Legal on Digitaliziran si

EU Cybersecurity Package and NIS2: What InfoSec Professionals Need to Know

Tue, 10 Feb 2026 09:00:00 +0000

As someone tracking EU regulatory developments alongside ISO compliance and cryptography standards, the revised Network and Information Security Directive (NIS2) represents the most comprehensive update to European cybersecurity requirements since the original 2016 directive. What makes this particularly relevant for InfoSec professionals is the explicit integration of post-quantum cryptography timelines into regulatory frameworks - a recognition that the threat landscape is evolving faster than many organizations realize.

Understanding the NIS2 Reforms

The revised NIS2 directive aims to clarify scope, enhance legal certainty, and promote EU-wide standards across 18 critical sectors. The reforms address three areas that will directly impact operational security:

EU Court Ruling Forces Marketplaces to Verify User Data Before Publishing: Is Your Platform Compliant?

Tue, 02 Dec 2025 17:11:12 +0000

Does your online marketplace publish user-generated listings without verifying the personal data they contain? A landmark ruling from the Court of Justice of the European Union in Russmedia Digital (C-492/23) just fundamentally changed how platforms must handle personal data - and the compliance burden is substantial.

Marketplaces Are Now Data Controllers

The Court ruled that marketplace operators qualify as data controllers under the General Data Protection Regulation (GDPR) for personal data contained in user-posted listings - even when platforms neither create the content nor know the advertiser’s identity. The rationale? By deciding to make listings public and exploiting them commercially, platforms exercise control over personal data processing.

EU Digital Omnibus Drops: Is Your Compliance Strategy About to Become Obsolete?

Tue, 25 Nov 2025 12:30:55 +0000

Are you still building your compliance framework around the current GDPR, AI Act, and Data Act requirements? The European Commission just published the most sweeping reform of EU digital laws since 2018 - and everything you thought you knew about data protection compliance might be about to change.

The Regulatory Earthquake You Can’t Ignore

On 19 November 2025, the European Commission released two proposed regulations that will fundamentally reshape how businesses handle data, AI, and cybersecurity in Europe. The Digital Omnibus (2025/0360) and Digital Omnibus on AI (2025/0359) aren’t minor tweaks - they’re a complete rethinking of the EU’s approach to digital regulation.

Hamburg's €492,000 Fine Signals New Era of AI Transparency Enforcement: Are You Ready?

Thu, 09 Oct 2025 08:15:00 +0000

Is your organization using automated decision-making systems without fully understanding the transparency requirements? The Hamburg Commissioner for Data Protection’s recent €492,000 fine against a financial services provider should serve as your wake-up call.

The Case That Changes Everything

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) imposed this substantial penalty on a financial company for failing to provide adequate transparency in automated credit card application decisions. The violation? The company couldn’t explain to customers why their applications were rejected by their algorithmic systems.

UK Judge Uses AI to Draft Legal Decision: Are You Ready for AI in Professional Decision-Making?

Wed, 08 Oct 2025 09:06:16 +0000

Have you ever wondered what happens when artificial intelligence enters the courtroom? A UK First-Tier Tribunal judge recently provided a notable answer, becoming one of the first to openly disclose using AI in drafting a judicial decision - and the implications extend far beyond the legal profession.

A Notable Step Toward Transparency

In Evans v HMRC, Judge Christopher McNall made legal history by transparently disclosing his use of artificial intelligence to summarize documents and assist in drafting his decision. While this may not be the absolute first time a judge in an English court has used AI tools, McNall’s significance lies in his complete transparency and documented approach that followed the judiciary’s AI guidance.

Italy Breaks New Ground: Europe's First National AI Law Is Here – Is Your Business Ready?

Tue, 07 Oct 2025 12:40:34 +0000

Are you prepared for the regulatory shift that could redefine how your business operates with AI? Italy has just made history by becoming the first European Union member state to pass comprehensive national artificial intelligence legislation, and the implications extend far beyond Italian borders.

The Landmark Decision That Changes Everything

On September 17, 2025, the Italian Parliament approved Law No. 132 of 23 September 2025, officially taking effect on October 10, 2025. This groundbreaking legislation doesn’t just complement the EU AI Act – the European Union’s comprehensive framework that classifies AI systems by risk levels – it fills critical gaps and establishes precedents that other European nations are likely to follow.

