On 2 August 2025, the second wave of requirements under the EU AI Act (the “Act”) entered into force, following the first implementation phase six months ago. This latest set…
Ahead of the EU AI Act’s (the “Act”) General Purpose AI (“GPAI”) model requirements coming into force on 2 August 2025, EU authorities have released further guidance and Codes of…
The insurance industry has been an early adopter of AI systems, which are reshaping how insurers assess risk, underwrite policies, detect fraud, engage with customers, and conduct their internal business…
Given that AI models require large swathes of data to operate, the GDPR’s expansive definition of personal data means that many applications of AI involve complex data protection issues –…
South Korea has become the latest country to pass a national AI law. The “Basic Act on the Development of Artificial Intelligence and Establishment of Foundation for Trust” (the “Basic…
Our top five European data protection developments from January are: UK ransomware reporting proposals. The UK Government released a consultation on ransomware related legislative proposals, including possible reporting obligations and…
The first wave of the EU AI Act’s requirements came into force on 2 February 2025, namely: Prohibited AI: the ban on the use and distribution of prohibited AI systems,…
As we approach the end of the year, here are the Top 10 Cybersecurity posts on the Debevoise Data Blog in 2024 by page views. If you are not already…
As we approach the end of the year, here are the Top 11 Artificial Intelligence (“AI”) posts on the Debevoise Data Blog in 2024 by page views. If you are…
The European Commission has published a draft regulation containing further detail on the “technical and methodological” security measures, and cybersecurity incident reporting threshold triggers, under the incoming NIS2 directive (the…