GDPR
GDPR compliance guides and analysis — lawful basis, data subject rights, DPIAs, transfers, and supervisory authority enforcement decisions across EU27.
EDPB/EDPS: Clinical Trials—Health Data Safeguards Required
The EDPB issued binding guidance this month requiring clinical trial operators to implement Article 9 safeguards that go beyond standard GDPR processing rules, with enforcement teams already issuing €2.3M in fines for inadequate health data protections. This move supports the Eur
Ex machina : financial stability in the age of artificial intelligence
The EU's analysis of "Financial Stability in the Age of Artificial Intelligence" treats AI as a systemic risk factor. For banks, insurers, and fintech firms, that means GDPR compliance is now a financial stability issue, not just a privacy issue. Regulators (ECB, EFSA, EBA) are t
Screening credibility : artificial Intelligence, evidence and fair asylum procedures in EU law
The intersection of artificial intelligence, evidence evaluation, and fair asylum procedures represents a critical compliance frontier in EU law. This analysis examines how AI-assisted credibility assessment systems must operate within due process protections and fundamental righ
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCILamending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of theimplementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - 4-column table
The Digital Omnibus on AI four-column comparison table provides a side-by-side analysis of proposed amendments to existing regulations. This structured format clarifies how new requirements modify previous frameworks, helping compliance professionals understand specific changes a
The impact of the artificial intelligence on our societies
As artificial intelligence increasingly shapes economic, social, and political outcomes across European societies, understanding AI's broader systemic impact becomes essential for compliance professionals. This analysis examines how AI adoption cascades through societies, creatin
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - Preparation for the trilogue
As the Digital Omnibus on AI moves toward trilogue negotiations between EU institutions, final regulatory text preparation intensifies. This phase determines the precise language, implementation timelines, and compliance requirements that organizations will navigate. Monitoring t
The futures of artificial intelligence : implications for Europe’s R&I ecosystem. Part 5, Final report
The final "Futures of AI" report synthesises five work streams into a single conclusion: AI adoption in Europe depends on trust, and trust is a GDPR problem. The report doesn't shy away from data protection—it lists it as foundational. You can't deploy AI at scale without solving
Artificial intelligence and sustainable consumption in Europe
The EU's work on "AI and Sustainable Consumption in Europe" ties algorithmic recommendation systems to GDPR compliance in a novel way: profiling for sustainability goals still requires lawful bases, consent mechanisms, and transparency. Retailers and platforms using AI to nudge s
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - Revised mandate for negotiations with the European Parliament
The revised mandate for trilogue negotiations on the Digital Omnibus on AI reflects ongoing EU institutional discussions to finalize AI regulatory harmonization. This updated negotiation framework incorporates feedback from the European Parliament and Council on implementing simp
Council Decision (EU) 2026/1080 of 21 April 2026 on the conclusion, on behalf of the European Union, of the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law
The Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law, adopted by the EU in April 2026, establishes international standards for responsible AI governance. This convention signals the EU's commitment to embedding fund
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - Analysis of the final compromise text with a view to agreement
The European Parliament and Council's final compromise text on the Digital Omnibus on AI (amending the AI Act and EASA regulations) is now on the table. The compromise softens some AI Act obligations but hardenes the interaction with GDPR. Articles 3 and 4 of the final text clari
The futures of artificial intelligence : implications for Europe’s R&I ecosystem. Part 4, Scenarios and opportunities
The EU's "Futures of AI: Scenarios and Opportunities" (Part 4) maps out growth pathways that hinge on trust—and trust in Europe means GDPR compliance. Three scenarios assume mass AI adoption; none of them work without solving the personal data problem. If your organisation is bet
Artificial intelligence strategy : 2026-2030
The EU's 2026–2030 artificial intelligence strategy is now live, and it's forcing a reckoning for organisations collecting data on AI users and decision-subjects. You'll need to map your AI pipelines against GDPR Article 22 (automated decision-making) and Articles 5–7 (processing
The futures of artificial intelligence : implications for Europe’s R&I ecosystem. Part 3, A forward-looking analysis of European industries’ artificial intelligence use
Part 3 of the "Futures of AI" report maps current industrial AI adoption in Europe and flags a critical gap: many SMEs deploying AI lack GDPR maturity. Manufacturing, logistics, and supply chain sectors are moving fastest—and processing personal employee and customer data at scal
GDPR DPIA: When You Need One and How to Write It
A Data Protection Impact Assessment is mandatory before high-risk processing under GDPR Article 35. This guide explains triggers, methodology, and documentation.
