On 19 November 2025, the General Court of the European Union (the General Court) delivered a significant judgment in Case T-367/23, dismissing Amazon EU Sàrl (Amazon)’s challenge to the European Commission (EC)’s decision to designate Amazon Store as a “very large online platform” (VLOP) under the Regulation (EU)  2022/2065 (the Digital Services Act or DSA). This decision follows the decision in Case T-348/23 Zalando v Commission in September 2025 (the Zalando decision) (see our analysis of that decision here), and is the second decision in a number

Continue Reading Amazon v Commission: EU’s General Court dismisses Amazon’s challenge to VLOP designation

On 12 September 2025, the European Data Protection Board (EDPB) published its draft Guidelines on the interplay between the DSA and the GDPR (the Draft Guidelines). The Draft Guidelines aim to clarify how intermediary service providers (ISPs) should interpret and apply the GDPR when processing personal data in the context of DSA requirements. The Draft Guidelines are currently open to submissions as part of a public consultation until 31 October 2025.

Continue Reading EDPB Publishes Draft Guidelines on GDPR-DSA  Interplay

On 24 June 2025, Ireland’s National Cyber Security Centre (NCSC) published a set of proposed Risk Management Measures (RMMs) and launched Cyber Fundamentals, a framework designed to assist organisations to comply with the EU’s Directive (EU) 2022/2555 (the NIS2 Directive). The NIS2 Directive sets out high level measures for cybersecurity for in-scope entities across the EU and is to be transposed in Ireland by the upcoming National Cybersecurity Bill. 

RMMs

Who do they apply to?

The RMMs are intended to apply to essential and important entities within scope of the NIS2 Directive and which are

Continue Reading Risk Management Measures and Cyber Fundamentals: the NCSC’s roadmap towards NIS2 compliance

On 11 June 2025, the Minister for Justice, Jim O’Callaghan announced:

  1. The General Scheme of the Criminal Justice (International Cooperation Office) Bill 2025 (General Scheme) to (i) implement the eEvidence Regulation (EU) 2023/1543 (the Regulation) and (ii) transpose the Legal Representative Directive (EU) 2023/1544 (the Directive); 
  1. the establishment of the new Criminal Justice International Cooperation Office (CJICO).

The Director of the CJICO will operate as the designated (i) enforcing authority under the Regulation and (ii) central authority under the Directive. 

The eEvidence Regulation and Directive 

The eEvidence Regulation creates a mechanism for EU

Continue Reading Establishment of the Criminal Justice International Cooperation Office

On February 13, the European Commission (EC) and the European Board for Digital Services (EBDS) endorsed the integration of the Code of Practice on Disinformation (the Disinformation Code) into the framework of the Digital Services Act (DSA). 

Article 45 of the DSA provides for the formation of voluntary codes of conduct at EU level to ”contribute to the proper application of” the DSA. The Disinformation Code is the second code integrated into the DSA via Article 45, following the EC’s recent integration of the Code of Conduct on Countering Illegal Hate

Continue Reading EU’s Code of Conduct on Disinformation Integrated into DSA
  • The Opinion concerns the scope of “personal data” under Regulation 2018/1725 (which is the EU institutions’ equivalent to the GDPR and which mirrors much of the same language and principles as the GDPR). It proposes a broader conceptualisation
Continue Reading One man’s pseudonymisation is another man’s anonymisation: The AG Opinion in SRB v EDPS and the scope of “personal data”

On January 20, in a long-awaited move, the European Commission (EC) announced the integration of the revised Code of Conduct on Countering Illegal Hate Speech Online (the Hate Speech Code) into the regulatory framework of the Digital Services Act (DSA). 

Article 45 of the DSA provides for the formation of voluntary codes of conduct at EU level to ”contribute to the proper application of” the DSA. The Hate Speech Code marks the first Code to be integrated into the DSA framework via the Article 45 process. 

Background

The Hate Speech Code revises and

Continue Reading EU’s Code of Conduct Countering Online Hate Speech Becomes Part of the DSA

Today marks the effective date of the Digital Operational Resilience Act (DORA) and with it, additional incident reporting obligations for in-scope financial entities. 

With the aim of standardising the incident reporting process for financial entities throughout the EU, from today, in-scope financial entities must report any ‘major ICT-related incidents’ to their relevant competent authority. 1For the majority of financial entities within the scope of DORA in Ireland, this will be the Central Bank of Ireland while for others (such as pensions trustees) it will be the Pensions Authority. These new incident reporting obligations apply in addition to

Continue Reading Navigating the DORA ICT Incident Reporting Obligations

The European Commission has launched its first set of “specification proceedings” under the Digital Markets Act (“DMA”).

“Specification proceedings” are actions taken by the Commission under the DMA which formalises the Commission’s regulatory discussions with a gatekeeper, allowing it to investigate particular compliance points, which can ultimately result in the Commission issuing a decision to the relevant gatekeeper on what specific measures a gatekeeper must implement to ensure effective DMA compliance.

These latest proceedings relate to Apple’s interoperability obligations under the DMA. Article 6(7) of the DMA provides that gatekeepers shall allow providers of services and providers of

Continue Reading Commission launches first specification proceedings under the DMA

Recent technological advances in generative AI have transformed the way in which we listen to and create music. Many artists and industry players have readily adopted generative AI, viewing it as a creative force to be harnessed, while others remain wary. 

The use of increasingly sophisticated AI tools to generate musical works poses a number of challenges from a legal perspective, particularly in relation to how they may impact intellectual property rights. 

In this blogpost we explore some of these legal considerations in further detail.

Input Considerations – Training AI Models

Generative or algorithmic art is not particularly new; the

Continue Reading AI-Generated Music: How Will the Existing Copyright Framework Cope?