One of the key aspects of the EU AI Act (“AI Act”)[1] is linked to the qualification of providers and deployers and the nuances which help distinguish between the two categories of stakeholders. What would this mean in...more
The Digital Operational Resilience Act EU 2022/2554 (DORA) constitutes a groundbreaking EU regulation designed to establish a unified framework for bolstering cybersecurity and operational resilience within the financial...more
9/10/2024
/ Banking Sector ,
Compliance ,
EU ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
Investment Management ,
Legislative Agendas ,
New Legislation ,
Policies and Procedures ,
Regulatory Agenda ,
Regulatory Requirements
The Artificial Intelligence Act (AI Act) entered into force on 1 August 2024 and is the world's first comprehensive legal framework for AI regulation. As companies start incorporating AI tools into their business, products...more
On 25 July 2024, the EU Commission published its second report on the application of the GDPR (the ‘Second Report’), following its first report published in 2020....more
EU Regulation 2024/1689, also known as the Artificial Intelligence Act (AI Act), enters into force as of 1 August 2024. But when will it become applicable?
The AI Act sets out a harmonized legal framework for the...more
8/5/2024
/ Artificial Intelligence ,
Compliance ,
Corporate Governance ,
Data Protection ,
EU ,
Innovative Technology ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
On 12 July, 2024, the Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (the ‘EU AI Act’) was published in the official Journal of the European Union. The EU AI Act aims to establish a...more
7/25/2024
/ Artificial Intelligence ,
Data Privacy ,
Data Protection ,
Enforcement ,
EU ,
European Commission ,
Innovative Technology ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
On June 20, 2024, the Court of Justice of the European Union (‘CJEU’) issued its judgment in two joined cases C-182/22 and C-189/22, Scalable Capital, on the right to compensation for non-material damages under Article 82(1)...more
With Parliamentary elections and a series of national votes in 2024, the EU is entering a pivotal period in its history. In this study, ‘Global business in a changing Europe’, we speak to corporate leaders across the world to...more
3/22/2024
/ Acquisitions ,
Artificial Intelligence ,
Asset Management ,
Capital Markets ,
Competition ,
Corporate Governance ,
Energy Sector ,
Environmental Social & Governance (ESG) ,
EU ,
European Commission ,
Global Market ,
Greenhouse Gas Emissions ,
Investment ,
Investment Management ,
Investors ,
Merger Controls ,
Mergers ,
Net Zero ,
Regulatory Agenda ,
Risk Management ,
Sustainability
Alongside the recent CJEU judgment on automated decision making in Schufa (see the Allen & Overy blog ) there are a range of developments related to ADM in other jurisdictions.
UK developments -
The UK Parliament is...more
On 7 December 2023, the Court of Justice of the European Union (CJEU) issued a landmark judgment on Article 22 of the General Data Protection Regulation (GDPR), focused on decision making based solely on automated processing...more
In joined Cases C‑26/22 and C‑64/22, related to the German Credit Reference Agency Schufa (see A&O blog on the automated decision making case), the CJEU considered the retention of personal data regarding individuals who had...more
On 10 July 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This decision enables the free flow of personal data from the EU and three EEA countries (Iceland,...more
In the five years since the European Union’s General Data Protection Regulation came into force, what have been the main learnings for business, and what will the future hold?...more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
4/25/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Popular ,
UK
The Court of Justice of the European Union (CJEU) considered appropriate conditions that apply in respect of specific national legislation which EU member states may adopt under Article 88 GDPR to regulate the processing of...more
The German Data Protection Conference of supervisory authorities (DSK) issued a decision on how to evaluate the risk of personal data being accessed by non-EEA public authorities, or by a parent company, when processed by a...more
On 13 July 2022, the Public Procurement Chamber of the German state of Baden-Württemberg (the Public Procurement Chamber) issued a decision confirming that personal data processed by an EU subsidiary of a parent entity...more
On 2 December 2021, the Court of Justice of the European Union (CJEU) published the Advocate General’s (AG) opinion in case C-319/20 (Facebook Ireland) (the AG Opinion) relating to the issue of whether Member State law may...more
The decision of the UK Supreme Court in Lloyd v Google is a welcome relief for data controllers. However, is it the end of class actions for data breach?...more
On 25 October 2021, the Administrative Court of Wiesbaden (the Court) announced its decision, issued in early October, to submit two questions to the Court of Justice of the European Union (CJEU) regarding the scope of the...more
On 24 June 2021, the Advocate General (AG) of the Court of Justice of the European Union (CJEU) issued his opinion on the preliminary ruling request submitted by Germany's Federal Court of Justice (Bundesgerichtshof) in case...more
After weeks of tough wrangling, the Federal Cabinet has decided to oblige companies throughout Germany to offer coronavirus tests to their employees. This obligation will be included in the SARS-CoV-2 Occupational Health and...more