On 22 January 2024, an unofficial version of the (presumed) final EU Artificial Intelligence Act (“AI Act”) was released. The AI Act reached political agreement early December 2023 (see our blog post here) and had undergone technical discussions to finalize the text since. It was reported that the document was shared with EU Member State Representatives on 21 January 2024, ahead of a discussion within the Telecom Working Party, a technical body of the EU Council on 24 January 2024, and that formal adoption at the EU Member State ambassador level (i.e. COREPER) will likely follow on 2 February. On Friday 26 January 2024, the Belgian Presidency of the Council officially shared the (analysis of the) final compromise text of the AI Act with Member State representatives – clearly indicating that this text will be put forward for adoption.
Join Sidley and OneTrust DataGuidance for a reactionary webinar on the recently published, near-final text of the EU AI Act on February 5, 2024. This discussion with industry panelists will cover initial reactions to the text of the EU AI Act following finalization by EU legislators and examine the key points in the AI Act that businesses need to understand.
On 30 November 2023, the EU reached political agreement on the Cyber Resilience Act (“CRA”), the first legislation globally to regulate cybersecurity for digital and connected products that are designed, developed, produced and made available on the EU market. The CRA was originally proposed by the European Commission in September 2022. Alongside the recently adopted Data Act, Digital Operational Resilience Act (“DORA”), Critical Entities Resilience Act (“CER”), Network and Information Systems Security 2 Directive (“NISD2”) and Data Governance Act, the CRA builds on the EU Data and Cyber Strategies, and complements upcoming certification schemes, such as the EU Cloud Services Scheme (“EUCS”) and the EU ICT Products Scheme (“EUCC”). It responds to an increase in cyber-attacks in the EU over the last few years – in particular the rise in software supply chain attacks which have tripled over the last year –as well as the significant rise in digital and connected products in daily life which magnifies the risk of such attacks.
On 8 December 2023 — following three days of lengthy and intensive negotiations — EU legislators reached political agreement on the world’s first stand-alone law regulating AI: the EU’s AI Act. The EU considers the AI Act as one of its key pieces of legislation and fundamental to ensuring the EU becomes the world’s leading digital economy.
Over one hundred representatives from across the globe convened in the UK on 1-2 November 2023 at the Global AI Safety Summit. The focus of the Summit was to discuss how best to manage the risks posed by the most recent advances in AI. However, it was the “Bletchley Declaration” –announced at the start of the Summit—which truly emphasized the significance governments are attributing to these issues. (more…)
EU AI Act
Up until recently, political agreement on the final text of the EU Artificial Intelligence Regulation (AI Act) was expected on 6 December 2023. However, latest developments indicated roadblocks in the negotiations due to three key discussion points – please see our previous blog post here. EU officials are reported to be meeting twice this week to discuss a compromise mandate on EU governments’ position on the text, in preparation of the political meeting on 6 December. (more…)
On 27 November 2023, the Council adopted the final text of the Data Act which facilitates (and in certain cases, mandates) the access to (personal and non-personal) data. The Data Act was originally proposed by the European Commission in 2022. Alongside the EU Data Governance Act (which came into force in June 2022) the Data Act forms part of the EU’s Data Strategy which aims to “make the EU a leader in a data-driven society”. (more…)
Join Sidley and OneTrust DataGuidance for a webinar on the EU AI Act. This discussion with industry panellists will cover initial reactions to the (anticipated) political agreement on the EU AI Act following key negotiations by the European legislative bodies on December 6, 2023.
The tenth edition of Lexology In-Depth: Privacy, Data Protection and Cybersecurity (formerly The Privacy, Data Protection and Cybersecurity Law Review) provides a global overview of the evolving legal and regulatory regimes governing data privacy and security, at a time when both privacy and security are increasingly challenged by the fast-paced development of technologies such as large language models, generative AI, and self-teaching/self-replicating applications. A number of lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law.
On 24 October 2023, the European Parliament and Member States concluded a fourth round of trilogue discussions on the draft Artificial Intelligence Regulation (AI Act). Policymakers agreed on provisions to classify high-risk AI systems and also developed general guidance for the use of “enhanced” foundation models. However, the negotiations did not lead to substantial progress on provisions for prohibitions in relation to the use of AI by law enforcement. The next round of trilogue discussions will take place on 6 December 2023.