Andrea Otaola at King & Spalding

Framework Intact, For Now: EU-US Data Flows Dodge Another Bullet

On September 3, 2025, the General Court of the European Union dismissed Philippe Latombe’s annulment action against the Commission’s adequacy decision for the EU-US Data Privacy Framework (DPF) and confirmed that, at the time...more

11/4/2025 / Cross-Border Transactions , Data Privacy , Data Protection , EU , European Commission , General Court of the European Union (GCEU) , International Data Transfers , Privacy Laws , Schrems I & Schrems II , United States

Data Sharing in a Connected World: Does the EU Data Act Call for New Business Models?

The EU Data Act (the Act), entered into force on January 11, 2024 but most of its provisions will apply from September 12, 2025. For any organization that designs, manufactures, or uses connected products, provides related...more

9/5/2025 / Antitrust Provisions , Cloud Computing , Cloud Service Providers (CSPs) , Competition , Data Management , Data Protection , Data Security , Data-Sharing , EU , Internet of Things , New Legislation , Regulatory Reform , Regulatory Requirements

No ‘Stop the Clock’ For the EU AI Act (and a belated General-Purpose AI Code of Practice): What Does This Mean to You?

The European Commission received the final version of the General-Purpose AI (GPAI) Code of Practice on July 10, 2025. The GPAI is a voluntary framework intended to guide how providers of large AI models comply with the...more

7/23/2025 / Artificial Intelligence , Compliance , Copyright , Enforcement , EU , General Data Protection Regulation (GDPR) , Machine Learning , Regulatory Requirements , Risk Management , Risk Mitigation , Transparency

Cyber Resilience Is Key: The Never-Ending Delays of NIS2 Implementation

The European Union’s ("EU") NIS2 Directive (Directive (EU) 2022/2555) capitalizes on the success of its predecessor, NIS, the first horizontal minimum harmonization cyber security and resilience frameworks at the EU level....more

7/2/2025 / Compliance , Cybersecurity , Enforcement Actions , EU , European Commission , Member State , New Legislation , Penalties , Regulatory Requirements , Reporting Requirements

EUROPE - Navigating the Interplay Between EU AI Act and Medical Device Regulations: Strategic Update for the Healthcare Sectors

Already highly regulated with a risk-based approach at their core, AI-powered medical devices and in vitro diagnostic medical devices face new regulatory constraints stemming from the EU AI Act, a horizontal legal instrument...more

6/24/2025 / AI Act , Algorithms , Artificial Intelligence , Compliance , EU , Manufacturers , Medical Devices , Regulatory Requirements , Risk Management

Andrea Otaola

King & Spalding

Popular Topics by This Author

Latest Publications

Framework Intact, For Now: EU-US Data Flows Dodge Another Bullet

Data Sharing in a Connected World: Does the EU Data Act Call for New Business Models?

No ‘Stop the Clock’ For the EU AI Act (and a belated General-Purpose AI Code of Practice): What Does This Mean to You?

Cyber Resilience Is Key: The Never-Ending Delays of NIS2 Implementation

EUROPE - Navigating the Interplay Between EU AI Act and Medical Device Regulations: Strategic Update for the Healthcare Sectors

EU-UK Data Transfers: Adequacy Decision Extended, But Uncertainty Remains

New Security Measures for Large Databases: When a DPA’s Directives Set Standards

New Security Measures for Large Databases: When a DPA's Directives Set Standards

Andrea Otaola

Popular Topics by This Author

Latest Publications

"My best business intelligence, in one easy email…"