
EU AI Act Transparency Obligations: Preparing for Compliance by 2 August 2026
From 2 August 2026, organisations will become subject to the transparency obligations set out in Article 50 of the EU AI Act (Regulation (EU) 2024/1689).
Article 50 introduces transparency requirements for providers and deployers in relation to certain AI system functionalities and use cases that may create transparency risks for individuals. Whilst much of the EU AI Act focusses on obligations on high-risk AI systems, Article 50 obligations may also apply to certain limited-risk systems. As a result, many organisations will need to implement governance, disclosure and content-labelling measures to ensure users are appropriately informed about the use of certain AI systems and AI-generated content.
EU Lawmakers Reach Provisional Agreement to Delay Key EU AI Act Obligations
On 7 May 2026, following extensive negotiations, the European Council and European Parliament reached a provisional agreement on the EU Digital Omnibus on AI (AI Omnibus) which proposes targeted amendments to the EU Artificial Intelligence Act (AI Act). On 16 June 2026, the European Parliament voted to adopt the provisional agreement — although, formal adoption remains subject to European Council approval.
Unpacking the December 11, 2025 Executive Order: Ensuring a National Policy Framework for Artificial Intelligence
On December 11, 2025, President Trump issued a new Executive Order (EO) to protect American Artificial Intelligence (AI) innovation from “the most onerous and excessive laws emerging from the States that threaten to stymie innovation.” Consistent with the President’s July 2025 America’s AI Action Plan, the EO further indicates, “[i]t is the policy of the United States to sustain and enhance the United States’ global AI dominance through a minimally burdensome national policy framework for AI.” (more…)

Texting in Texas: Texas AG Settlement Clarifies No Registration Needed for Consent-Based Text Messaging
Businesses that obtain consent prior to sending text marketing messages in Texas can breathe a cautious sigh of relief: the Texas Attorney General (Texas AG) has clarified that recent amendments to Texas’ telephone solicitation and telemarketing law enacted through Senate Bill 140 should not be interpreted to require such businesses to complete onerous registration requirements including posting of a $10,000 security bond and detailed disclosures about business owners, officers, directors and sales managers.
Texting in Texas: The State Expands Telemarketing Registration Requirements to Include Text Marketers
Texas has amended its telephone solicitation and telemarketing law (the Texas “mini-TCPA” — after the federal Telephone Consumer Protection Act) to require certain businesses that engage in text marketing to register with the Texas Secretary of State and make detailed disclosures, pay registration fees, and post a $10,000 security deposit. The amendments, which were enacted by Senate Bill 140 and went into effect on September 1, 2025, also make certain violations of the Texas mini-TCPA de facto violations of the state’s deceptive trade practices law, which includes a private right of action and can carry significant penalties. While the law includes several provisions that will likely exempt established businesses that obtain one-to-one opt-in consent for text marketing messages and other types of calls, in light of the substantial fines and private right of action, businesses will want to carefully review the application of these new amendments to their marketing programs.
UK Operational Resilience Rules: Are You Ready for 31 March 2025?
Several categories of UK financial services firms, including banks, insurers, electronic money institutions, and payment institutions, are required to comply with new requirements on operational resilience beginning 31 March 2025.
Looking Ahead to 2025 in EU Cybersecurity Developments
As 2024 draws to a close, we look ahead to notable upcoming cyber developments in the new year. From the adoption of new cyber laws to the initiation of infringement proceedings by the European Commission against a number of EU Member States for alleged failures to adequately implement the EU Network and Information Systems Security 2 Directive, the EU continues to emphasize cybersecurity in a rapidly evolving legal and technological environment. There are no signs of this momentum slowing down in 2025.

EU AI Act: Are You Prepared for the “AI Literacy” Principle?
The EU AI Act is the world’s first horizontal and standalone law governing the commercialization and use of AI, and a landmark piece of legislation for the EU. Among the various provisions of the EU AI Act, the “AI literacy” principle is an often overlooked but key obligation which requires organizations to ensure that staff who are involved in the operation and use of AI have the necessary skills, knowledge and understanding to adequately assess AI-related risks and opportunities (e.g., through training and hiring staff with the appropriate background and skillset). This obligation – which applies from February 2, 2025 – is one of the few obligations under the EU AI Act that applies to all AI systems i.e., irrespective of the level of risk that the AI system presents. Indeed, by introducing AI literacy as one of the first provisions of the AI Act (Article 4), the EU legislators appear to underscore the significance of this requirement.

Asia-Pacific Regulations Keep Pace With Rapid Evolution of Artificial Intelligence Technology
Regulation of artificial intelligence (AI) technology in the Asia-Pacific region (APAC) is developing rapidly, with at least 16 jurisdictions having some form of AI guidance or regulation. Some countries are implementing AI-specific laws and regulation, while others take a more “soft” law approach in reliance on nonbinding principles and standards. While regulatory approaches in the region differ, policy drivers feature common principles including responsible use, data security, end-user protection, and human autonomy.
DORA – ESAs Publish Draft Technical Standards on ICT Subcontracting
On 26 July 2024, the European Supervisory Authorities (EBA, EIOPA and ESMA, collectively, the “ESAs”) published their joint final report on the draft Regulatory Technical Standards (“RTS”) specifying the elements that a financial entity should determine and assess when subcontracting ICT services supporting critical or important functions under Article 30(5) of the Digital Operational Resilience Act (“DORA”). The RTS are intended to assist with the enhancement of the digital operational resilience of the financial services sector by improving in-scope entities’ ICT risk management, specifically with respect to the issue of ICT subcontracting.

