EU – Page 2 – CIO.works

Consult the European Vulnerability Database to Enhance Your Digital Security!

ENISA has launched the European Vulnerability Database (EUVD), aimed at enhancing cybersecurity across the EU by providing comprehensive information on vulnerabilities in ICT products and services as mandated by the NIS2 Directive. The database offers actionable insights on cybersecurity vulnerabilities, including mitigation measures, and is accessible to the public, industry stakeholders, and national authorities. It supports better analysis, situational awareness, and risk management while collaborating with various organizations to ensure effective vulnerability disclosure practices.

https://www.enisa.europa.eu/news/consult-the-european-vulnerability-database-to-enhance-your-digital-security

EAA 2025: European Accessibility Act Compliance Deadline Quickly Approaching

By CIO / Blog / EU, regulation, accessibility

EAA 2025 compliance deadline is June 28; EU businesses must ensure digital accessibility for disabled individuals. UsableNet emphasizes urgent action to meet standards (EN 301 549, WCAG 2.1 AA) affecting various sectors. Non-compliance risks enforcement actions and customer alienation. UsableNet provides resources and managed services for compliance support.

https://www.newswire.com/news/eaa-2025-european-accessibility-act-compliance-deadline-quickly-22573171

European Commission Releases Analysis of Stakeholder Feedback on AI Definitions and Prohibited Practices Public Consultations

By CIO / Blog / AI, EU, regulation

European Commission analyzes stakeholder feedback on AI definitions and prohibited practices from public consultations, aiding in the application of the AI Act. Report highlights majority industry responses, calls for clearer definitions, and concerns over prohibited practices like emotion recognition and social scoring. Guidelines issued to assist stakeholders with compliance and will evolve based on feedback and new use cases.

https://digital-strategy.ec.europa.eu/en/library/european-commission-releases-analysis-stakeholder-feedback-ai-definitions-and-prohibited-practices

AI Act Deadline Missed as EU GPAI Code Delayed Until August, Richard Barker

By CIO / Blog / AI, EU, regulation

EU's General Purpose AI Code release missed May 2 deadline; now expected by August, delaying related AI Act provisions. Reasons for delay include allowing feedback and assessing support from AI providers. Political solutions may be necessary if not finalized by August, while tech developers face additional regulatory challenges.

https://thelens.slaughterandmay.com/post/102karg/ai-act-deadline-missed-as-eu-gpai-code-delayed-until-august

NIS2 Directive: New Rules on Cybersecurity of Network and Information Systems

By CIO / Blog / EU, NIS2, regulation

NIS2 Directive enhances EU cybersecurity rules across 18 sectors, requiring member states to develop national strategies, manage risks, report incidents, and establish accountability. It expands coverage beyond energy and healthcare to include public services and digital platforms, fostering cooperation and information sharing among nations through CSIRTs and networks like EU-CyCLONe. This legislation, effective from January 2023, supersedes NIS1, aiming for heightened security amidst rising cyber threats. Member states must comply by October 2024.

https://digital-strategy.ec.europa.eu/en/policies/nis2-directive

Commission Calls on 19 Member States to Fully Transpose the NIS2 Directive

By CIO / Blog / EU, NIS2

19 EU Member States called to transpose NIS2 Directive for cybersecurity by October 2024. Commission issues opinion; non-compliance may lead to legal action.

https://digital-strategy.ec.europa.eu/en/news/commission-calls-19-member-states-fully-transpose-nis2-directive

EU Clarifies AI Act’s Prohibited Practices With New Guidelines

By CIO / Blog / regulation, EU, AI

EU issues guidelines clarifying prohibited AI practices under AI Act. Key prohibitions include manipulative techniques, social scoring, risk assessments for crime prediction, untargeted facial image scraping, emotion recognition in certain settings, biometric categorization of sensitive traits, and real-time biometric identification for law enforcement. Guidelines establish legal certainty, refine definitions, and highlight the interplay with existing EU laws. Safeguards for exemptions will require impact assessments on fundamental rights.

https://natlawreview.com/article/european-commissions-guidance-prohibited-ai-practices-unraveling-ai-act

Status Check: Support Is Quickly Eroding for the EU-U.S. Data Privacy Framework

By CIO / Blog / EU, GDPR, data protection, business objectives

Support for the EU-U.S. Data Privacy Framework (DPF) is declining. Recent deregulation and European concerns threaten its stability. Businesses must retain their DPF certification but prepare alternative data transfer methods. Key issues include the U.S. Privacy & Civil Liberties Oversight Board's weakened status and EU warnings about the DPF's adequacy. European regulators recommend “exit strategies” due to anticipated legal challenges, and advocacy groups are pushing for reduced reliance on U.S. data services. Overall, the landscape for transatlantic data transfers is becoming precarious.

https://www.thefirewall-blog.com/2025/05/status-check-support-is-quickly-eroding-for-the-eu-u-s-data-privacy-framework/

EU Sails Past Deadline to Tame AI Models Amid Vocal US Opposition

By CIO / Blog / regulation, AI, EU

EU fails to meet deadline to regulate AI amid US lobbying, with concerns over new rules following surge in AI use post-ChatGPT. Efforts to establish a “code of practice” for AI models face criticism from US tech firms and concerns from European lawmakers about diluting regulations. The US government has echoed these criticisms, complicating the EU's regulatory ambition. The outcome hinges on cooperation from major AI companies as August 2 compliance deadline approaches.

https://www.politico.eu/article/eu-deadline-artificial-intelligence-models-lobbying/

Corporate Compliance Under the EU Artificial Intelligence Act: Legal Framework and Strategic Implications

By CIO / Blog / AI, EU, regulation

EU's Artificial Intelligence Act establishes a comprehensive legal framework for AI, imposing obligations on companies within and outside the EU. It adopts a risk-based approach requiring compliance assessments, internal policies on generative AI, and ongoing monitoring after deployment. The Act categorizes AI systems by risk level, outlines compliance procedures, and mandates transparency and incident reporting. Non-compliance can result in significant penalties. The Act aims to unify the internal market, mitigate risks, and foster trustworthy AI development. Companies must proactively embrace compliance for strategic advantage.

https://www.leadersleague.com/en/news/corporate-compliance-eu-artificial-intelligence-act