Charly Helleputte at King & Spalding

No ‘Stop the Clock’ For the EU AI Act (and a belated General-Purpose AI Code of Practice): What Does This Mean to You?

The European Commission received the final version of the General-Purpose AI (GPAI) Code of Practice on July 10, 2025. The GPAI is a voluntary framework intended to guide how providers of large AI models comply with the...more

7/23/2025 / Artificial Intelligence , Compliance , Copyright , Enforcement , EU , General Data Protection Regulation (GDPR) , Machine Learning , Regulatory Requirements , Risk Management , Risk Mitigation , Transparency

Cyber Resilience Is Key: The Never-Ending Delays of NIS2 Implementation

The European Union’s ("EU") NIS2 Directive (Directive (EU) 2022/2555) capitalizes on the success of its predecessor, NIS, the first horizontal minimum harmonization cyber security and resilience frameworks at the EU level....more

7/2/2025 / Compliance , Cybersecurity , Enforcement Actions , EU , European Commission , Member State , New Legislation , Penalties , Regulatory Requirements , Reporting Requirements

EUROPE - Navigating the Interplay Between EU AI Act and Medical Device Regulations: Strategic Update for the Healthcare Sectors

Already highly regulated with a risk-based approach at their core, AI-powered medical devices and in vitro diagnostic medical devices face new regulatory constraints stemming from the EU AI Act, a horizontal legal instrument...more

6/24/2025 / AI Act , Algorithms , Artificial Intelligence , Compliance , EU , Manufacturers , Medical Devices , Regulatory Requirements , Risk Management

EU-UK Data Transfers: Adequacy Decision Extended, But Uncertainty Remains

On May 14, 2025, the European Data Protection Board ("EDPB") issued a favorable opinion on granting a six-month extension to the existing adequacy decisions for the UK, following a formal proposal from the European...more

6/9/2025 / Corporate Counsel , Data Protection , Data Transfers , EU , European Commission , European Data Protection Board (EDPB) , General Data Protection Regulation (GDPR) , International Data Transfers , Proposed Legislation , UK , UK GDPR

New Security Measures for Large Databases: When a DPA’s Directives Set Standards

In response to a record year of personal data breaches in 2024, affecting millions of individuals, the French data protection authority (CNIL) has published a set of security directives for operators of large databases. While...more

6/6/2025 / Audits , CNIL , Cybersecurity , Data Privacy , Data Protection , Data Security , France , General Data Protection Regulation (GDPR) , Multi-Factor Authentication , Regulatory Requirements

Transatlantic AI Governance – Strategic Implications for U.S. — EU Compliance

Introduction: The Global Race Towards AI Governance Takes Different Paths- As artificial intelligence (AI) continues to transform global markets, the European Union and the United States are advancing regulatory...more

5/21/2025 / AI Act , Artificial Intelligence , Compliance , Disclosure Requirements , Enforcement , EU , Government Agencies , International Trade , Liability , Penalties , Proposed Legislation , Regulatory Requirements , Risk Management , Transparency

New Security Measures for Large Databases: When a DPA's Directives Set Standards

In response to a record year of personal data breaches in 2024, affecting millions of individuals, the French data protection authority (CNIL) has published a set of security directives for operators of large databases. While...more

5/19/2025 / Audits , CNIL , Data Breach , Data Privacy , Data Protection , Data Security , France , Multi-Factor Authentication , Regulatory Requirements

Charly Helleputte

King & Spalding

Popular Topics by This Author

Latest Publications