Photo of Marty Hansen

Marty Hansen

Martin Hansen has represented some of the world’s leading information technology, telecommunications, and pharmaceutical companies on a broad range of cutting edge international trade, intellectual property, and competition issues. Martin has extensive experience in advising clients on matters arising under the World Trade Organization agreements, treaties administered by the World Intellectual Property Organization, bilateral and regional free trade agreements, and other trade agreements.

Drawing on ten years of experience in Covington’s London and DC offices his practice focuses on helping innovative companies solve challenges on intellectual property and trade matters before U.S. courts, the U.S. government, and foreign governments and tribunals. Martin also represents software companies and a leading IT trade association on electronic commerce, Internet security, and online liability issues.

Earlier this week, Members of the European Parliament (MEPs) cast their votes in favor of the much-anticipated AI Act. With 523 votes in favor, 46 votes against, and 49 abstentions, the vote is a culmination of an effort that began in April 2021, when the EU Commission first published its proposal for the Act.

Here’s what lies ahead:Continue Reading EU Parliament Adopts AI Act

On February 13, 2024, the European Parliament’s Committee on Internal Market and Consumer Protection and its Committee on Civil Liberties, Justice and Home Affairs (the “Parliament Committees”) voted overwhelmingly to adopt the EU’s proposed AI Act. This follows a vote to approve the text earlier this month by the Council of Ministers’ Permanent Representatives Committee (“Coreper“). This brings the Act closer to final; the last step in the legislative process is a vote by the full European Parliament, currently scheduled to take place in April 2024.

The compromise text approved by Coreper and the Parliament Committees includes a number of significant changes as compared to earlier drafts. In this blog post, we set out some key takeaways.Continue Reading EU AI Act: Key Takeaways from the Compromise Text

On January 24, 2024, the European Commission (“Commission”) announced that, following the political agreement reached in December 2023 on the EU AI Act (“AI Act”) (see our previous blog here), the Commission intends to proceed with a package of measures (“AI Innovation Strategy”) to support AI startups and small and medium-size enterprises (“SMEs”) in the EU.

Alongside these measures, the Commission also announced the creation of the European AI Office (“AI Office”), which is due to begin formal operations on February 21, 2024.

This blog post provides a high-level summary of these two announcements, in addition to some takeaways to bear in mind as we draw closer to the adoption of the AI Act.Continue Reading European Commission Announces New Package of AI Measures

On 15 January 2024, the UK’s Information Commissioner’s Office (“ICO”) announced the launch of a consultation series (“Consultation”) on how elements of data protection law apply to the development and use of generative AI (“GenAI”). For the purposes of the Consultation, GenAI refers to “AI models that can create new content e.g., text, computer code, audio, music, images, and videos”.

As part of the Consultation, the ICO will publish a series of chapters over the coming months outlining their thinking on how the UK GDPR and Part 2 of the Data Protection Act 2018 apply to the development and use of GenAI. The first chapter, published in tandem with the Consultation’s announcement, covers the lawful basis, under UK data protection law, for web scraping of personal data to train GenAI models. Interested stakeholders are invited to provide feedback to the ICO by 1 March 2024.Continue Reading ICO Launches Consultation Series on Generative AI

On December 9, 2023, the European Parliament, the Council of the European Union and the European Commission reached a political agreement on the EU Artificial Intelligence Act (“AI Act”) (see here for the Parliament’s press statement, here for the Council’s statement, and here for the Commission’s statement). Following three days of intense negotiations, during the fifth “trilogue” discussions amongst the EU institutions, negotiators reached an agreement on key topics, including: (i) the scope of the AI Act; (ii) AI systems classified as “high-risk” under the Act; and (iii) law enforcement exemptions.