DPIA Step-by-Step: When You Need One and How to Write It
A Data Protection Impact Assessment (DPIA) is mandatory under GDPR Article 35 for high-risk processing. This step-by-step guide walks through when one is required, what it must contain, and how to complete one efficiently.
CEF 2026: Coordinated Enforcement—GDPR Transparency Obligations
European data protection authorities will conduct synchronized inspections starting July 2026, specifically targeting Articles 13-14 transparency violations that have reached "systemic non-compliance levels" according to EDPB Chair Andrea Jelinek. The Coordinated Enforcement Fram
The futures of artificial intelligence : implications for Europe's R&I ecosystem. Part 2, Mapping the current state of adoption in the European industrial landscape
Part 2 of the "Futures of AI" report benchmarks current AI adoption across European industries: early leaders in tech and finance, slower rollout in public services and SMEs. The mapping reveals a GDPR maturity gap. Organisations piloting AI today have time to embed GDPR governan
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence - Letter sent to the European Parliament
The European Parliament's letter on the Digital Omnibus proposal signals that negotiators are closing on final text by Q2 2026. The letter emphasises safeguards for personal data protection alongside AI innovation—a signal that GDPR enforcement won't ease. Organisations treating
Schrems II and Consent Management: What EU Organisations Must Do Now
The ECJ's Schrems II ruling (C-311/18) invalidated the EU-US Privacy Shield and imposed additional safeguards on standard contractual clauses. This guide explains what consent managers and EU SMEs must do to remain GDPR-compliant for transatlantic data transfers.
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) [15708/25 - COM(2025)836 final] - Opinion on the application of the Principles of Subsidiarity and Proportionality
The European Commission's opinion on subsidiarity and proportionality for the Digital Omnibus on AI (COM(2025)836) signals that the EU won't defer AI regulation to member states—and that GDPR's role as the horizontal personal data framework is settled. The opinion reinforces that
Leveraging artificial intelligence tools to collect and structure information on human biology-based models used in biomedical research : the Biomedical models Hub (BimmoH) dataset
The Biomedical Models Hub (BimmoH) dataset demonstrates how AI tools can enhance research infrastructure and data management in biomedical science. This initiative leverages artificial intelligence to collect, organize, and make accessible information on human biology-based model
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) [15708/25 - COM(2025)836 final] - Opinion on the application of the Principles of Subsidiarity and Proportionality
The Digital Omnibus on AI represents a significant regulatory evolution, amending both the AI Act and aviation safety regulations to simplify implementation of harmonized AI rules. This proposal demonstrates the EU's commitment to reducing compliance complexity while maintaining
The use of artificial intelligence (AI) technologies in the European Union : key results : 2026 edition
The 2026 edition of the CJEU's analysis on artificial intelligence technologies in the European Union provides critical insights into AI adoption patterns and regulatory developments across member states. This comprehensive review examines how organizations are implementing AI sy
International IP Helpdesk’s comprehensive guide on artificial intelligence & IP in China, India, Latin America, and South-East Asia
The International IP Helpdesk's comprehensive guide on artificial intelligence and intellectual property rights across China, India, Latin America, and Southeast Asia addresses critical considerations for organizations expanding AI operations globally. This resource clarifies how
How to Audit Third-Party Data Processors Under GDPR
GDPR Article 28 requires organisations to use only processors providing sufficient guarantees. This guide explains how to audit vendors and maintain compliant DPAs.
What Is GDPR? A Complete Guide for Businesses
GDPR (Regulation 2016/679) is the EU's data protection law. This guide covers the 6 lawful bases, data subject rights, ROPA, DPO, DPIA, and Article 83 fines — with practical guidance for SMEs.
How to Build a ROPA Under GDPR: A Practical Guide
Records of Processing Activities (ROPA) are required under GDPR Article 30 for most organisations. This guide covers what must be recorded, who is exempt, and how to build and maintain a ROPA your DPA will accept.
