This summer, the UK enacted the long-anticipated Data (Use and Access) Act 2025 (“DUAA”), the first major amendments to the UK’s data protection legislation since Brexit. The changes include substantial…
On 2 August 2025, the second wave of requirements under the EU AI Act (the “Act”) entered into force, following the first implementation phase six months ago. This latest set…
Ahead of the EU AI Act’s (the “Act”) General Purpose AI (“GPAI”) model requirements coming into force on 2 August 2025, EU authorities have released further guidance and Codes of…
The insurance industry has been an early adopter of AI systems, which are reshaping how insurers assess risk, underwrite policies, detect fraud, engage with customers, and conduct their internal business…
Our top-five European data protection developments from February are: European Commission publishes guidelines on prohibited AI practices: The EU Commission has published non-binding guidance on the EU AI Act’s prohibited…
South Korea has become the latest country to pass a national AI law. The “Basic Act on the Development of Artificial Intelligence and Establishment of Foundation for Trust” (the “Basic…
Our top five European data protection developments from January are: UK ransomware reporting proposals. The UK Government released a consultation on ransomware related legislative proposals, including possible reporting obligations and…
The first wave of the EU AI Act’s requirements came into force on 2 February 2025, namely: Prohibited AI: the ban on the use and distribution of prohibited AI systems,…
Our top-eleven European data protection developments for the end of 2024 are: EU Cyber Resilience Act: The Council of the European Union approved the Cyber Resilience Act, introducing cybersecurity requirements…
As we approach the end of the year, here are the Top 10 Cybersecurity posts on the Debevoise Data Blog in 2024 by page views. If you are not already…