Photo of Charles Helleputte

Charles Helleputte

With the trilogues on the draft EU AI Act entering what is probably their final phase and the idea that procuring AI cannot be done lightly spreading, organizations are often confronted with hard choices, including on how to source AI responsibly and protect against liabilities with an uncertain developing legal framework. Contractual language is one

Mr. Philippe Latombe, a French member of Parliament, beat privacy activist Max Schrems to the punch! Despite Mr. Schrems’ many statements against the EU-US Data Privacy Framework (DPF), Mr. Latombe was the first to file a request in the EU’s General Court to seek the annulment of the DPF and, separately, an interim measure to suspend

According to the latest draft of the EU cybersecurity certification scheme for cloud services (EUCS), dated August 2023 (leaked by POLITICO), the data localisation requirement, which was heavily criticised by the industry, will now apply only to the highly critical “high+” level. Data localisation would, should the EUCS be approved as such, not apply to the category 3 (“high”) level. This might not be the end of a debate that has run wild between industry (with major cloud providers unkeen with the idea) on one side and some member states defending some level of sovereignty, such as France, Italy and Spain, and EU institutions (such as the European Data Protection Board and ENISA) on the other one.Continue Reading Fewer Clouds on … Cloud: The EU to (Finally) Drop Most Data Localisation Requirements in the EUCS

On July 10, the European Commission formally adopted the EU-U.S. Data Privacy Framework (DPF). The Commission’s adequacy decision (and the documentation package accompanying it, including the FAQ) brings welcome news: for certified DPF participants, personal data can flow between the European Economic Area (EEA) and the United States (U.S.

Our global data team has prepared a practical guide that compares three standard contracts, as a means of facilitating international data transfers, namely:

  • The EU’s standard contractual clauses (effective since June 2021)
  • The People’s Republic of China’s (PRC) standard contract (issued in March 2023)
  • The Association of Southeast Asian Nations’ (ASEAN) model contractual clauses (published in January 2021).

Continue Reading A Guide Comparing EU, China, ASEAN Standard Contracts for Data Transfers

The regulation of artificial intelligence (AI) has been a hot topic in recent months, fueled by the disruption caused by Generative AI  and the privacy and security concerns it raised. Numerous regional and national initiatives around the globe are part of a race to define a regulatory approach with many challengers (ethical use, product safety, risk-based, human-centered) and no clear winners. What is certain, however, is that even within the EU Commission itself, many want to trophy AI regulation. Here is a brief roundup of the main four contenders.
Continue Reading The EU Approach to AI Regulation: Texts That Generative AI  Will Not Come Up With

The European Commission and the Association of Southeast Asian Nations (ASEAN) have published a first-of-its-kind guide[1] that identifies the similarities and differences between the ASEAN model contractual clauses (ASEAN MCCs) and the EU standard contractual clauses (EU SCCs).

A second guide will be issued in due course, which will provide best practices for meeting

The EU adequacy decision in favour of the UK allows the free flow of personal data between the UK and the European Economic Area (the EU member states plus Iceland, Liechtenstein and Norway). Both before and since expiry of the Brexit implementation period businesses have emphasised the crucial importance of maintaining that adequacy decision, pointing

The French government has decided to act in the fight against the resurgence of cyberattacks, together with ransom demands, which have a significant impact on the economy. By anticipating the development of the cyber risk insurance market in France, the French government has decided to make the payment of insurance compensation conditional on the filing

The start of a new year always brings New Year’s resolutions. If privacy by design is one of yours (just months after the Irish watchdog announced a €265 million fine for a breach of this concept, it seems reasonable to have it on your radar), 2023 is off to a good start with a new