The European Commission Publishes Model Contractual Terms and Standard Сontractual Clauses Under the Data Act
The European Commission has released a package of non-binding model contractual terms (MCTs) and standard contractual clauses (SCCs) intended to simplify and harmonise how organisations contract for data access, data sharing and data processing services under the Data Act (Regulation (EU) 2023/2854). The package aims to reduce fragmentation, strengthen legal certainty, minimise negotiation friction and […]
ESAs Publish First List of Critical ICT Third-Party Providers Under DORA
The European Supervisory Authorities (the ESAs) have published the first list of critical ICT third-party providers (CTPPs) designated under the Digital Operational Resilience Act (DORA). This marks a key step in rolling out the DORA oversight framework, following a multi-stage assessment based on financial-entity registers, cross-sector criticality analysis and providers’ right to be heard. The […]
The Digital Omnibus: Targeted Amendments to the EU Digital Rulebook
The European Commission has unveiled a new digital package designed to cut administrative burdens for companies across the EU and streamline the Union’s fragmented digital rulebook. The package centres on, amongst other things, amending existing requirements relating to GDPR, AI Act, Data Act, e-privacy directive and other data legislation such as the Data Governance Act. […]
EDPB Publishes Opinion on European Commission’s Proposal to Extend UK Adequacy Decision for Data Transfers to December 2031
On 22 July 2025, the European Commission proposed draft decisions to extend the United Kingdom’s GDPR adequacy status until December 2031. This would allow EU organisations to continue transferring personal data to the UK without additional safeguards such as Standard Contractual Clauses. The European Data Protection Board (EDPB) has now issued its opinion, welcoming the […]
Prohibitory injunction request under GDPR is clarified by the CJEU
In Case C-655/23, the Court of Justice of the European Union (CJEU) was asked to clarify whether a data subject may obtain a prohibitory injunction to prevent further unlawful data processing under the GDPR, whether such relief depends on the risk of repetition, and how this interacts with claims for non-material damages. Opinion of Advocate […]
Digital Omnibus: Simplifying the EU’s Digital Rulebook
The European Commission is taking steps to simplify the EU’s complex digital regulations, with the aim to ease reporting requirements for businesses and to create a more consistent digital regulatory framework. The Digital Omnibus, part of the wider Digital Package on Simplification, targets overlapping and outdated rules across several digital areas. The goal of the […]
European Commission Publishes Training Data Summary Template for Providers of GPAI Models
Data training transparency is a core obligation under the AI Act (Regulation (EU) 2024/1689) for General-Purpose AI (GPAI) models placed on the Union market, including those distributed under free and open-source licenses. To support compliance with Article 53 of the AI Act, the European Commission has introduced a standardized Template for the Summary of Training […]
Commission Approves Draft Guidelines Clarifying Obligations for General-Purpose AI Models
The Guidelines were developed to clarify the application of Chapter V of the AI Act (Regulation (EU) 2024/1689), providing guidance on aspects essential for the implementation and understanding of the AI Act relating to general-purpose AI models (GPAI). Although the Guidelines have been published, they will be formally adopted by the European Commission at a […]
The AI Office receives the Final Draft of General-Purpose AI Code of Practice
The rules under Regulation 2024/1689 (AI Act) concerning general-purpose AI will come into effect on 2 August 2025. To provide additional guidance on these requirements, the AI Office has coordinated the development of the General-Purpose AI (GPAI) Code of Practice, which serves as a voluntary tool for AI model providers. The Code of Practice was […]
Two Regulatory Technical Standards (RTS) for the DORA have been published
The Commission has recently adopted two additional Regulatory Technical Standards (RTS) in the form of Delegated Regulations, thus completing the process of adopting all eight RTS. Technical standards will supplement and specify the rules of DORA (Regulation (EU) 2022/2554). From a regulatory perspective, these technical standards are complementary, providing more detailed specifications of specific requirements […]