On May 21, 2024, France adopted law No. 2024-449 to secure and regulate the digital space. This law grants new enforcement powers and authority to the French Data Protection Authority (CNIL), including to seize documents, record declarations during dawn raids, and enforce certain provisions of the Digital Services Act (DSA) and the Digital Governance Act (DGA).Continue Reading New Enforcement Powers for the French Data Protection Authority (CNIL)

On May 21, 2024, the Council of the European Union (the Council) formally signed off on the latest draft of the European Union’s (EU) Artificial Intelligence Act (AI Act) (see the press release here). This marks the final seal of approval from the EU legislators. The text will officially become law once it is signed by Presidents of the European Parliament and of the Council and published in the Official Journal of the EU. This could take place within the next two to four weeks. However, the law will have phased effective dates, with the first obligations (i.e., the rules on prohibited AI systems) becoming effective at the end of this year.Continue Reading EU AI Act Is Now Adopted

On April 8, 2024, the French Data Protection Authority (CNIL) published recommendations on the development phase of artificial intelligence (AI) systems1 (Recommendations). They are the first set of recommendations designed to guide the various players in the AI ecosystem on how to apply the General Data Protection Regulation (GDPR) to the development of AI systems. The Recommendations are relevant to providers and users of AI systems who process personal data as part of the development of such systems, including fine-tuning already-existing AI systems.Continue Reading French Data Protection Authority Publishes Recommendations on the Development of AI Systems: Seven Takeaways