Are Your AI Agents Legally Compliant? The Regulatory Reality Check Every Business Must Face

Fri, 26 Sep 2025 08:46:00 +0000

Are you deploying AI agents without understanding the legal minefield you’re navigating? While competitors rush to automate processes with intelligent agents, smart organizations are discovering that regulatory compliance - not just functionality - determines long-term success.

The Multi-Framework Challenge That’s Catching Everyone Off Guard

AI agents don’t operate in a regulatory vacuum. Unlike traditional software, these autonomous systems must simultaneously comply with multiple overlapping frameworks that create unprecedented complexity for businesses.

California Fines Lawyer $10,000 for ChatGPT Fabrications: Is Your Legal Team Ready for AI Accountability?

Wed, 24 Sep 2025 14:32:38 +0000

Have you ever wondered what happens when artificial intelligence meets the courtroom? California just provided a stark answer, issuing a $10,000 fine to a lawyer who submitted a court appeal filled with fabricated quotes generated by ChatGPT.

The Wake-Up Call Your Legal Department Needs

This case represents the first such sanction at the state appellate level, but it’s not the groundbreaking regulatory milestone it might initially appear. Federal courts have been issuing sanctions for AI-generated fake citations since 2023, most notably in the well-documented Mata v. Avianca case in New York federal court where lawyers were sanctioned for similar ChatGPT fabrications.

CJEU Ruling Redefines Personal Data: Is Your Pseudonymisation Strategy Still Compliant?

Wed, 24 Sep 2025 10:25:00 +0000

Are you certain your pseudonymised data transfers comply with GDPR? A significant ruling from the Court of Justice of the European Union (CJEU) on September 4, 2025, has provided important clarification on when pseudonymised data qualifies as personal data - and the implications could refine your data management strategy.

The Ruling That Provides Clarity

In the case of European Data Protection Supervisor (EDPS) v Single Resolution Board (SRB) (C-413/23), the CJEU confirmed that personal data is a relative concept. This means data can be pseudonymous in one party’s hands while being effectively anonymous for another recipient.

EU Data Act Countdown: 30 Days Left to Comply – Is Your Business Ready for September 12?

Thu, 14 Aug 2025 07:13:04 +0000

Are you prepared for the most significant data regulation since GDPR? With just 30 days remaining until the EU Data Act becomes applicable on September 12, 2025, companies across Europe are scrambling to understand requirements that will fundamentally reshape how they handle connected device data.

Note: The EU Data Act entered into force on January 11, 2024, giving companies nearly two years to prepare. However, its obligations only become legally enforceable starting September 12, 2025.

Sweden's PM ChatGPT Scandal Exposes Critical AI Governance Gap: Why ISO 42001 Is No Longer Optional

Fri, 08 Aug 2025 18:41:06 +0000

When Sweden’s Prime Minister Ulf Kristersson admitted using ChatGPT to get a “second opinion” on policy matters in August 2025, the backlash was swift. “We didn’t vote for ChatGPT,” critics declared. While this incident has sparked important debates about transparency in government, it also highlights broader questions about how organizations should manage artificial intelligence (AI) tools responsibly.

Understanding the Swedish Controversy

To be clear, Prime Minister Kristersson clarified that he uses ChatGPT - an AI-powered chatbot that can generate human-like text responses - for consultation rather than actual governmental decision-making. This distinction is important: seeking a “second opinion” from AI tools is different from delegating decision-making authority to them.

Microsoft Admits It Cannot Guarantee EU Data Sovereignty: Is Your Organization at Risk?

Wed, 30 Jul 2025 14:34:11 +0000

Are you confident your European data is truly protected from foreign surveillance? Microsoft’s recent admission under oath has raised important questions about data sovereignty, but the full picture is more nuanced than initial headlines suggest.

The Uncomfortable Truth - And Microsoft’s Response

Microsoft has publicly acknowledged that it cannot guarantee data sovereignty for customers in France and, by extension, the wider European Union. This admission came during legal proceedings where Microsoft France’s General Counsel, Anton Carniaux, confirmed the company’s inability to resist US government data requests under the US CLOUD Act.

