The European Accessibility Act (“EAA”) (Directive (EU) 2019/882) introduces new accessibility requirements that will apply to a wide range of products and services when they are accessible in the EU, aiming to enhance access...more
A recent update to EU consumer law will require many businesses selling online to offer a simpler, more accessible way for customers to cancel contracts within the standard 14-day cooling-off period....more
7/17/2025
/ Cancellation Rights ,
Consumer Contracts ,
Consumer Protection Laws ,
Contract Terms ,
Corporate Counsel ,
E-Commerce ,
EU ,
EU Directive ,
New Regulations ,
Regulatory Requirements ,
Websites
The EU AI Act (AI Act), effective since February 2025, introduces a risk-based regulatory framework for AI systems and a parallel regime for general-purpose AI (GPAI) models. It imposes obligations on various actors,...more
The European Commission’s proposed amendments to the General Data Protection Regulation (GDPR) mark the first substantive reworking of the regulation since its enactment, signaling a material shift toward economic pragmatism....more
The CRA will affect a broad range of digital products placed on the EU market (including by those based outside the EU), including connected hardware/devices, software and remote data processing solutions. The EU has adopted...more
4/16/2025
/ Cybersecurity ,
Data Processors ,
Digital Operational Resilience Act (DORA) ,
Distributors ,
EU ,
General Data Protection Regulation (GDPR) ,
Hardware ,
Importers ,
Manufacturers ,
New Legislation ,
Popular ,
Regulatory Requirements ,
Risk Assessment ,
Software ,
Supply Chain
On February 24, 2025, the EU adopted its 16th package of sanctions against Russia, Belarus and non-government-controlled areas of Ukraine, symbolically marking the third anniversary of the start of Russia’s invasion of...more
3/11/2025
/ Belarus ,
Economic Sanctions ,
Energy Sector ,
EU ,
Export Controls ,
Exports ,
Financial Institutions ,
Imports ,
Popular ,
Russia ,
Trade Relations ,
UK
The AI Action Summit brought together a wide-ranging assembly of influential figures to discuss the future of artificial intelligence (AI) governance, risk mitigation and international cooperation. The attendees included...more
2/17/2025
/ Artificial Intelligence ,
China ,
EU ,
Innovative Technology ,
International Trade ,
Investment ,
Machine Learning ,
Regulatory Agenda ,
Risk Management ,
Sustainability ,
Technology Sector ,
UK
The first binding obligations of the European Union’s landmark AI legislation, the EU AI Act (the Act), came into effect on February 2, 2025. Essentially, from this date, AI practices which present an unacceptable level of...more
2/4/2025
/ Artificial Intelligence ,
Biometric Information ,
Data Privacy ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management
On January 16, 2025, the European Commission issued a recommendation encouraging EU Member States to begin reviewing outbound investments in critical technologies including AI, semiconductors and quantum technologies to...more
On December 16, 2024, the EU issued its 15th package of sanctions against Russia, new designations under the Belarus sanctions regime, and the first designations under the hybrid threats sanctions regime adopted in October...more
12/27/2024
/ Asset Freeze ,
Belarus ,
Belarus Sanctions ,
Economic Sanctions ,
Entity List ,
EU ,
Export Controls ,
Exports ,
Imports ,
Russia ,
Trade Restrictions ,
Ukraine
The NIS 2 Directive requires a wide range of in-scope organizations to adopt robust cybersecurity measures and incident response plans....more
11/5/2024
/ Compliance ,
Cyber Threats ,
Cybersecurity ,
Employee Training ,
Enforcement ,
EU ,
European Commission ,
Fines ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Penalties ,
Reporting Requirements ,
Supply Chain
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
10/15/2024
/ CNIL ,
Consent ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Retention ,
Enforcement Actions ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Sensitive Personal Information
In a landmark moment for global AI governance, the United States, European Union and United Kingdom have signed the Council of Europe’s framework convention on artificial intelligence and human rights, democracy, and the rule...more
