AI & Law

🇦🇪DIFC to Enforce AI-Specific Obligations Under Regulation 10 Starting January 2026, the Dubai International Financial Centre (DIFC) will actively enforce Regulation 10, which governs the use of autonomous and semi-autonomous systems processing personal data. The framework applies not only to AI providers, but critically to deployers, including organisations using third-party AI systems, shifting regulatory focus to those who benefit from and control AI-driven decisions. Regulation 10 applies to systems that autonomously process personal data, generate outputs, and operate with limited or no human intervention. Its scope is technology-neutral: rule-based systems may qualify alongside machine-learning models. Where such systems are used for “high-risk processing”, including large-scale data processing, special category data, employee monitoring, or automated decisions with significant effects, deployers must appoint an Autonomous Systems Officer and obtain certification for the specific system. Certification is mandatory for commercial high-risk use. Unlike traditional data protection rules, Regulation 10 focuses on decision-making processes across the AI lifecycle. It imposes detailed obligations on deployers and operators, including enhanced transparency about system logic, registers of autonomous processing activities, evidence of design standards, and mechanisms enabling data subject rights. Organisations that delay preparation ahead of the 1 January 2026 compliance deadline face material operational and compliance risks. #AIRegulation#DIFC#AICompliance#DataProtection

🌐📖Responsible AI Governance in 2025: From Principles to Practice The Responsible AI Governance Network (RAGN) published "The 2025 Responsible AI Governance Landscape: From Principles to Practice" in December 2025. The report maps how AI governance evolved during 2025, highlighting five major shifts: the EU AI Act moving into enforcement, the coexistence of three non-converging governance models, the rise of board-level accountability, tensions between frontier and open-source AI, and courts increasingly shaping standards through litigation. The report includes sector-specific snapshots for healthcare, HR, finance, and public procurement, and examines the operational cost of AI governance, including staffing, tooling, and audits. It also provides a 30–60–90 day implementation roadmap with a maturity self-assessment designed for organizations deploying or overseeing AI systems. The publication documents concrete governance practices observed in 2025, such as cross-functional governance teams, continuously updated documentation, CI/CD-integrated controls, independent audits for high-risk systems, and ongoing monitoring instead of one-off assessments. It also identifies common implementation failures, including checkbox compliance, fragmented tooling, accumulated documentation debt, and governance processes that exist only formally. #AIandLaw#ResponsibleAI#AIGovernance#EUAIAct#AICompliance#TechRegulation

🇺🇸NYC Bar: Ethical Limits on AI Recording of Client Conversations The New York City Bar Association has issued Formal Opinion 2025-6 on the use of AI tools to record, transcribe, and summarize attorney-client conversations. The opinion analyzes how the New York Rules of Professional Conduct apply to audio and video calls where either party uses AI for capture and post-processing. While lawyers may choose not to use such tools, opting in triggers specific ethical duties. The Opinion states that attorneys should obtain client consent before recording a conversation and assess whether recording, transcription, or summarization is tactically appropriate in the circumstances, particularly in light of confidentiality and attorney-client privilege. Where AI-generated transcripts or summaries may be retained or relied upon, lawyers must review them for accuracy. If a lawyer knows that a client is using AI to record a call, the lawyer should advise the client of the potential disadvantages of doing so. The Opinion positions AI recording tools not as neutral utilities, but as practices that require active ethical judgment and informed consent. #AIandLaw#LegalEthics#ProfessionalResponsibility#AttorneyClientPrivilege#AICompliance

🇺🇸Khan v. Figma The Khan v. Figma lawsuit highlights a core governance challenge in the AI era: whether companies can unilaterally repurpose user-generated content for model training after years of promising not to. The complaint alleges that Figma, long positioned as a trusted cloud-based environment for design collaboration, quietly switched on “Content Training” for large segments of its user base in 2024, enabling the company to train generative-AI models on proprietary creative assets, trade secrets, and commercially sensitive material. For a platform whose value depends on users uploading IP-protected content, the shift represents a fundamental break in expectations. The case underscores a deeper structural pressure: as AI competitiveness becomes a valuation driver, even non-AI-native platforms may be incentivized to tap their data reservoirs, regardless of earlier contractual commitments. #AI#IntellectualProperty#AICompliance#AIEthics

🇺🇸FTC Targets Workado for Misleading AI Accuracy Claims The U.S. Federal Trade Commission has taken action against AI company Workado for allegedly making false and unsupported claims about its AI Content Detector. Workado advertised its tool as being 98% accurate in identifying whether text was generated by AI or written by a human. Independent testing revealed a stark contrast: the tool achieved only 53% accuracy on general-purpose content, far below the company's claims. The FTC's order underscores growing regulatory attention on transparency and accountability in AI marketing practices. #AIRegulation#FTC#AICompliance#AIEthics

