On July 10, 2025, the European Commission (EC) published the final version of the General-Purpose AI Code of Practice (Code). This voluntary instrument provides guidance on how providers of general-purpose AI models (GPAI), including those posing systemic risks (GPAI-SR), can comply with their obligations under the AI Act, which become applicable on August 2, 2025. The Code is structured around three key areas: transparency, copyright, and safety and security. Adherence to the Code is voluntary, but providers who decide not to comply with it may face heightened scrutiny from regulators, as they will be expected to demonstrate AI Act compliance through alternative means.
Continue Reading EU Releases Final Code of Practice for General-Purpose AI ModelsLaura De Boel
EU Commission Launches DSA Consultation on the Protection of Minors Online
Posted in Privacy
On May 13, 2025, the European Commission (EC) published draft guidelines on the protection of minors online. The guidelines outline the proposed measures that the EC expects online platforms accessible to minors to take to protect minors’ privacy, safety, and security in line with requirements under the Digital Services Act (DSA).
Continue Reading EU Commission Launches DSA Consultation on the Protection of Minors OnlineEU AI Office Clarifies Key Obligations for AI Models Becoming Applicable in August
Posted in Privacy
On April 22, 2025, the EU Commission’s AI Office published draft guidelines to clarify the obligations in the EU AI Act for providers of general-purpose AI models (guidelines). These obligations will be applicable to AI…
Continue Reading EU AI Office Clarifies Key Obligations for AI Models Becoming Applicable in AugustEU Data Act Imposes New Data Sharing Obligations
By Laura Brodahl & Laura De Boel on
Posted in Cybersecurity
As of September 12, 2025, the EU Data Act will impose new obligations concerning the sharing of, and access to, data generated by certain products and services offered in the EU. This alert highlights the data sharing obligations for providers of connected devices and related services.
Continue Reading EU Data Act Imposes New Data Sharing ObligationsEU Commission Issues Guidelines on Prohibited AI Practices Under EU AI Act
By Laura De Boel, Maneesha Mithal, Christopher Olsen, Rossana Fol, Roberto Yunquera Sehwani & Karol Piwonski on
Posted in Cybersecurity
On February 4, 2025, the European Commission (EC) issued draft guidelines clarifying the AI practices that are prohibited under the European Union’s (EU) Artificial Intelligence (AI) Act. While non-binding, the guidelines offer valuable clarifications and practical examples to help businesses navigate their obligations under the AI Act. The EC has approved the draft guidelines, but is still to formally adopt them, which is expected in the near term.
Continue Reading EU Commission Issues Guidelines on Prohibited AI Practices Under EU AI ActUpcoming Reporting Obligations Under the EU Digital Services Act
By Laura De Boel, Tom Evans & Claudia Chan on
Posted in Privacy
Services subject to the EU’s Digital Services Act (DSA) will be required to publish their annual transparency report by February 16, 2025. This includes providers of hosting services, online platforms, very large online platforms (VLOP)…
Continue Reading Upcoming Reporting Obligations Under the EU Digital Services Act