EU's New AI Code of Practice: Are You Ready for August 2025's Compliance Reality Check?

Tue, 22 Jul 2025 08:00:35 +0000

Is your organization prepared for the seismic shift coming to AI governance this August? The European Commission has just published its voluntary General-Purpose AI Code of Practice (GPAI-CoP), and while “voluntary” might sound reassuring, the practical reality is far more complex.

The August 2025 Deadline That Changes Everything

When the EU AI Act takes full effect on August 2, 2025, your AI systems will face unprecedented scrutiny. The newly published code provides a roadmap for compliance, but it also reveals the technical challenges ahead - particularly around fairness, which experts describe as “an important and technically challenging aspect of AI.”

Europe's First AI Copyright Case Could Reshape Your Business: Are You Ready for the Fallout?

Tue, 08 Jul 2025 12:10:00 +0000

Is your company using AI tools to generate content, analyze data, or automate processes? The European Court of Justice (ECJ) has just received its first referral concerning artificial intelligence and copyright law - and the outcome could fundamentally change how you operate.

The Case That Could Change Everything

The landmark case, Like Company versus Google Ireland, centers on a critical question: when AI systems generate outputs that reproduce or resemble copyrighted works, does this constitute copyright infringement under European Union (EU) law? This isn’t just another legal dispute - it’s the first time Europe’s highest court will definitively rule on how copyright law applies to generative AI.

Your AI Procurement Strategy Could Be Your Biggest Compliance Risk: What Financial Services Must Know

Tue, 01 Jul 2025 15:15:00 +0000

Are you rushing to procure AI solutions for your financial services firm without considering the legal minefield you’re entering? While competitors scramble to deploy the latest AI tools, smart institutions are discovering that procurement strategy - not just implementation - determines compliance success.

Most financial institutions approach AI procurement like any other technology purchase. This is a critical mistake. Unlike traditional software, AI systems in financial services must navigate an intricate web of regulations including the General Data Protection Regulation (GDPR) - the EU’s comprehensive data privacy law that governs how personal information must be handled - Digital Operational Resilience Act (DORA) - a new EU regulation requiring financial institutions to strengthen their digital resilience against cyber threats - and emerging AI-specific legislation like the EU AI Act.

Your Work Emails Are Personal Data: The GDPR Ruling That Changes Everything

Thu, 26 Jun 2025 14:36:00 +0000

Do you think your professional emails belong to your employer? Think again. A recent legal clarification has confirmed that professional emails can contain personal data under the General Data Protection Regulation (GDPR) - but the reality is more nuanced than many headlines suggest, and this ruling could fundamentally change how your workplace handles your communications.

The Ruling That Matters - With Important Caveats

According to Appleby Global’s recent analysis, professional emails can fall under GDPR protection as personal data. However, it’s crucial to understand that not all professional emails automatically qualify as personal data.

EDPB Guidelines Expose Blockchain's GDPR Nightmare: Is BitTorrent the Unexpected Solution?

Tue, 24 Jun 2025 08:32:04 +0000

Are you building on blockchain technology without considering the privacy compliance minefield you’re walking into? The European Data Protection Board’s (EDPB) latest guidelines reveal a fundamental incompatibility between blockchain’s core features and GDPR requirements that could derail your digital transformation plans.

The Immutability Problem

Blockchain’s greatest strength - its immutable ledger - has become its GDPR Achilles’ heel. According to new EDPB guidelines, the technology’s inability to modify or delete records directly conflicts with data subjects’ rights to erasure and rectification under GDPR Articles 17 and 16.

DORA First: Why Financial Institutions Must Prioritize AI Readiness Before 2027

Mon, 23 Jun 2025 09:50:48 +0000

Are you prepared for the regulatory storm heading toward financial services? While your competitors scramble to understand the EU AI Act, smart institutions are taking a “DORA first” approach - and it might be the difference between thriving and merely surviving the 2027 compliance deadline.

The Perfect Storm: When DORA Meets AI Act

The Digital Operational Resilience Act (DORA), which became applicable on January 17, 2025, has already transformed how financial institutions manage ICT risk (Information and Communication Technology risks that could compromise network and information systems). Now, with the EU AI Act’s full enforcement approaching August 2, 2027, institutions face an unprecedented convergence of regulatory requirements.

