Information Technology

Subscribe to Information Technology via RSS

Context

In recent months there has been a lot of commentary on the timelines for the implementation of key requirements under the EU AI Act, with discussions of extending deadlines, delaying implementation and introducing ‘stop the clock’ mechanisms. It is difficult to keep track of how the implementation of the EU AI Act might change and how this may impact businesses.

The purpose of this note is to provide a brief overview of the proposed changes to the compliance timeline as known on 6 March 2026.

EU AI Act – the Current Timeline 

The obligations under the EU AI Act

Continue Reading EU AI Act – Timeline Update

On February 13, the European Commission (EC) and the European Board for Digital Services (EBDS) endorsed the integration of the Code of Practice on Disinformation (the Disinformation Code) into the framework of the Digital Services Act (DSA). 

Article 45 of the DSA provides for the formation of voluntary codes of conduct at EU level to ”contribute to the proper application of” the DSA. The Disinformation Code is the second code integrated into the DSA via Article 45, following the EC’s recent integration of the Code of Conduct on Countering Illegal Hate

Continue Reading EU’s Code of Conduct on Disinformation Integrated into DSA
  • The Opinion concerns the scope of “personal data” under Regulation 2018/1725 (which is the EU institutions’ equivalent to the GDPR and which mirrors much of the same language and principles as the GDPR). It proposes a broader conceptualisation
Continue Reading One man’s pseudonymisation is another man’s anonymisation: The AG Opinion in SRB v EDPS and the scope of “personal data”

Today marks the effective date of the Digital Operational Resilience Act (DORA) and with it, additional incident reporting obligations for in-scope financial entities. 

With the aim of standardising the incident reporting process for financial entities throughout the EU, from today, in-scope financial entities must report any ‘major ICT-related incidents’ to their relevant competent authority. 1For the majority of financial entities within the scope of DORA in Ireland, this will be the Central Bank of Ireland while for others (such as pensions trustees) it will be the Pensions Authority. These new incident reporting obligations apply in addition to

Continue Reading Navigating the DORA ICT Incident Reporting Obligations

The European Commission has launched its first set of “specification proceedings” under the Digital Markets Act (“DMA”).

“Specification proceedings” are actions taken by the Commission under the DMA which formalises the Commission’s regulatory discussions with a gatekeeper, allowing it to investigate particular compliance points, which can ultimately result in the Commission issuing a decision to the relevant gatekeeper on what specific measures a gatekeeper must implement to ensure effective DMA compliance.

These latest proceedings relate to Apple’s interoperability obligations under the DMA. Article 6(7) of the DMA provides that gatekeepers shall allow providers of services and providers of

Continue Reading Commission launches first specification proceedings under the DMA

At the start of November, the UK government hosted an AI Safety Summit, intended to provide a forum for in-depth discussions on the challenges and opportunities of AI technology. It attracted a wide array of senior stakeholders from across policy, business, academia and government and appears to show a UK desire to lead in this area.

The opening day of the Summit saw the unveiling of the Bletchley Declaration (the Declaration) – a non-binding commitment agreed by the 27 countries whose delegates attended the Summit including USA, China, India and the EU.

Although a voluntary declaration, lacking any real “legislative

Continue Reading The Bletchley Declaration: further evidence of the global legislative focus on Artificial Intelligence

This is Part 1 in our series focused on tracking the development of the EU’s AI Act. The series will provide updates and commentary as the AI Act moves through the EU’s legislative process.

To set the scene, the EU Commission first adopted its Proposal for a Regulation laying down harmonised rules on artificial intelligence (the Proposed Act) back in April 2021. In ways a ground breaking piece of draft legislation, it was one of the first attempts to implement a regulatory framework which was specific to the use of artificial intelligence (AI) technology. This article aims

Continue Reading Tracking the AI Act: Part 1 – How the EU is thinking about regulating the AI sector