The UK’s First Copyright vs. AI Decision: Key Takeaways on a Win for the AI Industry
The UK’s first “Copyright vs. AI” decision (Getty Images (US) Inc & ors vs. Stability AI Limited [2025] EWHC 2863 (Ch)) marks a clear win for the artificial intelligence industry. The English High Court raised the rhetorical question on the industry’s lips, “whether this judgment will, in reality, have anything to say on the balance to be struck between the two warring factions…”. The Judge’s answer is clear: the case does not answer whether training and development of AI models in the UK is an indefensible infringement of copyright. As to deployment of that trained model, the High Court concluded that an AI model itself cannot constitute an infringing copy. On Stability AI’s reproduction of the Getty trademarks, the High Court found that there was a historic and limited infringement.
The Trump Administration’s 2025 AI Action Plan – Winning the Race: America’s AI Action Plan – and Related Executive Orders
On July 23, 2025, the Trump administration released its much-anticipated AI Action Plan, outlining 90 federal policy positions across three key pillars: Accelerating Innovation, Building American AI Infrastructure, and Leading in International Diplomacy and Security. These pillars are designed to guide near-term action and are underpinned by three cross-cutting priorities: protecting and promoting American workers, ensuring that artificial intelligence (AI) systems are trustworthy and free from ideological bias, and safeguarding AI from misuse, theft, or other risks posed by malicious actors. The scope of the AI Action Plan demonstrates the far-reaching impact of AI, with policy positions affecting not only technology but also trade, national security, cybersecurity, energy, labor, education, environmental regulation, antitrust, science, and financial markets.
Medicare Reimbursement Pathway for AI-Enabled Medical Devices Considered in Senate’s Health Tech Investment Act
On April 9, 2025, U.S. Sens. Mike Rounds, Republican of South Dakota, and Martin Heinrich, Democrat of New Mexico, introduced a bill titled the Health Tech Investment Act (S 1399). The proposed bill would amend Title XVIII of the Social Security Act to create a Medicare payment system for algorithm-based healthcare services (AHBS), defined in the proposed legislation as services delivered through FDA-cleared or -approved devices that use artificial intelligence (AI), machine learning, or similar software to yield clinical outcomes for use by healthcare professionals to diagnose and treat diseases.
Spotlight on Women in Privacy: Esther Silberstein
Check out the November edition of Spotlight on Women in Privacy! Esther Silberstein shares her views on why she loves being a privacy professional, the best professional advice she ever received, what she’s closely watching now, and how she unwinds.
One Step Closer: AI Act Approved by Council of the EU
On 21 May 2024, the Council of the European Union approved the EU Artificial Intelligence Act (the “AI Act”). This is the final stage in the legislative process and comes after the EU Parliament voted to adopt the legislation on 13 March 2024. This final vote clears the path for the formal signing of the legislation and its publication in the Official Journal of the EU in the coming weeks. The AI Act will then enter into force 20 days after such publication with staggered transition periods of 6 to 36 months.
ICO Publishes Its Strategic Approach to Regulating AI
On 30 April 2024, the UK’s Information Commissioner’s Office (“ICO”) published its strategic approach to regulating artificial intelligence (“AI”) (the “Strategy”), following the UK government’s request that key regulators set out their approach to AI regulation and compliance with the UK government’s previous AI White Paper (see our previous blog post here). In its Strategy, the ICO sets out: (i) the opportunities and risks of AI; (ii) the role of data protection law; (iii) its work on AI; (iv) upcoming developments; and (v) its collaboration with other regulators. The publication of the ICO’s Strategy follows the recent publication of the Financial Conduct Authority’s (“FCA”) approach to regulating AI.
New EU Cyber Law for the Financial Services Industry with Significant Impact on ICT Service Providers
The new EU Regulation on Digital Operational Resilience for the Financial Sector (DORA) recently entered into force. DORA establishes cybersecurity requirements for information and communication technology (ICT) systems supporting the business processes of financial entities and represents a paradigm shift for the ICT sector. Critical ICT third-party service providers, who are providing services to regulated financial entities, will also be directly regulated under DORA and subject to regulatory supervision by a regulator to be established under DORA (a so-called ‘Lead Overseer’).
EU Publishes New NIS2 Cyber Directive Imposing Liability and Obligations on Senior Management
On 17 January 2023, the new Network and Information Systems Security Directive (“NIS2 Directive”), which is aimed at establishing a minimum level of cybersecurity standards across the EU and is set to replace its predecessor (the NIS or “NIS1 Directive”), entered into force. The new NIS2 Directive aims to further harmonize and strengthen cybersecurity and resilience throughout the EU in response to a continued increase in digitization and rise in cyber (and in particular ransomware) threats – which is estimated to have reached a total cost of €5.5 trillion at the end of 2020 (double the figure of 2015) and continues to rise in the EU and globally notably due to ongoing geopolitical conflicts in Ukraine and Russia. (more…)
