On July 9, 2025, the European Parliament's Committee on Legal Affairs ("JURI") published a study examining how generative artificial intelligence ("AI") interacts with European Union copyright law....more
8/14/2025
/ AI Act ,
Artificial Intelligence ,
Copyright ,
Court of Justice of the European Union (CJEU) ,
Data Mining ,
EU ,
Innovative Technology ,
Intellectual Property Protection ,
IP License ,
Machine Learning ,
Regulatory Reform ,
Training
The European Union's Artificial Intelligence Act ("AI Act") establishes a comprehensive, risk-based regulatory framework including provisions relating to general-purpose AI ("GPAI") models that apply as from 2 August 2025. In...more
8/6/2025
/ Artificial Intelligence ,
Copyright ,
EU ,
European Commission ,
Innovative Technology ,
Machine Learning ,
New Legislation ,
Popular ,
Regulatory Requirements ,
Risk Management ,
Transparency
The EU has introduced Delegated Regulation (EU) 2025/1190, establishing the first harmonized standards for threat-led penetration testing ("TLPT") across the financial sector. The regulation aims to strengthen the cyber...more
7/31/2025
/ Credit Institutions ,
Cybersecurity ,
Digital Operational Resilience Act (DORA) ,
Enforcement ,
EU ,
EU Directive ,
Financial Institutions ,
Financial Services Industry ,
G-SII ,
Harmonization Rules ,
Regulatory Requirements ,
Risk Management ,
Technical Standards
The European Union's Artificial Intelligence Act ("AI Act"), the world's first comprehensive legal framework on AI, entered into force on August 1, 2024. The AI Act sets out staggered compliance deadlines for the various...more
The European Commission has released a new template for summarizing training data used in general-purpose artificial intelligence ("AI") models, as part of its broader AI regulatory framework....more
DORA, the first EU regulation designed to establish a unified and robust digital resilience standard for the financial sector, becomes directly applicable on January 17, 2025, introducing significant penalties and...more
As the national implementation deadline for the NIS 2 EU Directive is over, businesses in scope should ensure they will soon be ready to comply with the strengthened cybersecurity requirements....more
On October 10, 2024, the EU Cyber Resilience Act ("CRA") was adopted by the Council of the European Union....more
The Situation: The French Supreme Court recently considered whether a limitation of liability clause could be enforced against a third party to a contract claiming compensation for a breach of contract that caused it damage....more
On 22 December 2023, the Regulation on harmonized rules on fair access to and use of data ("Data Act") was published in the EU's Official Journal. The Data Act lays down rules on fair access to and use of personal and...more
Beginning October 12, 2023, the UK-U.S. Data Bridge will allow UK companies to transfer personal data to the United States using the new EU-U.S. Data Privacy Framework....more
10/17/2023
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
Information Technology ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
UK
On July 10, 2023, the EU Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework, concluding that the United States ensures an adequate level of protection for personal data transferred from the...more
The Council of the European Union ("EU") adopted a new Directive to strengthen cybersecurity and resilience across the Union. -
Following the European Parliament's approval on November 10, 2022, the Council of the European...more
On September 28, 2022, the European Commission published two proposals—the Revised Product Liability Directive and the AI Liability Directive—aimed at adapting liability rules to the green and digital transition within the...more
On September 15, 2022, the European Commission ("EU") published a proposal for a Cyber Resilience Act, the first EU-wide legislation introducing a single set of cybersecurity rules for hardware and software products placed in...more
On February 23, 2022, the European Commission ("Commission") published a proposal for a Data Act which aims at enhancing data access and use within the European Union ("EU")....more
2/24/2022
/ Artificial Intelligence ,
Data Collection ,
Data Privacy ,
Data-Sharing ,
EU ,
European Commission ,
Information Governance ,
International Data Transfers ,
Internet of Things ,
Personal Data ,
Personally Identifiable Information ,
Proposed Regulation ,
Regulatory Agenda ,
Small and Medium-Sized Enterprises (SMEs)
The Background: Transfers of personal data to countries outside the European Economic Area ("EEA") must meet certain requirements under the General Data Protection Regulation ("GDPR"). If the third country does not provide an...more
An interest group of EU banks that was formed to assist European financial institutions with their use of public cloud technology recently suggested model terms for the compliant use of cloud technology.
On May 17, 2021,...more
The Situation: After the invalidation of the EU-U.S. Privacy Shield by the Court of Justice of the European Union ("CJEU"), the conditions under which international data may flow from the European Union continue to remain...more
11/23/2020
/ Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Situation: The Court of Justice of the European Union ("CJEU") has ruled that international data flows under the European Union's comprehensive data protection regime, the GDPR, can continue to be based on EU Standard...more
The Situation: On June 3, 2020, the European Securities Market Authority ("ESMA") published a consultation paper on Outsourcing to Cloud Service Providers ("Proposed Guidelines"), which will apply to any institution under the...more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
Cybersecurity Standards Issued for Government Contractors -
On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
4/1/2020
/ 5G Network ,
Artificial Intelligence ,
Canada ,
China ,
CNIL ,
Computer Fraud and Abuse Act (CFAA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Department of Defense (DOD) ,
EU ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
FERC ,
GAO ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Commissioner's Office (ICO) ,
Japan ,
Latin America ,
National Security ,
NIST ,
OCIE ,
OCR ,
Online Safety for Children ,
People's Bank of China ,
Public Health Emergency ,
Securities and Exchange Commission (SEC) ,
Social Media ,
State Attorneys General ,
Telehealth ,
Trump Administration ,
Unmanned Aircraft Systems
This week, the European Commission published white papers detailing its strategies regarding the use of data and artificial intelligence ("AI"). Several additional reports accompany the white papers and cover topics such as...more
The Situation: On July 4, 2019, the French data protection authority ("CNIL") published revised guidelines on the implementation of cookies or similar tracking technologies in order to take into account the new requirements...more
1/29/2020
/ CNIL ,
Consent ,
Cookies ,
Cybersecurity ,
Data Controller ,
Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
France ,
General Data Protection Regulation (GDPR) ,
Public Consultations
The Situation: The European Union's General Data Protection Regulation ("GDPR") has been effective since May 2018 and has resulted in increased requirements for obtaining consent for the processing of personal data. However,...more