Commission Launches Work on a Code of Practice on Marking and Labelling AI-generated Content
EU launches code for marking AI-generated content, tackling misinformation. Transparency rules enforce clear labeling by 2026, enhancing public trust.
EU launches code for marking AI-generated content, tackling misinformation. Transparency rules enforce clear labeling by 2026, enhancing public trust.
The ECJ clarified that pseudonymized data does not always constitute personal data under the GDPR; its classification depends on whether the recipient can reasonably reidentify individuals by considering technical, organizational, and legal factors. The perspective of the data recipient is critical; if they cannot realistically identify individuals, GDPR does not apply to that data. However, this is not an unlimited exemption—if reidentification is possible through access or contractual means, the GDPR requirements still apply. Data controllers must still be transparent, document their processes carefully, and regularly update their assessments and contracts. This decision may reduce GDPR compliance burdens and encourage broader data use for analytics and AI, provided that the risks of reidentification are effectively managed.
https://www.jdsupra.com/legalnews/in-a-landmark-decision-eu-court-7439040/
EU regulators are slow to define rules for regulating ChatGPT, despite its rapid user growth. OpenAI's chatbot must comply with the EU's Digital Services Act (DSA) and AI Act, but clarity on its categorization and requirements is lacking until mid-2026. The discrepancy between these laws and their alignment with ChatGPT's functionalities pose challenges in assessing risks, particularly regarding public health and elections. Potential penalties for non-compliance could be substantial.
https://www.politico.eu/article/eu-chatgpt-ai-digital-law-tech-openai-regulations-legal/
EU's AI Act lacks regulation for biological AI models (BAIMs) which could pose significant biosecurity risks. Despite recognizing biological threats, existing guidance primarily applies to general-purpose AI like language models, leaving BAIMs potentially unregulated. Clarifying that BAIMs can be classified under the Act is crucial to prevent misuse and enhance safety, as these models can facilitate dangerous biological actions while the current laws create a regulatory blind spot. Timely intervention is essential as BAIM capabilities develop, ensuring oversight aligns with emerging biological risks.
https://www.techpolicy.press/biological-ai-is-slipping-through-europes-ai-law-for-now/
European agencies, like Austria's Ministry of Economy, are increasingly migrating to open-source solutions (e.g., Nextcloud) to achieve digital sovereignty and control over sensitive data, distancing from US tech giants. This trend reflects broader efforts across Europe to manage data sovereignty, encourage local solutions, and ensure compliance with privacy regulations. While some migrations are successful, others face challenges requiring careful planning to avoid disruptions.
EU Commission released draft guidance on reporting serious AI incidents under Article 73 of the EU AI Act, requiring high-risk AI system providers to notify authorities of serious incidents. Comments accepted until Nov 7, 2025; final guidance expected to apply from Aug 2, 2026. Key points include broad definitions of “serious incidents,” tight reporting timelines, and potential penalties for non-compliance. Companies must establish clear reporting processes to meet obligations and align with other regulatory requirements.
Europe's AI Act and Apply AI Strategy aim for values-based AI regulation and innovation, despite pressure from US tech companies to delay enforcement. Effective regulation is crucial for trust, investment security, and consumer protection. Europe’s technological and democratic sovereignty hinges on prioritizing public values over mere market convenience. The goal is a complementary AI Democracy Action plan to enhance governance and reduce dependency on US tech, affirming Europe's commitment to democratic digital sovereignty and fundamental rights.
https://www.techpolicy.press/europe-wrote-the-ai-rulebook-can-it-deliver-on-its-ambitions/
Europe’s new sustainability reforms aim to simplify corporate reporting and due diligence, raise the company size thresholds, and remove EU-wide liability for sustainability harms. While supporters say this reduces compliance costs, critics argue it weakens accountability and Europe’s standing in global sustainable finance. Early evidence shows substantial progress from companies under the original rules, but concerns remain that deregulation could result in less reliable data, transparency gaps, and weaker market trust. The outcome is uncertain, as lawmakers have rejected the current reform proposal, and the final approach will shape both Europe’s market credibility and global influence in sustainability standards.
Italy has enacted its first national AI law, effective October 10, 2025, complementing the EU AI Act. The law emphasizes principles of transparency, accountability, and human oversight in AI, clarifying that AI must support rather than replace human decisions. It mandates disclosure to employees when AI is used in hiring and performance evaluation, and enforces data protection aligned with GDPR. It allows pseudonymized data for research under safeguards, penalizes AI-generated deepfakes, and restricts data mining for copyright compliance. Implementing decrees are expected within a year, requiring businesses to adapt governance frameworks and ensure compliance.
https://www.fisherphillips.com/en/news-insights/italy-enacts-first-national-ai-law-in-europe.html
EU AI Act is world's first comprehensive AI law promoting innovation and protecting health, safety, and rights. It categorizes AI systems by risk, with compliance phased in by 2027. High-risk systems face stringent obligations; unacceptable risks are prohibited. The Act emphasizes transparency, human oversight, and adapts to technological changes. Support exists for SMEs, ensuring streamlined processes and reduced burdens. AI literacy is critical for compliance. The Act addresses various areas like biometric data and outlines specific prohibitions, ensuring responsible AI use.