Schrems II and Consent Management: What EU Organisations Must Do Now
The ECJ's Schrems II ruling (C-311/18) invalidated the EU-US Privacy Shield and imposed additional safeguards on standard contractual clauses. This guide explains what consent managers and EU SMEs must do to remain GDPR-compliant for transatlantic data transfers.
Schrems II and Consent Management: What EU Organisations Must Do Now
The ECJ's Schrems II ruling (C-311/18) invalidated the EU-US Privacy Shield and imposed additional safeguards on standard contractual clauses. This guide explains what consent managers and EU SMEs must do to remain GDPR-compliant for transatlantic data transfers.
EDPB/EDPS: Clinical Trials—Health Data Safeguards Required
The EDPB issued binding guidance this month requiring clinical trial operators to implement Article 9 safeguards that go beyond standard GDPR processing rules, with enforcement teams already issuing €2.3M in fines for inadequate health data protections. This move supports the Eur
EDPB/EDPS: Clinical Trials—Health Data Safeguards Required
The EDPB issued binding guidance this month requiring clinical trial operators to implement Article 9 safeguards that go beyond standard GDPR processing rules, with enforcement teams already issuing €2.3M in fines for inadequate health data protections. This move supports the Eur
Ex machina : financial stability in the age of artificial intelligence
The EU's analysis of "Financial Stability in the Age of Artificial Intelligence" treats AI as a systemic risk factor. For banks, insurers, and fintech firms, that means GDPR compliance is now a financial stability issue, not just a privacy issue. Regulators (ECB, EFSA, EBA) are t
Ex machina : financial stability in the age of artificial intelligence
The EU's analysis of "Financial Stability in the Age of Artificial Intelligence" treats AI as a systemic risk factor. For banks, insurers, and fintech firms, that means GDPR compliance is now a financial stability issue, not just a privacy issue. Regulators (ECB, EFSA, EBA) are t
Screening credibility : artificial Intelligence, evidence and fair asylum procedures in EU law
The intersection of artificial intelligence, evidence evaluation, and fair asylum procedures represents a critical compliance frontier in EU law. This analysis examines how AI-assisted credibility assessment systems must operate within due process protections and fundamental righ
Screening credibility : artificial Intelligence, evidence and fair asylum procedures in EU law
The intersection of artificial intelligence, evidence evaluation, and fair asylum procedures represents a critical compliance frontier in EU law. This analysis examines how AI-assisted credibility assessment systems must operate within due process protections and fundamental righ
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCILamending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of theimplementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - 4-column table
The Digital Omnibus on AI four-column comparison table provides a side-by-side analysis of proposed amendments to existing regulations. This structured format clarifies how new requirements modify previous frameworks, helping compliance professionals understand specific changes a
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCILamending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of theimplementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - 4-column table
The Digital Omnibus on AI four-column comparison table provides a side-by-side analysis of proposed amendments to existing regulations. This structured format clarifies how new requirements modify previous frameworks, helping compliance professionals understand specific changes a
The impact of the artificial intelligence on our societies
As artificial intelligence increasingly shapes economic, social, and political outcomes across European societies, understanding AI's broader systemic impact becomes essential for compliance professionals. This analysis examines how AI adoption cascades through societies, creatin
The impact of the artificial intelligence on our societies
As artificial intelligence increasingly shapes economic, social, and political outcomes across European societies, understanding AI's broader systemic impact becomes essential for compliance professionals. This analysis examines how AI adoption cascades through societies, creatin
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - Preparation for the trilogue
As the Digital Omnibus on AI moves toward trilogue negotiations between EU institutions, final regulatory text preparation intensifies. This phase determines the precise language, implementation timelines, and compliance requirements that organizations will navigate. Monitoring t
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - Preparation for the trilogue
As the Digital Omnibus on AI moves toward trilogue negotiations between EU institutions, final regulatory text preparation intensifies. This phase determines the precise language, implementation timelines, and compliance requirements that organizations will navigate. Monitoring t
The futures of artificial intelligence : implications for Europe’s R&I ecosystem. Part 5, Final report
The final "Futures of AI" report synthesises five work streams into a single conclusion: AI adoption in Europe depends on trust, and trust is a GDPR problem. The report doesn't shy away from data protection—it lists it as foundational. You can't deploy AI at scale without solving
The futures of artificial intelligence : implications for Europe’s R&I ecosystem. Part 5, Final report
