The Cyber Resilience Act (CRA) is a European regulation which aims to improve cybersecurity and cyber resilience and provides for common cybersecurity standards for products with digital elements.
Adopted by the EU in...more
3/24/2026
/ Cybersecurity ,
EU ,
Governance Standards ,
Manufacturers ,
New Legislation ,
New Regulations ,
Open Source Software ,
Regulatory Oversight ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Software ,
Technology Sector
The EU AI office has published his first draft Code of practice on transparency of AI generated content (the “Code”) providing voluntary guidelines for marking and labelling AI output (audio, image, video or text) ensuring...more
1/28/2026
/ AI Act ,
Artificial Intelligence ,
Audio Recording ,
Deep Fake ,
Disclosure Requirements ,
Emerging Technologies ,
EU ,
Labeling ,
New Guidance ,
Photographs ,
Regulatory Requirements ,
Transparency ,
Video
As part of the EU’s measures to support consumers contracting with online retailers, it has introduced requirements that retailers make it easier for consumers to withdraw from online contracts, by providing clearer (and well...more
1/22/2026
/ Consumer Protection Laws ,
Contract Termination ,
Corporate Counsel ,
E-Commerce ,
EU ,
EU Directive ,
Internet Retailers ,
Member State ,
New Legislation ,
Online Contracts ,
Regulatory Requirements
As anticipated in our 2024 privacy round up, 2025 has proven to be a defining year for data privacy and the broader digital landscape. Significant developments in AI regulation and cybersecurity have emerged, with legislative...more
12/22/2025
/ Advertising ,
AI Act ,
Anonymization ,
Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
New Legislation ,
Online Safety for Children ,
Personal Data ,
Popular ,
Regulatory Reform ,
UK
The EU Data Act (Regulation (EU) 2023/2854), applicable from September 12, 2025, introduces a comprehensive legal framework aimed at enhancing data portability, interoperability, and minimizing dependency on individual...more
12/3/2025
/ Cloud Service Providers (CSPs) ,
Compliance Dates ,
Contract Terms ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Transfers ,
Digital Marketplace ,
EU ,
EU Data Protection Laws ,
New Legislation ,
PaaS ,
Portability ,
Regulatory Requirements ,
SaaS ,
Service Contracts
The EU Data Act (Regulation (EU) 2023/2854), applicable from September 12, 2025, introduces a comprehensive legal framework aimed at enhancing data portability, interoperability, and minimizing dependency on individual...more
11/13/2025
/ Cloud Computing ,
Cloud Service Providers (CSPs) ,
Contract Terms ,
Data Management ,
Data Transfers ,
EU ,
Member State ,
New Regulations ,
Regulatory Requirements ,
SaaS ,
Standard Contractual Clauses
The EU Cyber Resilience Act (Regulation (EU) 2024/2847) ("CRA") establishes mandatory cybersecurity requirements for products with digital elements, encompassing both hardware and software products that connect to networks or...more
11/10/2025
/ Cybersecurity ,
Data Processors ,
Digital Services ,
EU ,
European Commission ,
Hardware ,
Manufacturers ,
Networks ,
New Legislation ,
Risk Assessment ,
Software ,
Supply Chain
In the age of online information and the rise of artificial intelligence, web scraping has become a widespread method for feeding and training AI systems. However, this proliferation presents major legal risks, particularly...more
11/3/2025
/ AI Act ,
Artificial Intelligence ,
CNIL ,
Copyright ,
Copyright Infringement ,
Data Protection ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Intellectual Property Protection ,
Personal Data ,
Web Scraping
On 3 September 2025, the European Court of Justice (“CJEU”) dismissed the action of a Member of the French Parliament, Mr. Philippe Latombe, who had sought annulment of the EU-U.S. Data Privacy Framework (“DPF”)....more
The European Accessibility Act (EAA) came into force on 28 June 2025. It requires that all in-scope products and services placed on the market or provided after that date in the EU must meet specified accessibility...more
8/20/2025
/ Accessibility Rules ,
Enforcement Actions ,
Enforcement Authority ,
EU ,
EU Directive ,
Manufacturers ,
Member State ,
New Legislation ,
Regulatory Requirements ,
Supply Chain ,
Web Content Accessibility Guidelines (WCAG)
As we pass the mid-point of 2025, it’s a good time to review the important developments we have seen in the first 6 months of this year, particularly reforms to the UK’s data protection laws, the EU’s pathway to...more
8/4/2025
/ AI Act ,
Artificial Intelligence ,
Binding Corporate Rules ,
CNIL ,
Connected Cars ,
Cookies ,
Data Privacy ,
Data Processors ,
Data Protection ,
DIFC ,
Digital Marketplace ,
EU ,
European Data Protection Board (EDPB) ,
France ,
General Data Protection Regulation (GDPR) ,
Geolocation ,
Location Data ,
Middle East ,
New Legislation ,
Regulatory Agenda ,
Saudi Arabia ,
Technology ,
Technology Sector ,
UK ,
United Arab Emirates (UAE)
While mobile apps have become one of the major means of access to digital services, their ubiquity is accompanied by significant risks to users' privacy, due to the massive amount of personal data they collect and process....more
