Photo of Charles Helleputte

Charles Helleputte

Shortly after the publication of the Artificial Intelligence (AI) Act, the EU Commission published the AI Pact’s draft commitments with a view of anticipating compliance with high-risk requirements for AI developers and deployers.

Publication and timeline for the AI Act

The EU AI Act was published in the Official Journal of the European Union on July 12, 2024, as “Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonized rules on artificial intelligence.”  We have presented the main provisions and purposes of the AI Act in our publication here.

The EU AI Act will enter into force across all 27 EU Member States on August 1, 2024, but has variable transition periods depending on the relevant parts of the AI Acts; starting with February 2, 2025, at which point, prohibited AI practices must be withdrawn from the market, and with the enforcement of the majority of its provisions commencing on August 2, 2026.

The call for participation on the AI Pact by the EU commission

In this context, the EU Commission issued a press release on July 22, 2024, promoting the “AI Pact”, seeking the industry’s voluntary commitment to anticipate the AI Act and to start implementing its requirements ahead of the legal deadline.  The press release can be found here.

The AI Pact was first launched in November 2023, obtaining responses from over 550 organizations of various sizes, sectors, and countries.

The AI Office has since initiated the development of the AI Pact, which is structured around two pillars:Continue Reading The EU Commission’s Draft AI Pact anticipating compliance with newly published AI Act

We are pleased to announce the launch of our firm’s AI Law & Policy Hub, a thought leadership resource focused exclusively on the legal and policy issues around AI. It is a single destination containing all our global multidisciplinary insights, blogs, podcasts and videos including data privacy, intellectual property, competition/antitrust, regulatory, policy and other

Op-ed on what we know of the EDPB opinion on Pay or OK

April 17, 2024, 5:15 p.m. (Brussels)

Today, the EDPB plenary had a moment. It discussed an opinion on the Pay or OK models for social media. It was not its role, but it was likely trapped to do, as Art. 64(2) GDPR didn’t consider that national data protection authorities would sometimes use tactics similar to privacy activists to weaponize fundamental rights in a fight that has very little to do with privacy at its core. The discussion is much more about the Internet we want (or not).

“In most cases, it will not be possible for large online platforms to comply with the requirements for valid consent if they confront users only with a binary choice between consenting to processing of personal data for behavioral advertising purposes and paying a fee” says the opinion (according to the leak from POLITICO).Continue Reading When the EDPB is Weaponized, It Is Our Privacy That Is at Risk

1. Introduction

The Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law has been concluded by the Council of Europe (CoE) Committee on Artificial Intelligence on March 24, 2024, finally landing a decisive blow with a provisional agreement on the text of a treaty on artificial intelligence and human rights (Treaty).

This Treaty is the first of its kind and aims to establish basic rules to govern AI that safeguard human rights, democratic values and the rule of law among nations. As a CoE treaty, it is open for ratification by countries worldwide. It is worth noting that in this epic battlefield, apart from the CoE members in one corner of the global arena, on the opposite corner, representing various nations like the US, the UK, Canada and Japan, we have the observers, eyeing the proceedings, ready to pounce with their influence. Although lacking voting rights, their mere presence sends shockwaves through the negotiating ring, influencing the very essence of the Treaty.Continue Reading Heavyweight Fight, Did the US or EU KO the AI Treaty?

On 2 April 2024, the Italian Data Protection Authority (Garante) announced that on 21 March 2024, it issued a warning to Worldcoin Foundation regarding its intention to collect biometric data (via iris scanning) for digital identification, claiming that such data processing would violate the Regulation (EU) 2016/679 (GDPR).

Worldcoin Foundation supports the Worldcoin project, launched in 2019 by Sam Altman, the CEO of OpenAI LLC (OpenAI). The project is based on iris scanning to verify the identity of users and on linking such processing to the “financial instrument” market, specifically the cryptocurrency called WLD. The iris is scanned by a biometric device named Orb, which scans the face and iris of users to create a unique identification code (the so-called “World ID”) worldwide for each user. The Orb is not yet available in many countries (and is not offered in the EU).Continue Reading The Italian DPA Has Its Eyes on Biometric IDs – Another Fight on Tech or a Win for Privacy?

On February 13, 2024, the European Data Protection Board (EDPB) released its opinion on the notion of the main establishment of a controller in the EU under article 4(16)(a) GDPR and the criteria for the application of the “one-stop shop” mechanism, in particular, regarding the notion of a controller’s “place of central administration” (PoCA) in

The Digital Services Act (DSA) entered into full force on 17 February 2024. This is a monumental EU regulation, containing 93 articles and 156 recitals, which is intended to impose:

  • A framework for the conditional exemption from liability of providers of online intermediary services (i.e. companies that are conduits for, cache or host third-party online

Whether to and how to integrate AI into business operations remains a real challenge for companies considering the adoption of the technology. We have released “Ten Things About Artificial Intelligence (AI) for GCs in 2024” providing 10 key insights as a helpful guide on the issues around AI. Our global team stands ready

The Association of Southeast Asian Nations (ASEAN) and the European Union (EU) have rolled out their completed joint guide on the ASEAN model contractual clauses (MCCs) and EU standard contractual clauses (SCCs).[1]

This is the second half of a two-part guide, with this latter segment focusing on implementation aspects of the MCCs and SCCs.

On January 15, 2024, the European Commission (EC) published its report on 11 adequacy decisions made under the Data Protection Directive. This is the first review of its kind in GDPR times for adequacy decisions that were living their own existence, with not many troubles (leaving the US one aside). A periodic checkup is foreseen in the most recent adequacy decisions (and Japan last review was published in April 2023), but not much was done for the other ones; this is now remedied.Continue Reading Adequate One Day Keeps Personal Data Transfer Problems (Forever) Away? Let’s See What the EU Doctor Just Said