The final "Futures of AI" report synthesises five work streams into a single conclusion: AI adoption in Europe depends on trust, and trust is a GDPR problem. The report doesn't shy away from data protection—it lists it as foundational. You can't deploy AI at scale without solving
Artificial intelligence and sustainable consumption in Europe
The EU's work on "AI and Sustainable Consumption in Europe" ties algorithmic recommendation systems to GDPR compliance in a novel way: profiling for sustainability goals still requires lawful bases, consent mechanisms, and transparency. Retailers and platforms using AI to nudge s
Artificial intelligence and sustainable consumption in Europe
The EU's work on "AI and Sustainable Consumption in Europe" ties algorithmic recommendation systems to GDPR compliance in a novel way: profiling for sustainability goals still requires lawful bases, consent mechanisms, and transparency. Retailers and platforms using AI to nudge s
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - Revised mandate for negotiations with the European Parliament
The revised mandate for trilogue negotiations on the Digital Omnibus on AI reflects ongoing EU institutional discussions to finalize AI regulatory harmonization. This updated negotiation framework incorporates feedback from the European Parliament and Council on implementing simp
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - Revised mandate for negotiations with the European Parliament
The revised mandate for trilogue negotiations on the Digital Omnibus on AI reflects ongoing EU institutional discussions to finalize AI regulatory harmonization. This updated negotiation framework incorporates feedback from the European Parliament and Council on implementing simp
Council Decision (EU) 2026/1080 of 21 April 2026 on the conclusion, on behalf of the European Union, of the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law
The Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law, adopted by the EU in April 2026, establishes international standards for responsible AI governance. This convention signals the EU's commitment to embedding fund
Council Decision (EU) 2026/1080 of 21 April 2026 on the conclusion, on behalf of the European Union, of the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law
The Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law, adopted by the EU in April 2026, establishes international standards for responsible AI governance. This convention signals the EU's commitment to embedding fund
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - Analysis of the final compromise text with a view to agreement
The European Parliament and Council's final compromise text on the Digital Omnibus on AI (amending the AI Act and EASA regulations) is now on the table. The compromise softens some AI Act obligations but hardenes the interaction with GDPR. Articles 3 and 4 of the final text clari
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - Analysis of the final compromise text with a view to agreement
The European Parliament and Council's final compromise text on the Digital Omnibus on AI (amending the AI Act and EASA regulations) is now on the table. The compromise softens some AI Act obligations but hardenes the interaction with GDPR. Articles 3 and 4 of the final text clari
The futures of artificial intelligence : implications for Europe’s R&I ecosystem. Part 4, Scenarios and opportunities
The EU's "Futures of AI: Scenarios and Opportunities" (Part 4) maps out growth pathways that hinge on trust—and trust in Europe means GDPR compliance. Three scenarios assume mass AI adoption; none of them work without solving the personal data problem. If your organisation is bet
The futures of artificial intelligence : implications for Europe’s R&I ecosystem. Part 4, Scenarios and opportunities
The EU's "Futures of AI: Scenarios and Opportunities" (Part 4) maps out growth pathways that hinge on trust—and trust in Europe means GDPR compliance. Three scenarios assume mass AI adoption; none of them work without solving the personal data problem. If your organisation is bet
Artificial intelligence strategy : 2026-2030
The EU's 2026–2030 artificial intelligence strategy is now live, and it's forcing a reckoning for organisations collecting data on AI users and decision-subjects. You'll need to map your AI pipelines against GDPR Article 22 (automated decision-making) and Articles 5–7 (processing
Artificial intelligence strategy : 2026-2030
The EU's 2026–2030 artificial intelligence strategy is now live, and it's forcing a reckoning for organisations collecting data on AI users and decision-subjects. You'll need to map your AI pipelines against GDPR Article 22 (automated decision-making) and Articles 5–7 (processing
The futures of artificial intelligence : implications for Europe’s R&I ecosystem. Part 3, A forward-looking analysis of European industries’ artificial intelligence use
Part 3 of the "Futures of AI" report maps current industrial AI adoption in Europe and flags a critical gap: many SMEs deploying AI lack GDPR maturity. Manufacturing, logistics, and supply chain sectors are moving fastest—and processing personal employee and customer data at scal
The futures of artificial intelligence : implications for Europe’s R&I ecosystem. Part 3, A forward-looking analysis of European industries’ artificial intelligence use
Part 3 of the "Futures of AI" report maps current industrial AI adoption in Europe and flags a critical gap: many SMEs deploying AI lack GDPR maturity. Manufacturing, logistics, and supply chain sectors are moving fastest—and processing personal employee and customer data at scal
GDPR DPIA: When You Need One and How to Write It
A Data Protection Impact Assessment is mandatory before high-risk processing under GDPR Article 35. This guide explains triggers, methodology, and documentation.