🇺🇸Warner Bros. Joins the Fight: Copyright Lawsuit Against Midjourney Warner Bros. has filed a lawsuit against Midjourney, accusing the AI platform of willfully generating images and videos featuring its iconic characters, including Superman, Batman, Bugs Bunny, Daffy Duck, and Tom & Jerry. The studio alleges Midjourney removed safeguards that previously blocked users from creating IP-infringing videos, calling the company’s approach a “brazen” disregard for copyright law. The lawsuit mirrors recent actions by Disney and Universal, represented by the same legal team, asserting that AI-generated outputs closely resembling copyrighted characters violate intellectual property rights. Studios argue that Midjourney could maintain its service while enforcing guardrails to prevent infringement, while Midjourney’s lawyers accuse the companies of hypocrisy for opposing “industry standard” AI practices while seeking to benefit from AI’s potential. #AIRegulation#CopyrightLaw#AIandIP#WarnerBros#Midjourney#AIEthics#AICompliance

📖Companies Partner on AI Law Platform to Help Scale Common Governance Practices To address the growing complexity of AI regulation, Luminos.AI and ZwillGen have launched the "ZwillGen Law Library", a new platform designed to automate legal risk assessments and benchmark compliance with frameworks such as the EU AI Act and the Colorado AI Act. The tool also enables technical testing of AI models for bias and deidentification risk. This partnership signals a shift from fragmented legal interpretation to scalable, embedded governance infrastructure. #AI#AICompliance#AIGovernance

🇫🇷France Launches PANAME: Building Tools to Audit AI Privacy France's CNIL has announced PANAME (Privacy Auditing of AI Models) — a new joint initiative with national digital regulators and research institutions to develop auditing tools for AI systems trained on personal data. The project aims to evaluate how well these models safeguard privacy and to publish a catalog of auditing instruments, with an emphasis on open-source accessibility. By leading the development of concrete, testable tools for privacy risk assessment in AI, CNIL positions Europe to move beyond principles into enforcement. PANAME is not just a technical step — it’s a governance strategy that seeks to embed accountability directly into AI infrastructure. #AICompliance#CNIL#AIRegulation#DataProtection

🇪🇺AI Literacy Is Now a Legal Requirement in the EU: How it Works? As of February 2, 2025, Article 4 of the EU AI Act is in force—and with it, a new legal obligation: AI literacy is no longer optional. Providers and deployers of AI systems must ensure that their personnel, and anyone handling AI systems on their behalf, have sufficient understanding of how these systems function, what risks they carry, and how they interact with the people affected by them. The European AI Office has just released detailed Q&A guidance to clarify what this means in practice. It addresses the definition of “AI literacy,” how to assess adequate knowledge levels based on staff education, experience, and use context, and how enforcement will be handled. This is a significant compliance shift—especially for companies deploying AI in sensitive sectors. Training and governance functions will now need to be legally auditable. #AIAct#AILiteracy#AICompliance#AIGovernance

🇪🇺A Collaborative Milestone: Second Draft of General-Purpose AI Code of Practice The second draft of the General-Purpose AI Code of Practice has been unveiled, reflecting extensive collaboration among nearly 1,000 stakeholders, including EU Member State representatives and international observers. This draft incorporates insights from November 2024 Working Group meetings, interactive polls, and 354 written submissions on the first draft. AI model providers also contributed through dedicated workshops, ensuring that industry perspectives were well-integrated. The Code offers a roadmap for general-purpose AI model providers to align with the AI Act, focusing on compliance throughout a model's lifecycle. Its importance is underscored by the impending regulations effective August 2, 2025, particularly for newly released models. The next steps include Working Group meetings in January 2025 to address technical risk mitigation, transparency, governance, and copyright rules. A third draft is anticipated by mid-February 2025, marking a critical step toward operationalizing AI governance. #AIRegulation#AICompliance#AIGovernance

EDPB Releases Key Opinion on AI and Data Protection The European Data Protection Board (EDPB) has issued Opinion 28/2024, addressing critical questions about personal data processing in AI model development and deployment under GDPR. Key insights include: ✅ When and how an AI model can be considered ‘anonymous.’ ✅ Demonstrating legitimate interest as a legal basis in both development and deployment phases. ✅ Consequences of unlawful data processing during development on subsequent model operations. While the opinion focuses on compliance with legitimate interest, it highlights that satisfying this requirement doesn’t exempt companies from other GDPR provisions. This nuanced guidance is a must-read for navigating AI and data protection in the EU. #AI#GDPR#DataProtection#AICompliance#EDPB

The EU Drafts the Future: First General-Purpose AI Code of Practice Released The EU has unveiled the first draft of its "General-Purpose AI Code of Practice". This foundational document, developed by the European AI Office and independent expert groups, aims to provide actionable guidance for providers of general-purpose AI models. Key takeaways include a focus on systemic risk assessment, transparency in training datasets, and detailed compliance procedures aligned with the forthcoming AI Act. This draft is open for feedback and marks a critical step in establishing operational measures and KPIs for responsible AI deployment. As outlined in Article 56(2) of the AI Act, the code addresses systemic risk mitigation, proportionality in risk management, and adapting to market and technological changes. While not final, this initiative sets a precedent for harmonizing AI governance in Europe and beyond. #AICompliance#EUAIAct#AIRegulation