On 6 February, the EU’s Advocate General Spielmann provided his opinion (the Opinion) in the case of EDPS v SRB (Case C‑413/23 P), advising that the previous judgment of the General Court be set aside and referred for judgment back to it. The Opinion offers some interesting views on how we should consider the effect ..read more

On January 20, in a long-awaited move, the European Commission (EC) announced the integration of the revised Code of Conduct on Countering Illegal Hate Speech Online (the Hate Speech Code) into the regulatory framework of the Digital Services Act (DSA).  Article 45 of the DSA provides for the formation of voluntary codes of conduct at ..read more

Today marks the effective date of the Digital Operational Resilience Act (DORA) and with it, additional incident reporting obligations for in-scope financial entities.  With the aim of standardising the incident reporting process for financial entities throughout the EU, from today, in-scope financial entities must report any ‘major ICT-related incidents’ to their relevant competent authority. 1For ..read more

The European Commission has launched its first set of “specification proceedings” under the Digital Markets Act (“DMA”). “Specification proceedings” are actions taken by the Commission under the DMA which formalises the Commission’s regulatory discussions with a gatekeeper, allowing it to investigate particular compliance points, which can ultimately result in the Commission issuing a decision to ..read more

Recent technological advances in generative AI have transformed the way in which we listen to and create music. Many artists and industry players have readily adopted generative AI, viewing it as a creative force to be harnessed, while others remain wary.  The use of increasingly sophisticated AI tools to generate musical works poses a number ..read more

The Irish Data Protection Commission (DPC) released its 148-page annual report on 29 May 2024 (the Annual Report), highlighting the scope of work and enforcement activities undertaken by the DPC throughout 2023. A full copy of the report is available here. In this series of articles we decode the report – providing an insight into the key points of focus, emerging themes and potential areas of future regulatory developments.  This Article will aim to provide an overview of what we have learned in respect of data breach notifications from this year’s Annual Report, and what future trends i ..read more

On 13 March 2024, the European Parliament and the Council adopted Regulation (EU) 2024/900 on the transparency and targeting of political advertising (the Regulation). The Regulation is now in force, however, the majority of its provisions will not take effect until October 2025. This article aims to provide a summary of the key provisions of the Regulation under the following headings: Scope of the Regulation Transparency and due diligence obligations  Targeting and ad delivery of online political advertising Supervision and enforcement Scope of the Regulation The Regulation is inten ..read more

Introduction Following the political agreement reached on the terms of the EU’s AI Act in December, the EU seems set to lead the way in adopting a novel regulatory framework to regulate the use and development of artificial intelligence (AI). Whilst the spotlight has largely focused on the AI Act, the EU’s AI regulatory framework will extend beyond just that piece of legislation.  Back in September 2022, the EU Commission published a proposed package of additional regulatory measures to support the rollout of AI within Europe. This package comprised of: the proposed AI Liability Directiv ..read more

On 27 November, the final text of the EU’s Data Act (the Act) was formally approved by the European Parliament and the European Council.  It will enter into force 20 days after its publication in the EU’s official journal, which is expected in the coming days. However, the majority of its provisions will only apply 20 months after it enters into force. Scope of the Act The Act, which takes the form of a directly applicable EU regulation, has three central focuses: remove obstacles to the process of switching between providers of “data processing services”  and the portability of dat ..read more

At the start of November, the UK government hosted an AI Safety Summit, intended to provide a forum for in-depth discussions on the challenges and opportunities of AI technology. It attracted a wide array of senior stakeholders from across policy, business, academia and government and appears to show a UK desire to lead in this area. The opening day of the Summit saw the unveiling of the Bletchley Declaration (the Declaration) – a non-binding commitment agreed by the 27 countries whose delegates attended the Summit including USA, China, India and the EU. Although a voluntary declaration, lacki ..read more