GDPR DPIA: When You Need One and How to Write It
A Data Protection Impact Assessment is mandatory before high-risk processing under GDPR Article 35. This guide explains triggers, methodology, and documentation.
CEF 2026: Coordinated Enforcement—GDPR Transparency Obligations
European data protection authorities will conduct synchronized inspections starting July 2026, specifically targeting Articles 13-14 transparency violations that have reached "systemic non-compliance levels" according to EDPB Chair Andrea Jelinek. The Coordinated Enforcement Fram
CEF 2026: Coordinated Enforcement—GDPR Transparency Obligations
European data protection authorities will conduct synchronized inspections starting July 2026, specifically targeting Articles 13-14 transparency violations that have reached "systemic non-compliance levels" according to EDPB Chair Andrea Jelinek. The Coordinated Enforcement Fram
DPIA Step-by-Step: When You Need One and How to Write It
A Data Protection Impact Assessment (DPIA) is mandatory under GDPR Article 35 for high-risk processing. This step-by-step guide walks through when one is required, what it must contain, and how to complete one efficiently.
DPIA Step-by-Step: When You Need One and How to Write It
A Data Protection Impact Assessment (DPIA) is mandatory under GDPR Article 35 for high-risk processing. This step-by-step guide walks through when one is required, what it must contain, and how to complete one efficiently.
The futures of artificial intelligence : implications for Europe's R&I ecosystem. Part 2, Mapping the current state of adoption in the European industrial landscape
Part 2 of the "Futures of AI" report benchmarks current AI adoption across European industries: early leaders in tech and finance, slower rollout in public services and SMEs. The mapping reveals a GDPR maturity gap. Organisations piloting AI today have time to embed GDPR governan
The futures of artificial intelligence : implications for Europe's R&I ecosystem. Part 2, Mapping the current state of adoption in the European industrial landscape
Part 2 of the "Futures of AI" report benchmarks current AI adoption across European industries: early leaders in tech and finance, slower rollout in public services and SMEs. The mapping reveals a GDPR maturity gap. Organisations piloting AI today have time to embed GDPR governan
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence - Letter sent to the European Parliament
The European Parliament's letter on the Digital Omnibus proposal signals that negotiators are closing on final text by Q2 2026. The letter emphasises safeguards for personal data protection alongside AI innovation—a signal that GDPR enforcement won't ease. Organisations treating
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence - Letter sent to the European Parliament
The European Parliament's letter on the Digital Omnibus proposal signals that negotiators are closing on final text by Q2 2026. The letter emphasises safeguards for personal data protection alongside AI innovation—a signal that GDPR enforcement won't ease. Organisations treating
Leveraging artificial intelligence tools to collect and structure information on human biology-based models used in biomedical research : the Biomedical models Hub (BimmoH) dataset
The Biomedical Models Hub (BimmoH) dataset demonstrates how AI tools can enhance research infrastructure and data management in biomedical science. This initiative leverages artificial intelligence to collect, organize, and make accessible information on human biology-based model
Leveraging artificial intelligence tools to collect and structure information on human biology-based models used in biomedical research : the Biomedical models Hub (BimmoH) dataset
The Biomedical Models Hub (BimmoH) dataset demonstrates how AI tools can enhance research infrastructure and data management in biomedical science. This initiative leverages artificial intelligence to collect, organize, and make accessible information on human biology-based model
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) [15708/25 - COM(2025)836 final] - Opinion on the application of the Principles of Subsidiarity and Proportionality
The European Commission's opinion on subsidiarity and proportionality for the Digital Omnibus on AI (COM(2025)836) signals that the EU won't defer AI regulation to member states—and that GDPR's role as the horizontal personal data framework is settled. The opinion reinforces that
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) [15708/25 - COM(2025)836 final] - Opinion on the application of the Principles of Subsidiarity and Proportionality
