Ahead of the EU AI Act’s (the “Act”) General Purpose AI (“GPAI”) model requirements coming into force on 2 August 2025, EU authorities have released further guidance and Codes of Practice detailing how these rules should be interpreted and applied. In particular: GPAI Model Provider Guidance: The Commission has published additional guidance targeted specifically at [...]| Debevoise Data Blog
With federal preemption of AI regulation appearing unlikely, having been removed by a vote of U.S. senators in the negotiation over the federal budget bill, it is a good time to take stock of U.S. state-level AI regulation. In the second half of 2024, many observers had predicted a rapid spread of EU‑style, cross‑sector “AI Acts” [...]| Debevoise Data Blog
South Korea has become the latest country to pass a national AI law. The “Basic Act on the Development of Artificial Intelligence and Establishment of Foundation for Trust” (the “Basic Act” or the “Act”), which has several similarities to – and differences from – the EU AI Act, and comes into force on January 22, [...]| Debevoise Data Blog
As the first quarter of 2025 draws to a close and we look ahead to the spring, important changes to the Federal Rules of Evidence (“FRE”) regarding the use of AI in the courtroom are on the horizon. Specifically, the Federal Judicial Conference’s Advisory Committee on Evidence Rules (the “Committee”) is expected to vote on [...]| Debevoise Data Blog
The first wave of the EU AI Act’s requirements came into force on 2 February 2025, namely: Prohibited AI: the ban on the use and distribution of prohibited AI systems, and AI Literacy: the requirement to ensure staff using and operating AI possess sufficient AI literacy. All businesses caught by the EU AI Act’s jurisdictional [...]| Debevoise Data Blog
Our top five European data protection developments from July are: EU AI guidance: Businesses should consider reviewing their AI policies and practices following guidance from the French CNIL and the Irish DPC recommending that businesses conduct AI risk assessments and prepare AI policies and procedures, alongside the EDPB’s statement supporting the appointment of DPAs as [...]| Debevoise Data Blog
The European Commission has published a draft regulation containing further detail on the “technical and methodological” security measures, and cybersecurity incident reporting threshold triggers, under the incoming NIS2 directive (the “NIS2 Regulation”). Once finalised, the regulation will apply from 18 October 2024 in line with member states’ deadline for NIS2 implementation. NIS2: a recap The [...]| Debevoise Data Blog