On 16 July 2025, the European Central Bank ("ECB") published a non-binding Guide clarifying supervisory expectations for institutions outsourcing cloud services....more
Italy is the first EU Member State to enact national legislation on Artificial Intelligence ("AI"), thereby positioning itself as a frontrunner in shaping AI rule-making within the European Union....more
10/16/2025
/ AI Act ,
Artificial Intelligence ,
Data Centers ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Healthcare ,
Information Technology ,
Intellectual Property Protection ,
Italy ,
Machine Learning ,
New Legislation ,
Popular ,
Regulatory Reform ,
Regulatory Requirements
Implementing the NIS-2 Directive (EU 2022/2555) and the Critical Entities Resilience ("CER") Directive (EU 2022/2557) into national law, Germany is reinforcing the security and resilience of its critical infrastructure,...more
10/8/2025
/ Critical Infrastructure Sectors ,
Cybersecurity ,
EU ,
Germany ,
Incident Response Plans ,
Information Technology ,
New Legislation ,
Regulatory Oversight ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management
Artificial intelligence (“AI”) is a global subject of intense focus by governments, research institutions, investors, and corporations, ranging from start-ups to well-established industry leaders. As technology and regulatory...more
The Single Resolution Board ("SRB") transferred pseudonymized comments from data subjects to Deloitte without informing them. The European Data Protection Supervisor ("EDPS") found a violation of information duties applicable...more
9/11/2025
/ Anonymization ,
Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Transfers ,
Disclosure Requirements ,
EDPS ,
EU ,
General Court of the European Union (GCEU) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Regulatory Violations ,
Single Resolution Board ,
Transparency
On September 3, 2025, the General Court of the European Union dismissed an action for annulment brought by a French member of Parliament against the European Commission's decision recognizing the adequacy of the level of...more
On July 9, 2025, the European Parliament's Committee on Legal Affairs ("JURI") published a study examining how generative artificial intelligence ("AI") interacts with European Union copyright law....more
8/14/2025
/ AI Act ,
Artificial Intelligence ,
Copyright ,
Court of Justice of the European Union (CJEU) ,
Data Mining ,
EU ,
Innovative Technology ,
Intellectual Property Protection ,
IP License ,
Machine Learning ,
Regulatory Reform ,
Training
The European Union's Artificial Intelligence Act ("AI Act") establishes a comprehensive, risk-based regulatory framework including provisions relating to general-purpose AI ("GPAI") models that apply as from 2 August 2025. In...more
8/6/2025
/ Artificial Intelligence ,
Copyright ,
EU ,
European Commission ,
Innovative Technology ,
Machine Learning ,
New Legislation ,
Popular ,
Regulatory Requirements ,
Risk Management ,
Transparency
The EU has introduced Delegated Regulation (EU) 2025/1190, establishing the first harmonized standards for threat-led penetration testing ("TLPT") across the financial sector. The regulation aims to strengthen the cyber...more
7/31/2025
/ Credit Institutions ,
Cybersecurity ,
Digital Operational Resilience Act (DORA) ,
Enforcement ,
EU ,
EU Directive ,
Financial Institutions ,
Financial Services Industry ,
G-SII ,
Harmonization Rules ,
Regulatory Requirements ,
Risk Management ,
Technical Standards
The European Union's Artificial Intelligence Act ("AI Act"), the world's first comprehensive legal framework on AI, entered into force on August 1, 2024. The AI Act sets out staggered compliance deadlines for the various...more
The European Commission has released a new template for summarizing training data used in general-purpose artificial intelligence ("AI") models, as part of its broader AI regulatory framework....more
DORA, the first EU regulation designed to establish a unified and robust digital resilience standard for the financial sector, becomes directly applicable on January 17, 2025, introducing significant penalties and...more
On December 11, 2024, the French High Council for Literary and Artistic Property ("CSPLA") published a report on the implementation of the European regulation on artificial intelligence ("AI"), focusing on the transparency of...more
As the national implementation deadline for the NIS 2 EU Directive is over, businesses in scope should ensure they will soon be ready to comply with the strengthened cybersecurity requirements....more
The first wave of Australia's expansive privacy law reforms has been introduced into Federal Parliament in the Privacy and Other Legislation Amendment Bill 2024 (Cth) ("Bill")....more
10/29/2024
/ Australia ,
Cybersecurity ,
Damages ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Invasion of Privacy ,
Personally Identifiable Information ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
On October 10, 2024, the EU Cyber Resilience Act ("CRA") was adopted by the Council of the European Union....more
Chinese authorities issued new regulations and guidance governing cross-border transfers of data and personal information, which will significantly reduce procedural and compliance burdens for many multinationals....more
On 22 December 2023, the Regulation on harmonized rules on fair access to and use of data ("Data Act") was published in the EU's Official Journal. The Data Act lays down rules on fair access to and use of personal and...more
In light of the DOJ’s most recent guidance on the use of personal devices and third-party messaging applications by corporate personnel, this White Paper addresses issues and challenges that companies are facing in this area...more
10/18/2023
/ CFTC ,
Compliance ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Electronic Communications ,
Financial Industry Regulatory Authority (FINRA) ,
Guidance Update ,
Instant Messaging Apps ,
Mobile Devices ,
Policies and Procedures ,
Securities and Exchange Commission (SEC) ,
White Collar Crimes ,
Workplace Communication
Beginning October 12, 2023, the UK-U.S. Data Bridge will allow UK companies to transfer personal data to the United States using the new EU-U.S. Data Privacy Framework....more
10/17/2023
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
Information Technology ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
UK
In Short -
The Background: The prevalence of generative artificial intelligence ("GenAI") is rapidly expanding, providing vast opportunities for efficiency and innovation, while also creating new risks....more
8/7/2023
/ Algorithms ,
Artificial Intelligence ,
Confidentiality Agreements ,
Data Privacy ,
End-Users ,
EULA ,
Innovation ,
Liability ,
License Agreements ,
Machine Learning ,
Popular
On July 21, 2023, the White House announced that seven leading technology companies—Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI—voluntarily committed to mitigating the risks posed by artificial...more
7/25/2023
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Innovative Technology ,
Machine Learning ,
Regulatory Agenda ,
Regulatory Oversight ,
Risk Mitigation
On July 10, 2023, the EU Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework, concluding that the United States ensures an adequate level of protection for personal data transferred from the...more
On May 30, 2023, the Cyberspace Administration of China ("CAC") issued the "Guidance on Filing the Standard Contract for the Cross-Border Transfer of Personal Information" ("Guidance"), which took effect on June 1, 2023....more
In Short -
The Situation: There has been uncertainty over the circumstances in which data subjects can claim compensation for "mere" infringement of their rights without specific evidence of harm. On May 4, 2023, the Court...more