The European Commission's opinion on subsidiarity and proportionality for the Digital Omnibus on AI (COM(2025)836) signals that the EU won't defer AI regulation to member states—and that GDPR's role as the horizontal personal data framework is settled. The opinion reinforces that
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) [15708/25 - COM(2025)836 final] - Opinion on the application of the Principles of Subsidiarity and Proportionality
The Digital Omnibus on AI represents a significant regulatory evolution, amending both the AI Act and aviation safety regulations to simplify implementation of harmonized AI rules. This proposal demonstrates the EU's commitment to reducing compliance complexity while maintaining
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) [15708/25 - COM(2025)836 final] - Opinion on the application of the Principles of Subsidiarity and Proportionality
The Digital Omnibus on AI represents a significant regulatory evolution, amending both the AI Act and aviation safety regulations to simplify implementation of harmonized AI rules. This proposal demonstrates the EU's commitment to reducing compliance complexity while maintaining
The use of artificial intelligence (AI) technologies in the European Union : key results : 2026 edition
The 2026 edition of the CJEU's analysis on artificial intelligence technologies in the European Union provides critical insights into AI adoption patterns and regulatory developments across member states. This comprehensive review examines how organizations are implementing AI sy
The use of artificial intelligence (AI) technologies in the European Union : key results : 2026 edition
The 2026 edition of the CJEU's analysis on artificial intelligence technologies in the European Union provides critical insights into AI adoption patterns and regulatory developments across member states. This comprehensive review examines how organizations are implementing AI sy
International IP Helpdesk’s comprehensive guide on artificial intelligence & IP in China, India, Latin America, and South-East Asia
The International IP Helpdesk's comprehensive guide on artificial intelligence and intellectual property rights across China, India, Latin America, and Southeast Asia addresses critical considerations for organizations expanding AI operations globally. This resource clarifies how
International IP Helpdesk’s comprehensive guide on artificial intelligence & IP in China, India, Latin America, and South-East Asia
The International IP Helpdesk's comprehensive guide on artificial intelligence and intellectual property rights across China, India, Latin America, and Southeast Asia addresses critical considerations for organizations expanding AI operations globally. This resource clarifies how
How to Audit Third-Party Data Processors Under GDPR
GDPR Article 28 requires organisations to use only processors providing sufficient guarantees. This guide explains how to audit vendors and maintain compliant DPAs.
How to Audit Third-Party Data Processors Under GDPR
GDPR Article 28 requires organisations to use only processors providing sufficient guarantees. This guide explains how to audit vendors and maintain compliant DPAs.
What Is GDPR? A Complete Guide for Businesses
GDPR (Regulation 2016/679) is the EU's data protection law. This guide covers the 6 lawful bases, data subject rights, ROPA, DPO, DPIA, and Article 83 fines — with practical guidance for SMEs.
What Is GDPR? A Complete Guide for Businesses
GDPR (Regulation 2016/679) is the EU's data protection law. This guide covers the 6 lawful bases, data subject rights, ROPA, DPO, DPIA, and Article 83 fines — with practical guidance for SMEs.
How to Build a ROPA Under GDPR: A Practical Guide
Records of Processing Activities (ROPA) are required under GDPR Article 30 for most organisations. This guide covers what must be recorded, who is exempt, and how to build and maintain a ROPA your DPA will accept.
How to Build a ROPA Under GDPR: A Practical Guide
Records of Processing Activities (ROPA) are required under GDPR Article 30 for most organisations. This guide covers what must be recorded, who is exempt, and how to build and maintain a ROPA your DPA will accept.
Schrems II and Consent Management: What EU Organisations Must Do Now
The ECJ's Schrems II ruling (C-311/18) invalidated the EU-US Privacy Shield and imposed additional safeguards on standard contractual clauses. This guide explains what consent managers and EU SMEs must do to remain GDPR-compliant for transatlantic data transfers.
