Insights

The EU AI Act defines ‘AI literacy’ as the skills, knowledge and understanding to enable the informed use and operation of AI systems and increase awareness of the opportunities, risks and possible harm that AI systems may present — with the ultimate purpose being to ensure that staff (and other relevant individuals) are able to take informed decisions in relation to AI, such as how to interpret AI output and decision-making processes and their impact on natural persons.

The year 2026 marks a major regulatory turning point for European companies using or considering the use of artificial intelligence in their human resources (HR) processes. The Regulation (EU) 2024/1689 on artificial intelligence (the AI Act) is entering a critical implementation phase, while the European Commission's "Digital Omnibus" package will clarify several obligations and modify certain deadlines.

On February 27, 2025, the Court of Justice of the European Union (“CJEU”) issued a ruling about the requirements on data controllers to respond to data access requests regarding an automated decision-making system. In particular, the CJEU interpreted the meaning (under Article 15(1)(h) GDPR) of the phrase “meaningful information about the logic involved” in automated decision-making. Importantly, the ruling also separately addressed how to balance data access rights with the protection of the controller’s trade secrets, when the protection of trade secrets is invoked under Article 15(4) as a reason not to disclose a copy of personal data in an access request.

In an era where regulatory landscapes are rapidly evolving, companies with a footprint in the European Union must stay vigilant and adaptable. The EU has recently unveiled a comprehensive set of guidelines that impose fresh obligations on both EU and non-EU based companies operating within its borders. This client alert is the first in a series designed to decode the complexities of the new EU regulations and provide actionable insights for businesses to ensure full compliance[1]. Stay tuned as we unravel the details of these pivotal changes and guide you through the steps your business needs to take to align with the EU's heightened regulatory standards.

On February 17, 2024, The Digital Services Act (DSA) will become applicable, introducing a new regulatory framework for providers of intermediary services. The DSA will apply to those offering their services to users located in the EU, regardless of the providers' place of establishment. We have discussed the new obligations in our previous client alert, when the DSA was adopted. In this alert, we will focus on the notice and action mechanisms, the positions of the users, intermediaries and the general public.

On Tuesday, July 5th, the European Parliament adopted the Digital Services Act (DSA) with a resounding 539 votes in favor, 54 votes against and 30 abstentions. The DSA is but one part of the multifaceted European digital strategy and, together with the Digital Markets Act (DMA), makes up the Digital Services Package, initially proposed by the European Commission in December 2020 (see our previous alert of January 12, 2021). The DSA takes the form of a Regulation, directly applicable in all EU Member States, and will amend (but not fully replace) the 2000 e-Commerce Directive (Directive 2000/31/EC).

On March 24, 2022, the European Union (EU) co-legislators (the European Parliament and the Council) reached political agreement on the final provisions of the Digital Markets Act (DMA). The DMA aims at ensuring fair and contestable markets in the digital sector by imposing specific regulatory obligations on so-called “gatekeepers,” i.e., major digital platforms with a powerful and entrenched position which act as important gateways for businesses to reach end users. The European Commission (EC) will act as the central enforcer of the DMA. It will have extensive investigative powers and be able to impose hefty fines as well as behavioral and structural remedies (including the breaking up of companies). As an instrument of ex ante regulation, the DMA is designed to complement (not replace) the ex post enforcement of competition law, which is often viewed as too slow to effectively rein in the market power of “Big Tech” players.

Recent months have witnessed a flurry of activity from the European Commission in the field of telecommunications regulation. On December 18, 2020, the Commission adopted a new Delegated Regulation setting single maximum Union-wide voice termination rates, as well as an updated Recommendation on those relevant markets within the electronic communications sector that it still deems to warrant regulation. On February 4, 2021, the Commission opened infringement procedures against 24 Member States for failing to implement the European Electronic Communications Code (EECC) into national legislation by the transposition deadline of December 21, 2020. And on February 24, it tabled a proposal for a new Roaming Regulation to replace the previous one of 2012 (Regulation No 531/2012). With these and other smaller initiatives, the Commission aims to complete a comprehensive overhaul of the European Union regulatory framework for the electronic communications sector, which it kickstarted in September 2016 with an ambitious legislative package intended to transform the EU into a “Gigabit Society” by 2025.

On May 11, 2016, the European Commission prohibited the proposed acquisition of Telefónica UK (O2) by Hutchison 3G UK (Three). The transaction would have been a 4:3 merger involving the number 2 and number 4 U.K. mobile network operators. The merged entity would have had a non-dominant share of around 40% and network sharing arrangements with both its remaining competitors (BT/EE and Vodafone). The Commission’s decision was based, in particular, on the elimination of Three as “an important competitive force” that offered the most competitive prices in certain market segments and 4G at no extra cost. The Commission made no finding of coordinated effects.

On December 20, 2018, a directive establishing the European Electronic Communications Code (the Code) entered into force. The new Code represents the first complete overhaul of the regulatory framework for the telecommunications sector since 2002; the last significant update dates from 2009. The Code consolidates and replaces the four existing directives that constitute the EU regulatory framework for the electronic communications sector, i.e., the Framework Directive, the Access Directive, the Authorization Directive, and the Universal Services Directive. The Member States have until the end of 2020 to transpose it into national law. Price caps for intra-EU calls and texts will kick in as soon as May 15, 2019.

Other sections of this issue: Privacy & Data Protection | ISP-Liability & Media Law | Electronic Communications & IT