On September 16, 2025, the European Commission opened a call for evidence to inform a forthcoming “Digital Omnibus” aimed at simplifying and reducing administrative burden across the EU’s data, cybersecurity and AI regulatory frameworks. The initiative sits within the Commission’s simplification agenda and its headline target to cut administrative burden by at least 25% overall (35% for SMEs).
Regulation (EU) 2023/2854 (the Data Act) entered into force on January 11, 2024, and applied from September 12, 2025, with certain provisions phased in through 2026 and 2027. The Data Act is intended to create a harmonized framework for fair access to and use of data across the EU, supplementing the GDPR and sector-specific rules. The Data Act also includes specific requirements on providers of a “data processing service” to enable customers to switch to another provider (or to an on-premise solution)—this is likely to have a significant impact on the global cloud market.
In this week’s News of Note, Disney and Universal target alleged copyright infringement, OpenAI and Mattel team up to bring artificial intelligence to toymaking and China launches its production of the world’s first non-binary AI chip. Elsewhere, Nvidia announces its major expansion into Europe with its first industrial AI Cloud.
Quantum computing (QC) is poised to disrupt cybersecurity in ways that business leaders and legal professionals cannot afford to ignore. But what exactly is quantum computing, why does it pose such a significant threat to encryption, and what should businesses be doing about it today?
A new report issued in May 2024 by the Centre for European Policy Studies (CEPS), an independent thinktank, is the latest development to cause concerns over the EU-U.S. Data Privacy Framework (DPF), predicting that it will likely fail if challenged before the Court of Justice of the European Union (CJEU).
In this week’s edition of Consumer Protection Dispatch, we look at the latest regulatory developments from the U.S. Department of Commerce, Consumer Financial Protection Bureau, and the Securities and Exchange Commission regarding data and AI.
The United Kingdom hosted an Artificial Intelligence (AI) Safety Summit on November 1 – 2 at Bletchley Park with the purpose of bringing together those leading the AI charge, including international governments, AI companies, civil society groups and research experts to consider the risks of AI and to discuss AI risk mitigation through internationally coordinated action.
The UK and U.S. Governments have now formalized the UK-U.S. Data Bridge. The U.S. Attorney General designated the UK as a “qualifying state” for the purposes of the Executive Order 14086 on September 18, 2023, and the UK regulations implementing the Data Bridge are scheduled to take effect on October 12, 2023. From October 12, 2023, the Data Bridge will therefore operate as an extension of the EU-U.S. Data Privacy Framework (DPF) to enable the unrestricted movement of personal data between the UK and certified U.S. entities. For more information about the DPF, see our earlier briefing here.
Alicia McKnight and Brian Finch urge energy industry players to evaluate cybersecurity risks posed by increasingly interconnected and internet-enabled power grids in an article which was published in the latest edition of Pratt’s Privacy & Cybersecurity Law Report.
In this week’s News of Note, ransomware attacks break records and wipe data for a majority of a cloud provider’s customers, while one RaaS case delivers useful details about cybercriminal techniques and tactics. Also, the development of algorithms to protect against quantum computers continues, facial recognition software nabs an elderly criminal, and more.
Internet & Social Media Law Blog