2/18/2025
/ CNIL ,
Consent ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
France ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Personal Data ,
Privacy Laws
The CNIL has published its strategic plan for the period of 2025-2028. This is typical of the CNIL, who regularly inform its stakeholders of its priorities....more
1/23/2025
/ Artificial Intelligence ,
CNIL ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Minors ,
Online Safety for Children ,
Personal Data ,
Privacy Laws
As expected in the data privacy and digital space, 2024 shaped up to be a year full of guidance, consultations, regulatory focus areas and legislative updates. Artificial Intelligence (AI) remained a hot topic with...more
1/15/2025
/ Adtech ,
Advertising ,
Artificial Intelligence ,
Cookies ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
EMEA ,
EU ,
International Data Transfers ,
Privacy Laws ,
Regulatory Agenda ,
UK
On 17 December 2024, the European Data Protection Board (EDPB) adopted its opinion on certain data protection aspects related to the processing of personal data in the context of AI models (Opinion). The Opinion comes as a...more
Forming part of the EU’s broader digital and cyber security strategy, the new Network and Information Systems Directive 2022/2555 (NIS2) came into effect on 18 October 2024 (this being the deadline by which the directive is...more
12/6/2024
/ Compliance ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Framework ,
EU ,
EU Directive ,
Infrastructure ,
Member State ,
Risk Management ,
Sanctions
The Cyber Resilience Act (CRA) is a groundbreaking piece of legislation designed to enhance the cybersecurity of digital products and services made available in the EU. Published last week in the Official Journal of the...more
11/26/2024
/ Compliance ,
Cyber Security Incident Response Team (CSIRT) ,
Cybersecurity ,
Digital Goods ,
Distributors ,
ENISA ,
EU ,
Importers ,
Manufacturers ,
Member State ,
New Legislation ,
Penalties ,
Regulatory Authority
As the Paris 2024 Summer Olympic and Paralympic Games (the “Games”) turn onto the final straight, the Games have yet again captured widespread global attention, on and off the track. With over 15.3 million visitors in Paris...more
9/4/2024
/ Algorithms ,
Artificial Intelligence ,
Cameras ,
CNIL ,
Data Privacy ,
Data Protection ,
Data Security ,
France ,
General Data Protection Regulation (GDPR) ,
Olympics ,
Privacy Concerns ,
Public Property ,
Security and Privacy Controls ,
Security Cameras
Following the very recent adoption of the EU Regulation on AI (the AI Regulation) the CNIL (the French data regulator) has issued the second in its series of recommendations for the development of privacy-friendly AI models....more
6/28/2024
/ Advertising ,
Artificial Intelligence ,
CNIL ,
Data Collection ,
Data Controller ,
Data Protection Authority ,
Data Subjects Rights ,
Duty to Inform ,
France ,
General Data Protection Regulation (GDPR) ,
Minors ,
New Guidance ,
Personal Data ,
Regulatory Requirements
A new development in the Castelbajac case, which pits the designer with the eponymous name against the company PMJC, concerning the application for revocation of the trademarks assigned to the latter by the designer. In a...more
5/31/2024
/ Appeals ,
Assignments ,
Counterclaims ,
Court of Justice of the European Union (CJEU) ,
EU ,
France ,
Intellectual Property Protection ,
Revocation ,
Trademark Infringement ,
Trademark Litigation ,
Trademarks ,
Unfair or Deceptive Trade Practices
On 7 March 2024, the Court of Justice of the European Union issued a ruling (C-604/22 | IAB Europe) clarifying the concepts of personal data and controller in the context of the use of a Transparency and Consent Framework...more
5/31/2024
/ Advertising ,
Auction ,
Belgium ,
Competitive Bidding ,
Consent ,
Cookie Banners ,
Court of Justice of the European Union (CJEU) ,
Data Brokers ,
Data Collection ,
Data Controller ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Online Advertisements ,
Personal Data
In a ruling dated 2 April 2024 (Tribunal Judiciaire de Paris, 2 April 2024, RG no. 24/51659), the President of the Tribunal Judiciaire de Paris confirmed that he could no longer be seised in référé (summary proceedings)...more
In a ruling dated 27 March 2024 (Cour de cassation, 27 March 2024, no. 22-21.586), the Cour de cassation reviewed the obligation of website hosts to monitor the content they host....more
We have been talking about it since last year: the bill to secure and regulate the digital space ("SREN") has now been passed. The legislative process leading up to the enactment of the SREN bill has been slow (as a reminder:...more
4/23/2024
/ Cloud Computing ,
Cloud Storage ,
Criminal Code ,
Data Protection ,
Data Protection Acts ,
Digital Platforms ,
EU ,
European Economic Area (EEA) ,
France ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
Minors ,
New Legislation ,
Online Platforms ,
Pornography ,
Public Communications
The CNIL’s newly released recommendations for AI system developers set out the regulator’s expectations for the entire development process of an AI system, from design to database creation and integration, ensuring...more