Switzerland's Fintech Revolution: Are You Missing Europe's Most Crypto-Friendly Business Hub?

Mon, 23 Jun 2025 09:46:26 +0000

Are you still navigating the complex maze of European fintech regulations while your competitors establish operations in Switzerland? While the European Union continues to wrestle with comprehensive crypto frameworks, Switzerland has quietly positioned itself as the continent’s most fintech-friendly jurisdiction.

However, it’s important to recognize that the European fintech landscape is rapidly evolving, with multiple jurisdictions now competing to attract innovation. Countries like the United Kingdom and Germany have implemented robust regulatory sandboxes and innovation hubs that provide fintech companies with controlled environments to test new products without full regulatory compliance burdens.

Are You Unknowingly Using What Congress Might Soon Classify as the "Dark Web"?

Thu, 12 Jun 2025 15:56:48 +0000

Are you unknowingly using what Congress might soon classify as the “dark web”? A new Senate bill targeting opioid trafficking contains a definition so broad it could sweep up everything from your private WhatsApp conversations to your company’s VPN access.

The Definitional Disaster

Senate Bill 1975, the Dark Web Interdiction Act of 2025, aims to prohibit opioid delivery through dark web channels. While the intent is commendable, the bill’s definition of “dark web” is alarmingly overbroad, requiring only that content be (A) not indexed by search engines AND (B) require specific software or configurations that conceal user identities.

Are Your AI Embeddings as Secure as You Think?

Thu, 12 Jun 2025 15:49:06 +0000

Are you confident that your organization’s AI embeddings are protecting sensitive information? A groundbreaking new research paper reveals a troubling reality: what you thought was secure data representation might be an open book to determined attackers.

What are AI embeddings? For readers new to this concept, embeddings are numerical representations that convert complex data like text, images, or audio into mathematical vectors that AI systems can process. Think of them as a way to translate human-readable information into a language that machines understand.

Localhost tracking

Thu, 12 Jun 2025 10:38:00 +0000

Are your privacy tools actually protecting you? A shocking new investigation reveals that Meta has been using a sophisticated “localhost tracking” technique that can link your web browsing to your real identity - even when you’re using VPNs, incognito mode, or have deleted all your cookies.

The Hidden Tracking Method

Researchers discovered that Meta’s Facebook and Instagram apps have been secretly communicating with web browsers through hidden localhost connections since September 2024. This technique allows Meta to bypass Android’s built-in security protections and create detailed profiles of your online activity without your knowledge or consent.

NYT v. OpenAI: Why Your Data Privacy May Be at Risk Even After You Hit Delete

Sun, 08 Jun 2025 06:56:55 +0000

Are you confident that your deleted conversations with AI chatbots are really gone? A landmark lawsuit between The New York Times (NYT) and OpenAI reveals a troubling reality: “deleted” data might still be stored, analyzed, or exposed in ways you never intended or consented to.

Your Deleted Data Isn’t Always Deleted

According to The Verge, OpenAI has stored deleted conversations, despite users’ expectation of privacy. This practice is currently being challenged in court and has sparked debate around what “delete” really means in the context of AI chatbots and cloud-based interactions.

Is Your Team Ready for AI? Why Education Must Come Before Implementation

Mon, 02 Jun 2025 08:35:28 +0000

Picture this: your organization just invested in cutting-edge AI technology, but your team doesn’t understand how it works, when it might fail, or what legal obligations come with its use. Sound familiar? You’re not alone—and you’re potentially in violation of the European AI Act, which mandates AI literacy training as of February 2, 2025.

The Knowledge-First Imperative

The principle is simple yet revolutionary: knowledge is power, and it’s crucial for successful AI integration to have educated personnel first, not after integration. This isn’t just good practice—it’s now a legal requirement under EU regulations.

White House Health Report Scandal Exposes the Dangers of Unvetted AI in Government

Sat, 31 May 2025 09:05:15 +0000

Are you trusting AI tools to handle critical decisions in your organization? The Trump administration’s recent health report debacle should serve as a wake-up call for every executive relying on artificial intelligence without proper oversight.