9/17/2024
/ Artificial Intelligence ,
Ethics ,
EU ,
Human Rights ,
Innovative Technology ,
International Treaties ,
Machine Learning ,
Regulatory Agenda ,
Treaties ,
UK ,
United States
The agreed text of the AI Act was published on July 12, 2024, essentially starting the clock on the legal deadlines contained in it. Its obligations will apply in tiered phases, with the first key obligations being enforced...more
7/22/2024
/ Artificial Intelligence ,
Compliance ,
Corporate Counsel ,
Cybersecurity ,
Distributors ,
EU ,
Exemptions ,
Imports ,
Information Governance ,
Machine Learning ,
Manufacturers ,
Recordkeeping Requirements ,
Risk Assessment ,
Supply Chain
On 24 June 2024, the EU adopted its 14th package of sanctions against Russia. The latest measures include: The designation of 116 additional individuals and entities across a number of industries for their responsibility in...more
7/10/2024
/ Asset Freeze ,
Corporate Counsel ,
Economic Sanctions ,
Energy Sector ,
EU ,
Export Controls ,
Exports ,
Financial Services Industry ,
Foreign Policy ,
Importers ,
Imports ,
Natural Gas ,
Russia ,
Ukraine ,
Vessels
A new report issued in May 2024 by the Centre for European Policy Studies (CEPS), an independent thinktank, is the latest installment to cast concerns over the EU-U.S. Data Privacy Framework (DPF), predicting that it will...more
The FCC’s recent introduction of a new Voluntary Cybersecurity Labelling Program for consumer Internet of Things (IoT) products reflects the continued desire by U.S. regulators to bolster the security of the ever-increasing...more
4/10/2024
/ Compliance ,
Cybersecurity ,
Data Security ,
Distributors ,
EU ,
Imports ,
Internet ,
Internet of Things ,
Manufacturers ,
Regulatory Standards ,
Telecommunications ,
UK
Electronic identification and trust services (eIDAS) refer to a range of services that include verifying the identity of individuals and businesses online and verifying the authenticity of electronic documents. Since 2014,...more
On March 13, 2024, the EU Parliament voted to pass the EU’s much-discussed AI Act (with 523 votes in favor, 46 against and 49 abstentions). For an insight into the AI Act’s progression through the EU lawmaking system, see our...more
The United Kingdom (“UK”) introduced new sanctions against Russia on December 14, 2023 with the European Union (“EU”) also adopting its 12th package of sanctions against Russia on December 18, 2023....more
The Council of the European Union and the European Parliament reached a provisional agreement on a new comprehensive regulation governing AI, known as the “AI Act,” late on Friday night (December 8, 2023). While the final...more
The United Kingdom hosted an Artificial Intelligence (AI) Safety Summit on November 1 – 2 at Bletchley Park with the purpose of bringing together those leading the AI charge, including international governments, AI companies,...more
United States: The Administration and Congress are taking initial steps to produce legislation to regulate AI and using interim measures, such as the White House’s recently announced voluntary agreement with seven prominent...more
8/14/2023
/ Artificial Intelligence ,
China ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
EU ,
Machine Learning ,
New Guidance ,
New Regulations ,
OECD ,
OSTP ,
Personal Information ,
UK
The new EU Foreign Subsidies Regulation (FSR) has now finally taken effect. Under the FSR the European Commission (EC) will have new powers to intervene against distortions to competition in the EU internal market caused by...more
There will be additional compliance obligations and mandatory contractual provisions introduced for financial entities and outsourced IT service providers.
The new DORA seeks to strengthen the resilience of financial...more
7/21/2023
/ Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Financial Institutions ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information and Communication Technology (ICT) ,
Information Technology ,
Internet Service Providers (ISPs) ,
New Legislation ,
New Regulations ,
Third-Party Service Provider