Insights
Search Results
Alerts
5.22.26
Draft Guidelines Clarify Which AI Systems Are “High-Risk” Under EU AI Act
The European Commission has published draft guidelines (Draft Guidelines) to clarify the classification of high-risk AI systems under the European Union's Artificial Intelligence Act (EU AI Act). This classification is crucial, as it determines whether an AI system will be subject to the EU AI Act’s most burdensome obligations. The Draft Guidelines provide general principles which inform if an AI system is high-risk, as well as a non-exhaustive list of examples of high-risk AI systems across various sectors. Organizations can provide feedback on the Draft Guidelines via this survey until June 23, 2026.
Alerts
9.03.25
EU Court Upholds the Validity of the EU-U.S. Data Privacy Framework
On September 3, 2025, the EU General Court (the General Court) (the second-highest court in the European Union (EU)) upheld the validity of EU-U.S. Data Privacy Framework (DPF) in Philippe Latombe v European Commission (T-553/23).
Alerts
2.11.25
EU Commission Issues Guidelines on Prohibited AI Practices Under EU AI Act
On February 4, 2025, the European Commission (EC) issued draft guidelines clarifying the AI practices that are prohibited under the European Union’s (EU) Artificial Intelligence (AI) Act. While non-binding, the guidelines offer valuable clarifications and practical examples to help businesses navigate their obligations under the AI Act. The EC has approved the draft guidelines, but is still to formally adopt them, which is expected in the near term.
Alerts
1.09.25
EU Court Awards Damages for Breach of EU Data Transfer Rules
On January 8, 2025, the second highest court of the European Union (EU), the General Court of the Court of Justice of the EU (the Court), ordered (in Bindl v European Commission, Case T-354/22) the European Commission (EC) to pay EUR 400 in damages to an individual for transferring their personal data to the U.S. without having implemented a data transfer mechanism under EU law.
Alerts
12.20.24
EU Privacy Regulators Confirm That Legitimate Interest Is a Valid Legal Basis for AI Model Training and Deployment
On December 18, 2024, the European Data Protection Board (EDPB) published its much-anticipated Opinion on the processing of personal data in the context of AI models in light of the EU General Data Protection Regulation (GDPR).
Alerts
7.12.24
EU AI Act to Enter into Force in August
On July 12, 2024, the European Union’s (EU) Artificial Intelligence Act (AI Act) was published in the Official Journal of the EU. This was the last step for the AI Act to become law. The AI Act will enter into force 20 days after the publication, i.e., on August 1.
Alerts
3.13.24
The EU AI Act Passes Another Hurdle Towards Becoming Law
On March 13, 2024, the European Parliament (EP) approved the latest draft of the European Union’s (EU) Artificial Intelligence Act (AI Act). Following this vote, the text will be sent to the Council of the EU (Council) for formal approval, after which the AI Act will officially become law. Once the AI Act starts to apply, it will introduce a swathe of new obligations for companies providing and using AI systems and general-purpose AI (GPAI) models in the EU, subject to hefty fines of up to EUR 35 million or seven percent of the total worldwide annual turnover, whichever is higher.
Alerts
2.02.24
The AI Act Just Got One Step Closer to Becoming Law
On February 2, 2024, a committee of ambassadors from all countries of the European Union (EU) approved the latest draft of the EU Artificial Intelligence Act (AIA or the Act). Following weeks of speculation that there could be a blocking minority of EU countries who had concerns about the final text, this vote confirms that the AIA has substantial support within the Council of the EU (Council). This means that the AIA has a good chance to become law within the coming months. For more information about the scope and requirements in the AIA, please see our client alert on last December’s political agreement on the AI Act, available here.
Alerts
12.11.23
EU Lawmakers Reach Political Agreement on the AI Act
On December 8, 2023, the EU finally agreed on the world’s first comprehensive legal framework on AI: the AI Act. EU lawmakers reached a political agreement on a series of controversial issues after record-long negotiations. They are expected to formally adopt the agreed text within the next couple of months. If adopted, the AI Act will ban certain AI systems, regulate general purpose AI (GPAI), impose heavy obligations on high-risk AI systems, subject to high fines, and support innovation through regulatory “sandboxes.” The AI Act will have an extraterritorial reach. Being the first law of its kind globally, the AI Act has the potential to establish a benchmark for AI regulation in other regions, just as the EU General Data Protection Regulation (GDPR) has accomplished.
Alerts
10.13.22
Formal Publication of the DMA and Timelines for Compliance
On October 12, 2022, the EU Digital Markets Act (DMA) was published in the Official Journal of the European Union (see here), giving clarity as to when the new rules will apply. The DMA will enter into force on November 1, 2022, and it will become fully applicable in May 2023. At that point, the gatekeeper designation process will start, and once designated, gatekeepers will have six months to comply with the DMA. This means that the DMA will only be fully enforceable against companies in spring 2024, likely around March.
Client Advisories
5.18.22
Increased Scrutiny for AI Systems and Draft AI Legislation in the EU
EU lawmakers are preparing a new Artificial Intelligence Act (AIA). Timing for adoption remains unclear, but once the AIA enters into force, it will impose strict obligations on providers and users of AI systems. In the meantime, EU regulators have started issuing fines against companies using AI systems on the basis of the EU General Data Protection Regulation (GDPR). For example, the Hungarian privacy regulator recently issued a fine of approximately $680,000 against a bank for non-compliance with GDPR rules in the context of its use of AI software to analyze customer service calls. To learn more about the upcoming legislation, please see Wilson Sonsini's Fact Sheet below on the current draft AIA.
Alerts
3.29.22
Political Agreement on a New Framework for EU-U.S. Personal Data Transfers
On March 25, 2022, the U.S. and EU announced that they reached a political agreement in principle on a new "Trans-Atlantic Data Privacy Framework" (the Framework). This would be the third framework for EU-U.S. personal data transfers, after the invalidation of the Privacy Shield in 2020 and of its predecessor, the Safe Harbor, in 2015. The new Framework is yet to be set out in legal documents, which will need to be negotiated and adopted. Timing for the adoption remains unclear.