The European Commission has published a draft regulation containing further detail on the “technical and methodological” security measures, and cybersecurity incident reporting threshold triggers, under the incoming NIS2 directive (the…
The EU AI Act (the “Act”) has made it through the EU’s legislative process and has passed into law today; it will come into effect on 1 August 2024. Most…
Our top five European data protection developments from May are: UK guidance on ransom payments: The UK NCSC and various insurance industry bodies co-published guidance on key considerations for ransomware…
As the European Union edges ever-closer to formally enacting the EU AI Act, attention is turning to how other jurisdictions will approach AI regulation. In the UK, individual regulators will…
On May 17, 2024, Colorado passed Senate Bill 24-205 (“the Colorado AI Law” or “the Law”), a broad law regulating so-called high-risk AI systems that becomes effective on February 1,…
Despite much fanfare, and a process that seems to edge ever nearer to completion, the EU AI Act still has not been formally adopted. The Act still has to undergo…
Key takeaways from January include: Transparency about data processing and retention: In a reminder of the importance of transparency under the GDPR, and the need for companies to make their…
On 18 March 2024 at 15:00 UK, Avi Gesser and Martha Hirst from the Debevoise Data Strategy and Security Group, in conjunction with the AI UK 2024 symposium, presented on…
Almost a year after it initially published its White Paper on AI Regulation (the “AI White Paper”) and launched its associated consultation, the UK government has published its consultation response…
In 2022, the UK ICO published the International Data Transfer Agreement (“IDTA”) and the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses (“the Addendum”). In short, the…