Categories
Archives
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
Data Matters
Cybersecurity, Privacy, Data Protection, Artificial Intelligence, Internet Law, and Policy
EU Digital Omnibus: Implications for MedTech Companies
The European Commission (Commission) released its Digital Omnibus package, which aims to streamline and recalibrate certain aspects of the fast-growing body of EU digital regulations, on November 19, 2025. Rather than rewrite the core legislative instruments, including Regulation (EU) 2024/1689 (AI Act), Regulation (EU) 2016/679 (GDPR), Regulation (EU) 2023/2854 (Data Act) and Directive (EU) 2022/2555 (NIS2), the Commission has opted for a series of targeted amendments intended to reduce overlap, smooth implementation and increase legal certainty. The Digital Omnibus package is now open for review for an eight-week period, which is being extended until the proposals are available in all EU languages, allowing stakeholders to comment directly on the Commission-adopted texts before negotiations progress in the Parliament and Council.
(more…)
Francesca Blythe
London
fblythe@sidley.com
William RM Long
London
wlong@sidley.com
Elisabetta Righini
Brussels
erighini@sidley.com
Josefine Sommer
Brussels
jsommer@sidley.com
Eva von Mühlenen
Geneva
emuhlenen@sidley.com
Belinda Baum
Brussels
belinda.baum@sidley.com
EU Digital Omnibus: The European Commission Proposes Important Changes to the EU’s Digital Rulebook
On November 19, 2025, the European Commission officially adopted a proposal for the Digital Omnibus package. Specifically, the Digital Omnibus package consists of two legislative proposals, a Digital Omnibus on AI and a general Digital Omnibus (Digital Legislation Omnibus). The proposed package marks the Commission’s first step toward optimising the EU’s digital rulebook. It draws on more than a year of preparatory work and extensive stakeholder feedback: businesses across a number of different sectors have highlighted concerns about regulatory overlap, uneven national implementation and the need for clearer cross-regime rules and streamlined reporting.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Clive Gringras
London
clive.gringras@sidley.com
William RM Long
London
wlong@sidley.com
Elisabetta Righini
Brussels
erighini@sidley.com
Josefine Sommer
Brussels
jsommer@sidley.com
Texting in Texas: Texas AG Settlement Clarifies No Registration Needed for Consent-Based Text Messaging
Businesses that obtain consent prior to sending text marketing messages in Texas can breathe a cautious sigh of relief: the Texas Attorney General (Texas AG) has clarified that recent amendments to Texas’ telephone solicitation and telemarketing law enacted through Senate Bill 140 should not be interpreted to require such businesses to complete onerous registration requirements including posting of a $10,000 security bond and detailed disclosures about business owners, officers, directors and sales managers.
(more…)
Jonathan M. Wilan
Washington, D.C.
jwilan@sidley.com
Ian M. Ross
Miami
iross@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Garrett Lance
Washington, D.C.
glance@sidley.com
Data Protection in Financial Services Week 2025 – Webinar Recordings Now Live
Data Protection in Financial Services (DPFS) Week 2025 consisted of a series of webinars featuring industry leaders who offered invaluable insights on balancing AI with privacy, cybersecurity, and regulatory challenges within the financial services industry. DPFS Week was relevant to all those in financial services, including those in banking, insurance, fintech, funds, payments, private equity, securities, wealth management, and other sectors.
(more…)
Michael Hochman
Washington, D.C.
michael.hochman@sidley.com
Jennifer Seale
Washington, D.C.
jseale@sidley.com
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Thomas D. Cunningham
Chicago
tcunningham@sidley.com
Stephen W. McInerney
Chicago
smcinerney@sidley.com
U.S. FDA and CMS Actions on Generative AI-Enabled Mental Health Devices Yield Insights Across AI Product Development
Industry is increasingly exploring the use of AI chatbots to potentially diagnose and treat various medical conditions, including in the area of mental health. FDA is just beginning to develop its regulatory framework for approved, cleared, or authorized devices in the mental health space based on generative AI technology. The medtech industry, healthcare providers, and the public are closely watching FDA developments and guidance regarding the use of generative AI across the medical device space.
(more…)
Rebecca K. Wood
Washington, D.C.
rwood@sidley.com
Deeona R. Gaskin
Washington D.C.
dgaskin@sidley.com
Elizabeth Hardcastle
Washington, D.C.
ehardcastle@sidley.com
Andrew James
Washington, D.C.
ajames@sidley.com
Abigail K. Caroll
Washington, D.C.
abigail.carroll@sidley.com
The UK’s First Copyright vs. AI Decision: Key Takeaways on a Win for the AI Industry
The UK’s first “Copyright vs. AI” decision (Getty Images (US) Inc & ors vs. Stability AI Limited [2025] EWHC 2863 (Ch)) marks a clear win for the artificial intelligence industry. The English High Court raised the rhetorical question on the industry’s lips, “whether this judgment will, in reality, have anything to say on the balance to be struck between the two warring factions…”. The Judge’s answer is clear: the case does not answer whether training and development of AI models in the UK is an indefensible infringement of copyright. As to deployment of that trained model, the High Court concluded that an AI model itself cannot constitute an infringing copy. On Stability AI’s reproduction of the Getty trademarks, the High Court found that there was a historic and limited infringement.
(more…)
Clive Gringras
London
clive.gringras@sidley.com
Elisabetta Righini
Brussels
erighini@sidley.com
David Smith
London
dsmith@sidley.com
Women in Privacy – Global Privacy Leadership Lunch
Join us in Brussels for our next Women in Privacy – Global Privacy Leadership Lunch.
(more…)
Data Matters Contributors
sidleyprivacyblog@sidley.com
U.S. SEC Regulation S-P and Checklist: Compliance Deadline, December 3, 2025, Approaching for Large Entities
On May 16, 2024, the U.S. Securities and Exchange Commission (SEC or Commission) issued amendments to Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information, which became effective on August 2, 2024 (the Final Amendments). The deadline for larger entities to comply with the Final Amendments is December 3, 2025, and for smaller entities, June 3, 2026.
(more…)
Ranah Esmaili
Washington, D.C.
resmaili@sidley.com
Jonathan M. Wilan
Washington, D.C.
jwilan@sidley.com
Upcoming Events
Resources