When AI Goes Rogue at the Highest Levels

The White House’s “Make America Healthy Again” (MAHA) report contained fabricated citations and potentially AI-generated content that experts say bears the hallmarks of unvetted artificial intelligence use. Multiple news outlets have confirmed that the report included non-existent studies and garbled scientific references—exactly the kind of errors we see when AI tools operate without human verification.

The Hidden Cost of AI Hallucinations: When Your Professional Tools Start Making Things Up

Sun, 25 May 2025 06:26:27 +0000

Are you confident that the AI tools your organization relies on are telling you the truth? A growing database of legal cases reveals a troubling pattern: artificial intelligence systems are fabricating information with potentially devastating consequences for professionals across industries.

The Evidence Is Mounting

Damien Charlotin’s AI Hallucinations Database documents a disturbing trend of generative AI producing fabricated citations in court filings. What started as isolated incidents has evolved into a systematic problem affecting major law firms and legal professionals worldwide.

CEOs as Data Protection Officers: The €5,000 Mistake Your Company Might Be Making

Fri, 23 May 2025 07:35:51 +0000

Is your CEO wearing too many hats? If one of those happens to be Data Protection Officer (DPO), your organization could be facing significant legal and compliance risks—as one company discovered after being hit with a €5,000 fine by Austria’s data protection authority (DSB).

The DSB penalized a company for appointing its managing director as its Data Protection Officer, highlighting a fundamental conflict of interest that violates core principles of the General Data Protection Regulation (GDPR).

EU Court Rules Tracking-Based Advertising Illegal: Major Blow to Google, Microsoft, Amazon

Thu, 15 May 2025 05:46:55 +0000

In a landmark decision that could reshape digital advertising across Europe, the Belgian Court of Appeal has ruled that the tracking-based advertising systems used by tech giants including Google, Microsoft, Amazon, and X (formerly Twitter) have no legal basis under EU law.

The ruling, announced on May 15, 2025, specifically targets the Transparency and Consent Framework (TCF) developed by the Interactive Advertising Bureau (IAB), which serves as the foundation for most cookie consent banners across the web. You’ve likely encountered these banners with their often confusing options for thousands of “partners” collecting your data.

AI Companion Chatbots Deemed Unsafe for Children, Raising Questions About Digital Boundaries

Thu, 01 May 2025 11:09:18 +0000

A new report has sounded the alarm on AI companion chatbots, declaring them unsafe for children and teens under 18. The safety assessment, released this week, calls for stringent measures—potentially including legal restrictions—to protect young users from the psychological and developmental risks these increasingly popular AI systems pose.

These AI companions, designed to simulate human-like conversations and relationships, have gained millions of users worldwide. However, researchers found these platforms can create unhealthy emotional dependencies, expose children to inappropriate content, and potentially undermine critical social development that occurs through human interaction.

EU's ProtectEU Plan Sparks Privacy Concerns: The Hidden Cost of Backdoored Encryption

Mon, 07 Apr 2025 08:52:22 +0000

In a move that has sent shockwaves through the cybersecurity community, the European Union’s ProtectEU plan has revealed ambitious proposals to implement encryption backdoors by 2026. This development raises critical questions about the future of digital privacy and security in the EU’s increasingly regulated cyberspace.

The plan, which extends far beyond encryption concerns, encompasses several significant initiatives. At its core, the proposal aims to enhance law enforcement capabilities, particularly in fighting serious crimes and child sexual abuse. However, the controversial encryption backdoor requirement has become a focal point of debate.

Why Algorithmic Transparency Matters

Fri, 28 Feb 2025 12:35:00 +0000

Has your team been excitedly pitching you the latest AI automation system that promises to revolutionize customer assessments, credit decisions, or resource allocation? Before you sign off on that purchase order, there’s something you should know: the EU courts just made it crystal clear that algorithmic transparency isn’t optional - it’s mandatory.

The EU Court Just Raised the Stakes

In a landmark judgment (Case C‑203/22) delivered on February 27, 2025, the Court of Justice of the European Union (CJEU) has provided crucial clarity on what companies must disclose when they use automated decision-making systems.