As described in our previous blog posts on the AI Act (see here, here, and here), the Act will establish a comprehensive and horizontal law governing the development, import, deployment and use of AI systems in the EU. In this blog post, we provide a high-level summary of the main points EU legislators appear to have agreed upon, based on the press releases linked above and a further Q&A published by the Commission. However, the text of the political agreement is not yet publicly available. Further, although a political agreement has been reached, a number of details remain to be finalized in follow-up technical working meetings over the coming weeks.Continue Reading EU Artificial Intelligence Act: Nearing the Finish Line

On October 30, 2023, days ahead of government leaders convening in the UK for an international AI Safety Summit, the White House issued an Executive Order (“EO”) outlining an expansive strategy to support the development and deployment of safe and secure AI technologies (for further details on the EO, see our blog here). As readers will be aware, the European Commission released its proposed Regulation Laying Down Harmonized Rules on Artificial Intelligence (the EU “AI Act”) in 2021 (see our blog here). EU lawmakers are currently negotiating changes to the Commission text, with hopes of finalizing the text by the end of this year, although many of its obligations would only begin to apply to regulated entities in 2026 or later.

The EO and the AI Act stand as two important developments shaping the future of global AI governance and regulation. This blog post discusses key similarities and differences between the two.Continue Reading From Washington to Brussels: A Comparative Look at the Biden Administration’s Executive Order and the EU’s AI Act

A would-be technical development could have potentially significant consequences for cloud service providers established outside the EU. The proposed EU Cybersecurity Certification Scheme for Cloud Services (EUCS)—which has been developed by the EU cybersecurity agency ENISA over the past two years and is expected to be adopted by the European Commission as an implementing act in Q1 2024—would, if adopted in its current form, establish certain requirements that could:

  1. exclude non-EU cloud providers from providing certain (“high” level) services to European companies, and
  2. preclude EU cloud customers from accessing the services of these non-EU providers.

Continue Reading Implications of the EU Cybersecurity Scheme for Cloud Services

On June 27, 2023, the European Parliament and the Council of the EU reached a political agreement on the Data Act (see our previous blog post here), after 18 months of negotiations since the tabling of the Commission’s proposal in February 2022 (see our previous blog post here).  EU lawmakers bridged their differences on a number of topics, including governance matters, territorial scope, protection of trade secrets, and certain defined terms, among others.

The Data Act is a key component of the European strategy for data. Its objective is to remove barriers to the use and re-use of non-personal data, particularly as it relates to data generated by connected products and related services, including virtual assistants. It also seeks to facilitate the ability of customers to switch between providers of data processing services.

We’ve outlined below some key aspects of the new legislation.Continue Reading European Parliament and Council Release Agreed Text on Data Act

On 21 June 2023, at the close of a roundtable meeting of the G7 Data Protection and Privacy Authorities, regulators from the United States, France, Germany, Italy, United Kingdom, Canada and Japan published a joint “Statement on Generative AI” (“Statement”) (available here). In the Statement, regulators identify a range of data protection-related concerns they believe are raised by generative AI tools, including legal authority for processing personal information, and transparency, explainability, and security. The group of regulators also call on companies to “embed privacy in the design conception, operation, and management” of generative AI tools.

In advance of the G7 meeting, on 15 June 2023, the UK Information Commissioner’s Office (“ICO”) separately announced that it will be “checking” whether businesses have addressed privacy risks before deploying generative AI, and “taking action where there is risk of harm to people through poor use of their data”.Continue Reading UK and G7 Privacy Authorities Warn of Privacy Risks Raised by Generative AI

On 31 May 2023, at the close of the fourth meeting of the US-EU Trade & Tech Council (“TTC”), Margrethe Vestager – the European Union’s Executive Vice President, responsible for competition and digital strategy – announced that the EU and US are working together to develop a voluntary AI Code of Conduct in advance of formal regulation taking effect. The goal, according to Vestager, is to develop non-binding international standards on risk audits, transparency and other requirements for companies developing AI systems. The AI Code of Conduct, once finalized, would be put before G7 leaders as a joint transatlantic proposal, and companies would be encouraged to voluntarily sign up.Continue Reading EU and US Lawmakers Agree to Draft AI Code of Conduct