EDPB/EDPS: Clinical Trials—Health Data Safeguards Required
The EDPB issued binding guidance this month requiring clinical trial operators to implement Article 9 safeguards that go beyond standard GDPR processing rules, with enforcement teams already issuing €2.3M in fines for inadequate health data protections. This move supports the Eur
CEF 2026: Coordinated Enforcement—GDPR Transparency Obligations
European data protection authorities will conduct synchronized inspections starting July 2026, specifically targeting Articles 13-14 transparency violations that have reached "systemic non-compliance levels" according to EDPB Chair Andrea Jelinek. The Coordinated Enforcement Fram
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence - Letter sent to the European Parliament
The European Parliament's letter on the Digital Omnibus proposal signals that negotiators are closing on final text by Q2 2026. The letter emphasises safeguards for personal data protection alongside AI innovation—a signal that GDPR enforcement won't ease. Organisations treating
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - Analysis of the final compromise text with a view to agreement
The European Parliament and Council's final compromise text on the Digital Omnibus on AI (amending the AI Act and EASA regulations) is now on the table. The compromise softens some AI Act obligations but hardenes the interaction with GDPR. Articles 3 and 4 of the final text clari
Ex machina : financial stability in the age of artificial intelligence
The EU's analysis of "Financial Stability in the Age of Artificial Intelligence" treats AI as a systemic risk factor. For banks, insurers, and fintech firms, that means GDPR compliance is now a financial stability issue, not just a privacy issue. Regulators (ECB, EFSA, EBA) are t
Artificial intelligence and sustainable consumption in Europe
The EU's work on "AI and Sustainable Consumption in Europe" ties algorithmic recommendation systems to GDPR compliance in a novel way: profiling for sustainability goals still requires lawful bases, consent mechanisms, and transparency. Retailers and platforms using AI to nudge s
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) [15708/25 - COM(2025)836 final] - Opinion on the application of the Principles of Subsidiarity and Proportionality
The European Commission's opinion on subsidiarity and proportionality for the Digital Omnibus on AI (COM(2025)836) signals that the EU won't defer AI regulation to member states—and that GDPR's role as the horizontal personal data framework is settled. The opinion reinforces that
The futures of artificial intelligence : implications for Europe’s R&I ecosystem. Part 5, Final report
The final "Futures of AI" report synthesises five work streams into a single conclusion: AI adoption in Europe depends on trust, and trust is a GDPR problem. The report doesn't shy away from data protection—it lists it as foundational. You can't deploy AI at scale without solving
The futures of artificial intelligence : implications for Europe’s R&I ecosystem. Part 4, Scenarios and opportunities
The EU's "Futures of AI: Scenarios and Opportunities" (Part 4) maps out growth pathways that hinge on trust—and trust in Europe means GDPR compliance. Three scenarios assume mass AI adoption; none of them work without solving the personal data problem. If your organisation is bet
Artificial intelligence strategy : 2026-2030
The EU's 2026–2030 artificial intelligence strategy is now live, and it's forcing a reckoning for organisations collecting data on AI users and decision-subjects. You'll need to map your AI pipelines against GDPR Article 22 (automated decision-making) and Articles 5–7 (processing
The futures of artificial intelligence : implications for Europe’s R&I ecosystem. Part 3, A forward-looking analysis of European industries’ artificial intelligence use
Part 3 of the "Futures of AI" report maps current industrial AI adoption in Europe and flags a critical gap: many SMEs deploying AI lack GDPR maturity. Manufacturing, logistics, and supply chain sectors are moving fastest—and processing personal employee and customer data at scal
The futures of artificial intelligence : implications for Europe's R&I ecosystem. Part 2, Mapping the current state of adoption in the European industrial landscape
Part 2 of the "Futures of AI" report benchmarks current AI adoption across European industries: early leaders in tech and finance, slower rollout in public services and SMEs. The mapping reveals a GDPR maturity gap. Organisations piloting AI today have time to embed GDPR governan
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) - Preparation for the trilogue
As the Digital Omnibus on AI moves toward trilogue negotiations between EU institutions, final regulatory text preparation intensifies. This phase determines the precise language, implementation timelines, and compliance requirements that organizations will navigate. Monitoring t
The impact of the artificial intelligence on our societies
As artificial intelligence increasingly shapes economic, social, and political outcomes across European societies, understanding AI's broader systemic impact becomes essential for compliance professionals. This analysis examines how AI adoption cascades through societies, creatin
Council Decision (EU) 2026/1080 of 21 April 2026 on the conclusion, on behalf of the European Union, of the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law
The Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law, adopted by the EU in April 2026, establishes international standards for responsible AI governance. This convention signals the EU's commitment to embedding fund