On April 14 2025, the European Data Protection Board (EDPB) announced the outcomes of its plenary session that took place on April 8 2025, during which the EDPB adopted draft Guidelines on processing of personal data through...more
4/25/2025
/ AI Act ,
Artificial Intelligence ,
Blockchain ,
Data Privacy ,
Data Protection ,
Draft Guidance ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Regulatory Requirements ,
Technology
On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more
4/16/2025
/ Cybersecurity ,
Data Protection ,
Digital Operational Resilience Act (DORA) ,
EU ,
European Commission ,
Financial Institutions ,
Information Technology ,
Regulatory Requirements ,
Risk Management ,
Subcontractors ,
Third-Party Service Provider
The Artificial Intelligence Act (AI Act) is the world's first comprehensive legal framework for AI regulation, which entered into force on August 1, 2024. The AI Act aims to ensure that AI systems are trustworthy, safe and...more
4/1/2025
/ AI Act ,
Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Enforcement ,
EU ,
European Commission ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector
The integration of AI in the workplace is revolutionising HR. From recruitment to performance analysis, AI use cases can streamline HR processes and enhance productivity. However, the deployment of AI by employers also brings...more
3/18/2025
/ AI Act ,
Artificial Intelligence ,
Bias ,
Employees ,
Employer Liability Issues ,
Employment Policies ,
EU ,
Human Resources Professionals ,
Regulatory Requirements ,
Risk Management ,
Technology Sector ,
UK
On February 3 2025, the European Commission published an updated version of the Frequently Asked Questions (FAQs) about the Regulation (EU) 2023/2854 on harmonised rules on fair access to and use of data (Data Act). Key...more
2/27/2025
/ Compliance ,
DATA Act ,
Data Management ,
Data Privacy ,
Data Protection ,
Digital Marketplace ,
EU ,
European Commission ,
Regulatory Agenda ,
Regulatory Requirements ,
Technology Sector
What are we really talking about and what are the legal implications under the EU AI Act?
The rapid evolution of artificial intelligence (AI) has led to significant opportunities and challenges, especially in the realm of...more
The European Union Artificial Intelligence Act (AI Act) entered into force on 1 August 2024. The AI Act establishes a risk-based approach to AI, prohibiting certain practices that are deemed unacceptable, such as social...more
2/6/2025
/ Artificial Intelligence ,
Compliance ,
Data Protection ,
Enforcement Actions ,
EU ,
European Commission ,
Healthcare ,
Regulation ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
On January 21 2025, the Council of the European Union (Council) announced its decision to adopt the Regulation of the European Parliament and of the Council on the European Health Data Space (EHDS).
As we have previously...more
1/29/2025
/ Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Health Care Providers ,
Healthcare ,
Member State ,
Patient Privacy Rights ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda
On December 2 – 3 2024, the European Data Protection Board (EDPB) met for its 99th plenary session. It subsequently issued several documents, one of which calls for the need for greater alignment between the GDPR and EU...more
12/12/2024
/ Artificial Intelligence ,
Data Protection ,
Digital Markets Strategy ,
Digital Services ,
Draft Guidance ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Legislative Agendas ,
Machine Learning ,
New Legislation ,
Regulatory Agenda
Companies deploying high-risk artificial intelligence (AI) systems must prepare to conduct Fundamental Rights Impact Assessment (FRIA) by 2 August 2026. In this edition of our “Zooming in on AI” series we explain what this...more
On November 14, 2024, the European Commission published the first draft of the General-Purpose AI Code of Practice (the Draft Code).
The Draft Code is designed to help providers of general-purpose AI models (GPAI) and...more
12/2/2024
/ Artificial Intelligence ,
Copyright ,
Corporate Counsel ,
Cyber Incident Reporting ,
Data Privacy ,
Data Protection ,
EU ,
European Commission ,
Risk Management ,
Robots ,
Taxonomy ,
Technology Sector ,
Transparency
When the AI Act was first proposed by the European Commission in 2021, the concept of “general purpose AI” was nowhere to be found. These rules were introduced during the legislative process to align the AI Act to the...more
On 17 October 2024, the European Commission (EC) adopted the final version of the Implementing Regulation concerning cybersecurity risk management measures and further specification of cases in which an incident is considered...more
The EU Artificial Intelligence Act (“AI Act”) exemplifies a highly advanced risk-based approach to European regulation. One of its distinguishing features is the detailed classification of various risk levels associated with...more
11/12/2024
/ Artificial Intelligence ,
Digital Services ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector ,
Transparency
Companies deploying high-risk artificial intelligence (AI) systems must prepare to navigate a complex landscape of new obligations by August 2, 2026. In this post we explain the key obligations for providers and deployers of...more
10/30/2024
/ Artificial Intelligence ,
Automated Systems ,
Data Protection ,
Distributors ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Importers ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Technology Sector ,
Transparency
In a significant ruling (dated 9 September 2024), The Hague District Court (Court) has sided with Bunq B.V. (Bunq), dismissing part of the customer's GDPR access request. This decision highlights that a financial entity’s...more
AI-driven technology has emerged as a cornerstone of our present and future daily lives, revolutionising the way transactions and interactions are organised.
With the increased use of AI systems, there is also an...more
10/22/2024
/ Artificial Intelligence ,
Corporate Governance ,
Data Protection ,
EU ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Stakeholder Engagement ,
Technology Sector
On 9 October 2024, the European Data Protection Board (EDPB) published its draft Guidelines on the processing of personal data based on legitimate interest for public consultation. The draft Guidelines, adopted on 8 October...more
The CJEU considered: (a) whether a legitimate interest of the controller or third party must be determined by law, and (b) whether provision of personal data of the members of a sports federation to third parties in return...more
On 6 September 2024, the European Commission published a set of frequently asked questions (FAQs) on Regulation (EU) 2023/2854 on Harmonised Rules on Fair Access to and Use of Data (the Data Act). More detail can be found in...more
One of the key aspects of the EU AI Act (“AI Act”)[1] is linked to the qualification of providers and deployers and the nuances which help distinguish between the two categories of stakeholders. What would this mean in...more
The Artificial Intelligence Act (AI Act) entered into force on 1 August 2024 and is the world's first comprehensive legal framework for AI regulation. As companies start incorporating AI tools into their business, products...more
EU Regulation 2024/1689, also known as the Artificial Intelligence Act (AI Act), enters into force as of 1 August 2024. But when will it become applicable?
The AI Act sets out a harmonized legal framework for the...more
8/5/2024
/ Artificial Intelligence ,
Compliance ,
Corporate Governance ,
Data Protection ,
EU ,
Innovative Technology ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
On May 2 2024, the Dutch data protection supervisory authority (the Dutch DPA) published guidance on the processing of personal data when using facial recognition....more
With Parliamentary elections and a series of national votes in 2024, the EU is entering a pivotal period in its history. In this study, ‘Global business in a changing Europe’, we speak to corporate leaders across the world to...more
3/22/2024
/ Acquisitions ,
Artificial Intelligence ,
Asset Management ,
Capital Markets ,
Competition ,
Corporate Governance ,
Energy Sector ,
Environmental Social & Governance (ESG) ,
EU ,
European Commission ,
Global Market ,
Greenhouse Gas Emissions ,
Investment ,
Investment Management ,
Investors ,
Merger Controls ,
Mergers ,
Net Zero ,
Regulatory Agenda ,
Risk Management ,
Sustainability