AI & Law

🇪🇺First Scholarly Commentary Focuses on EU GPAI Rules The Leverhulme Centre for the Future of Intelligence at the University of Cambridge and the Institute for Law & AI have launched the first academic commentary dedicated exclusively to the general-purpose AI (GPAI) model provisions of the EU AI Act. The project addresses regulatory uncertainty surrounding GPAI systems, particularly models that may present systemic risk. Rather than promoting a single interpretation, the commentary analyzes each provision by outlining where the law is clear, where ambiguity remains, and the strongest legal arguments on competing sides. The initiative launches with Chapter V of the AI Act, with additional articles to be released on a rolling basis. #AIRegulation#EUAIAct#GPAI#LegalResearch#AIGovernance

🇪🇺EU AI Act FAQ Updated with Guidance on Agentic AI The European Commission’s AI Act Service Desk added a new section on agentic AI to its FAQ guide under the AI Pact. The update introduces key definitions related to “AI agents” and “agentic AI” and outlines how such systems are addressed within the AI Act framework. The guidance highlights that existing AI Act provisions apply to agentic AI, with particular emphasis on Article 5(1) prohibitions concerning harmful manipulation and exploitation of vulnerabilities, identifying these rules as especially relevant for this category of systems. #AIRegulation#EUAIAct#AgenticAI#AIgovernance#DigitalPolicy

🇪🇺EU Rights Bodies Warn on AI Act Amendments in Digital Omnibus Equinet and ENNHRI issued a joint statement raising concerns over proposed amendments to the AI Act within the Digital Omnibus package. The organizations state that changes are being advanced without sufficient impact assessments or public consultation, potentially affecting fundamental rights protections. They also highlight that the AI Act only entered into force on 1 August 2024, with most obligations applying from 2 August 2026, making meaningful assessment of its effects premature. The statement stresses the European Commission’s obligations under EU Treaties and Better Regulation Guidelines to ensure transparent consultation and evidence-based policymaking. It also warns that simplifying regulation based on company size rather than AI system risk could have systemic consequences, given the dominance of SMEs and Small Mid-Caps in the EU economy. Equinet and ENNHRI recommend preserving core safeguards, including AI system registration, powers of fundamental rights authorities, high-risk system timelines, strict necessity standards, AI literacy obligations, and key information requirements. They also oppose weakening GDPR definitions of personal data and proposed changes to automated decision-making rules. #AIRegulation#EUAIAct#FundamentalRights#DigitalPolicy#GDPR

🇪🇺EDPS Defines Role Under the EU AI Act The European Data Protection Supervisor (EDPS) published a report outlining its responsibilities as the AI Act market authority for AI systems used by EU institutions. The document sets out priority areas for the next two years as the EDPS assumes its new supervisory role. The report details the EDPS’s tasks under the AI Act mandate, the operational context for exercising its authority, and four strategic pillars that will guide its work as a market authority. #AIRegulation#EUAIAct#DataProtection#AIgovernance#EDPS

🌐📖Holistic AI: “AI Regulations in 2026” Maps Compliance by Sector Holistic AI released a new ebook, AI Regulations in 2026, describing 2025 as a mixed year for AI regulation: policy attention remained high in HR tech, financial services, insurance, and generative AI, while both the US and EU made efforts to soften or withdraw certain AI rules. The report shifts from a country-by-country format to a sector-based approach to help organizations identify relevant obligations by use case. Key themes highlighted include non-discrimination and transparency in HR tech (including notice requirements and bias audits), sandbox-style oversight for AI in financial services, and insurance-specific regulation alongside reliance on existing regulatory frameworks, including laws such as Colorado’s SB169. The ebook also notes increasing scrutiny of AI-driven dynamic pricing in the US, targeting areas such as rent and ticket pricing. Generative AI remains a regulatory priority globally, with laws focusing on deepfakes, AI use in the judiciary, and AI companions with disclosure requirements. The report emphasizes that risk-based frameworks, especially the EU AI Act, continue to shape global approaches, while international cooperation is growing through initiatives linked to UNESCO, the UN, the Council of Europe, and ASEAN. Holistic AI recommends proactive compliance through system inventorying and lifecycle safeguards. #AIRegulation#AIGovernance#Compliance#EUAIAct#HRTech#FinTech

🌐📖Responsible AI Governance in 2025: From Principles to Practice The Responsible AI Governance Network (RAGN) published "The 2025 Responsible AI Governance Landscape: From Principles to Practice" in December 2025. The report maps how AI governance evolved during 2025, highlighting five major shifts: the EU AI Act moving into enforcement, the coexistence of three non-converging governance models, the rise of board-level accountability, tensions between frontier and open-source AI, and courts increasingly shaping standards through litigation. The report includes sector-specific snapshots for healthcare, HR, finance, and public procurement, and examines the operational cost of AI governance, including staffing, tooling, and audits. It also provides a 30–60–90 day implementation roadmap with a maturity self-assessment designed for organizations deploying or overseeing AI systems. The publication documents concrete governance practices observed in 2025, such as cross-functional governance teams, continuously updated documentation, CI/CD-integrated controls, independent audits for high-risk systems, and ongoing monitoring instead of one-off assessments. It also identifies common implementation failures, including checkbox compliance, fragmented tooling, accumulated documentation debt, and governance processes that exist only formally. #AIandLaw#ResponsibleAI#AIGovernance#EUAIAct#AICompliance#TechRegulation

