The First Draft General-Purpose AI Code of Practice: Transparency and Acceptable Use Policies
The EU AI Office has recently published the first draft of the General-Purpose AI Code of Practice, with the final version expected by 1 May 2025. This document provides essential guidance for businesses developing or deploying general-purpose AI models, helping them align with the requirements of the EU AI Act. The Code outlines measures to promote transparency, mitigate systemic risks, and ensure compliance with legal obligations, all with the aim of fostering a safe and responsible AI ecosystem.
CJEU Ruling Expands GDPR Rules for Health-Related Data
In a significant decision on 4 October 2024, the Court of Justice of the European Union clarified the interpretation of ‘data concerning health’ under the General Data Protection Regulation (GDPR). This ruling has important implications for online pharmacies and e-commerce platforms handling health-related products.
Data Protection Compliance Is Not Just for Big Tech
When we think about data protection and GDPR compliance, it’s easy to focus on Big Tech giants like Google and Meta. However, the GDPR applies to all organisations, regardless of size or industry. Businesses across sectors – from healthcare providers to energy firms – are increasingly subject to investigations and penalties. Here, we explore five recent cases where companies outside of Big Tech were fined for breaches of GDPR, showing that no one is immune from investigations and fines.
Transfer Impact Assessment under the GDPR
In an age where data flows seamlessly across borders, safeguarding personal information has become a pivotal concern for businesses worldwide. The General Data Protection Regulation (GDPR), a beacon of data protection laws, casts a wide net to safeguard personal data within and beyond the European Economic Area (EEA). A critical tool in this endeavour is the Transfer Impact Assessment (TIA), a process that scrutinises data transfers to ensure they meet GDPR’s standards.
Understanding Anti-Dilution Clauses
Dilution occurs when a company issues new shares, reducing the ownership percentage of existing shareholders. This typically happens during fundraising rounds when new investors come on board, or through employee stock options, convertible securities, or mergers. Dilution can significantly impact an existing shareholder’s control over the company and their share of future profits.
Requirements for General-Purpose AI Models and Systems under the European Artificial Intelligence Act
As the European Artificial Intelligence Act (AI Act) comes into force, tech companies need to be aware of the new requirements for general-purpose AI models and systems. These are the rules that aim to balance the benefits and risks of AI. In this article, we’ll explain what these requirements are and how they affect your business.
Essentials of GDPR Compliance for US Businesses
If your US-based business handles data from European customers, you need to be aware of the General Data Protection Regulation (GDPR). This regulation extends beyond Europe and has practical implications for businesses worldwide. Here’s a guide to help you understand two crucial aspects of GDPR compliance: privacy notices and the requirement for a data protection representative in the European Union (EU).
Artificial Intelligence Systems and Key Requirements of the European Artificial Intelligence Act
The European AI Act introduces new requirements for developing and using AI systems. Similar to the GDPR, the AI Act impacts businesses outside Europe. Since many AI applications involve personal data, both the AI Act and GDPR will often apply.
Hardware and Software Warranties in Supply Contracts
This article aims to provide practical guidance for businesses that supply or purchase hardware and software and explores warranties in software and hardware supply contracts – what they cover, common warranties and warranty disclaimers, and practical tips to help you understand these contractual terms.