfers ,
Internet ,
Internet Privacy ,
Ireland ,
Member State ,
Multinationals ,
National Security ,
National Security Agency (NSA) ,
Online Advertisements ,
Personal Data ,
Privacy Laws ,
Real Estate Market ,
Right to Be Forgotten ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework ,
Websites