🇪🇺Europe’s “Digital Omnibus on AI”: A Strategic Recalibration Before the EU AI Act Goes Live Law firm Cooley has summarised the European Commission's proposed “Digital Omnibus on AI” (19 November 2025) to streamline EU AI Act implementation, ease compliance burdens and adjust compliance deadlines before full application on 2 August 2026. Key amendments include: ✔️ extended timelines for high-risk AI requirements, delayed until harmonised standards are ready; ✔️ extended grace periods for legacy AI systems giving generative AI providers six months extra (until 2 February 2027) to meet transparency obligations like content watermarking; ✔️ broader application of the bias mitigation derogation allowing all AI providers and deployers to process sensitive data to reduce bias regardless of risk level; ✔️ deletion of registration requirements for non-high-risk AI systems under Annex III; ✔️ codes of practice lose hard-law pathway; ✔️ clarifications on conformity assessment procedures for embedded AI; ✔️ scrapped post-market monitoring templates; ✔️ new provisions introducing EU-level regulatory sandboxes; ✔️ extending SME reliefs to small mid-caps; and ✔️ granting the Commission’s AI Office exclusive supervisory authority over AI systems based on general-purpose AI models. The proposal now proceeds to the Council and Parliament, with trilogue negotiations expected and considerable time pressure to finalise changes before August 2026. #AI#EUAIAct#AIRegulation#AIGovernance

🇳🇱Netherlands Issues Practical Guidance on EU AI Act Compliance The Dutch Ministry of Economic Affairs has released a detailed report outlining how organizations can comply with the EU AI Act. The document clarifies requirements for general-purpose AI models, high-risk AI systems, and the safeguards needed to ensure data protection and transparency. By breaking down obligations across risk categories, the guidance aims to help companies navigate the EU AI Act’s technical and legal standards more effectively, ensuring that deployment of AI systems aligns with both regulatory and ethical expectations. #EUAIAct#AIlaw#EUregulation

📖AI and Fundamental Rights: New Open-Access Book on the EU AI Act The open-access book "AI and Fundamental Rights, The AI Act of the European Union and its implications for global technology regulation" is now available for download. Published by the Institute for Digital Law Trier, the volume brings together leading experts to analyze how the EU AI Act interacts with fundamental rights in the digital age. The book highlights how the European Court of Justice has evolved over the past 10–15 years from focusing primarily on internal market freedoms to playing a pivotal role in safeguarding fundamental rights. This context is critical as the EU AI Act introduces new obligations that could shape not only European but also global approaches to AI governance and human rights. #AIlaw#EUAIAct#FundamentalRights ##DigitalRights

🇩🇪Germany’s Digital Minister Calls for a Leaner, More Innovation-Friendly AI Act Germany’s Federal Minister for Digital Transformation and Government Modernisation, Karsten Wildberger, has voiced sharp concerns over the EU AI Act, describing it as “overloaded and too complex.” Speaking to Euractiv, he argued that while addressing risks is essential, the current regulatory framework imposes excessive bureaucracy that could hinder innovation. Wildberger backed the European Commission’s plan to create AI training hubs, or “gigafactories,” as a step toward strengthening Europe’s technological capacity. His position underscores a tension within EU policymaking—balancing robust safeguards with an enabling environment for AI development. #AIRegulation#EUAIAct#Germany#DigitalPolicy

🇪🇺EU Mandates Transparency on AI Training Data for GPAI The EU has released its official template for the mandatory training data summary required under Article 53(1)(d) of the EU AI Act. Starting August 2, providers of general-purpose AI models must publicly disclose a sufficiently detailed overview of the content used for model training. This includes naming major datasets, public or private, and offering narrative context for other sources, as clarified in Recital 107. This is a structural shift in regulatory expectations. AI developers can no longer obscure data provenance or sidestep questions of copyright and data protection. The summary isn’t just a compliance formality, it’s a mechanism for enforcement. Rights holders and regulators finally gain a clear window into the inputs behind powerful AI systems. #GPAI#EUAIAct

🇪🇺 EU AI Act: Voluntary Code, Strategic Signal The EU AI Office is now officially inviting general-purpose AI model providers to sign the General-Purpose AI Code of Practice. Signing is voluntary — but strategic. Companies like OpenAI and Mistral have already committed, signaling alignment with the EU’s emerging regulatory expectations. Signatories gain more than reputational capital: the EU Commission will prioritize monitoring adherence to the code rather than imposing full administrative scrutiny. This approach offers regulatory predictability and reduced compliance burden — a clear incentive ahead of the AI Act’s enforcement starting 2 August 2025. The list of signatories will be published on 1 August 2025. #AIRegulation#EUAIAct#GPAI#AIEthics # #OpenAI#Mistral