Search

The Artificial Intelligence Act (AI Act), adopted in June 2024, is the world’s first comprehensive regulatory framework for AI. It sits at the centre of the EU’s broader digital rulebook, alongside the General Data Protection Regulation (GDPR), the Data Act, the Digital Services Act (DSA), the Digital Markets Act (DMA), the Cyber Resilience Act (CRA), and the NIS2 Directive. Together, these laws aim to promote safety, trust, and competitiveness in Europe’s digital economy. However, questions arise ...

Recent assessments have highlighted shortcomings in the enforcement of the European Union's General Data Protection Regulation (GDPR). These include lengthy procedures, divergent practices, and functional flaws. In response, EU lawmakers negotiated additional procedural rules to ensure the swift and consistent resolution of cross-border cases and to harmonise parties' rights during the procedure. Parliament is set to vote on the provisional agreement reached with the Council on the proposed changes ...

The Data Act aims to create value from data generated by connected products and services, by introducing data-sharing obligations. The principles enshrined in the Act have received general approval, but concerns have been expressed about the clarity of certain definitions, the sharing of commercially sensitive data and its regulatory complexity. Most provisions of the Data Act will apply from 12 September 2025.

Since the 2014 invalidation of the Data Retention Directive, the EU legal landscape has become fragmented, causing uncertainty for providers and challenges for law enforcement. With a Commission proposal likely and growing Member State support for a more permissive EU regime, a solid understanding of relevant CJEU case law may help inform Parliament's assessment. Over the past decade, CJEU case law has set detailed requirements for data retention. Laws must respect proportionality and necessity, ...

The EU's High-Level Group on access to data for law enforcement (HLG) has identified digital forensics as one of three key areas requiring progress to allow law enforcement agencies to fight crime effectively, together with data retention and lawful interception. Member States possess the expertise and have the capacity to engage in digital forensics, defined as the collection, analysis and preservation of digital evidence stored in any digital form on an electronic device. However, the ability of ...

Momentum is building around data protection reform, with the European Commission proposing targeted changes to ease compliance for small and mid-cap enterprises, and the United Kingdom (UK) adopting broad reforms at its third attempt. The UK's reform proposals, aimed at boosting economic growth and innovation, focused on reducing administrative burdens, promoting data reuse for research, and facilitating artificial intelligence development. However, critics warned these reforms unduly weaken fundamental ...

While Europeans are adopting TikTok at a remarkable pace, recent headlines on addictive design, data protection violations, election interference, incendiary content and child sexual exploitation incidents are casting a shadow over its success. This briefing maps the key issues associated with the platform and outlines the European Union's (EU) legal framework to facilitate parliamentary discussions on recent developments, inform debates on future legislation such as the digital fairness act, and ...

The IA supports the above proposals with a qualitative assessment of legal, social and economic impacts, complemented by quantified estimates of costs and savings of procedural and administrative costs. Impacts on fundamental rights and digitalisation are also assessed, including concerns raised by stakeholders with respect to data protection. The IA follows a clear intervention logic and is based on solid internal and external sources and various stakeholder consultations. It clearly makes an effort ...

The United Kingdom (UK) adequacy decisions are set to expire on 27 June 2025, unless the European Commission reaffirms that the UK continues to ensure an 'essentially equivalent' level of data protection to the EU's. Critics raised concerns that recent and ongoing UK reforms could jeopardise the renewal of these decisions.

After the entry into force of the Artificial Intelligence (AI) Act in August 2024, an open question is its interplay with the General Data Protection Regulation (GDPR). The AI Act aims to promote human-centric, trustworthy and sustainable AI, while respecting individuals' fundamental rights and freedoms, including their right to the protection of personal data. One of the AI Act's main objectives is to mitigate discrimination and bias in the development, deployment and use of 'high-risk AI systems ...