Artificial Intelligence

On April 20, 2026, the Spanish Data Protection Agency (AEPD) has published new guidance on how to comply with the GDPR when using AI‑powered voice transcription tools. The guidance builds on earlier AEPD guidance on this topic from January 2026. This blog post sets out the key takeaways of both guidance documents, which are only available in Spanish.

The AEPD’s guidance confirms a risk‑based approach to AI‑powered voice transcription. Organizations using these tools should not treat transcription as a purely technical feature, but as a processing activity that requires continuous governance, clear transparency, and proactive safeguards. Given the widespread and growing use of transcription tools across business functions, this guidance is likely to be relevant well beyond Spain.

Continue Reading Spain’s Supervisory Authority Issues New Guidance on AI‑Based Voice Transcription

In February 2026, the Spanish data protection authority (Agencia Española de Protección de Datos, “AEPD”) published guidance on data protection issues related to the use of AI agents. The guidance follows an earlier, similar analysis by the UK Information Commissioner’s Office, which we discussed in a prior blog

Continue Reading Spanish Supervisory Authority Issues Detailed Guidance on Agentic AI and GDPR Compliance

On June 26, 2025, the European Parliament’s Committee on Employment and Social Affairs published a draft report (“Draft Report”) recommending that the Commission initiate the legislative process for an EU Directive on algorithmic management in the workplace.  The Draft Report defines algorithmic management as the use of automated systemsincluding those involving artificial intelligenceto monitor, assess, or make decisions affecting workers and solo self-employed persons.

This Draft Report follows a Commission study published in March 2025 (“Commission Study”), which found that while existing EU legislation, such as the GDPR, addresses some risks to workers from algorithmic management, others remain.  The Commission Study also recognizes that the AI Act does not establish specific rights for workers in the context of AI use, which is noted as a concern.

The Draft Report encloses the proposed text for a new Directive on algorithmic management in the workplace (“Proposed Directive”).  The Draft Report has not yet been endorsed by the European Parliament.

Continue Reading European Parliament Committee Recommends Commission to Propose EU Directive on Algorithmic Management

Federal legislation to “pause” state artificial intelligence regulations will not become law—for now—after the Senate stripped the measure from the budget reconciliation package, the One Big Beautiful Bill Act (H.R. 1).

The Senate voted 99–1 to strike the moratorium language from the bill during a marathon 27-hour “vote-a-rama” on July 1. The Senate voted 51–50, with Vice President J.D. Vance breaking the tie, to pass the bill (without the moratorium) and send it back to the House.  The House passed the Senate-amended bill on July 3 by a vote of 218–214, with all Democrats and two Republicans voting against.  President Trump signed the bill into law on July 4.

Continue Reading Senate Nixes State AI Enforcement Moratorium, For Now

On June 6, 2025, President Trump issued an Executive Order (“Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144”) (the “Order”) that modifies certain initiatives in prior Executive Orders issued by Presidents Obama and Biden and highlights key cybersecurity priorities for the current Administration.  Specifically, the Order (i) directs that existing federal government regulations and policy be revised to focus on securing third-party software supply chains, quantum cryptography, artificial intelligence, and Internet of Things (“IoT”) devices and (ii) more expressly focuses cybersecurity-related sanctions authorities on “foreign” persons.  Although the Order makes certain changes to prior cybersecurity related Executive Orders issued under previous administrations, it generally leaves the framework of those Executive Orders in place.  Further, it does not appear to modify other cybersecurity Executive Orders.[1]  To that end, although the Order highlights some areas where the Trump administration has taken a different approach than prior administrations, it also signals a more general alignment between administrations on core cybersecurity principles.

Continue Reading White House Issues New Cybersecurity Executive Order

On May 22, 2025, the Cybersecurity and Infrastructure Security Agency (“CISA”), which sits within the Department of Homeland Security (“DHS”) released guidance for AI system operators regarding managing data security risks.  The associated press release explains that the guidance provides “best practices for system operators to mitigate cyber risks through the artificial intelligence lifecycle, including consideration on securing the data supply chain and protecting data against unauthorized modification by threat actors.”  CISA published the guidance in conjunction with the National Security Agency, the Federal Bureau of Investigation, and cyber agencies from Australia, the United Kingdom, and New Zealand.  This guidance is intended for organizations using AI systems in their operations, including Defense Industrial Bases, National Security Systems owners, federal agencies, and Critical Infrastructure owners and operators. This guidance builds on the Joint Guidance on Deploying AI Systems Security released by CISA and several other U.S. and foreign agencies in April 2024.

Continue Reading CISA Releases AI Data Security Guidance

The “market” for AI contracting terms continues to evolve, and whilst there is no standardised approach (as much will depend on the use cases, technical features and commercial terms), a number of attempts have been made to put forward contracting models. One of the latest being from the EU’s Community of Practice on Public Procurement of AI, which published an updated version of its non-binding EU AI Model Contractual Clauses (“MCC-AI”) on March 5, 2025. The MCC-AI are template contractual clauses intended to be used by public organizations that procure AI systems developed by external suppliers.  An initial draft had been published in September 2023.  This latest version has been updated to align with the EU AI Act, which entered into force on August 1, 2024 but whose terms apply gradually in a staggered manner.  Two templates are available: one for public procurement of “high-risk” AI systems, and another for non-high-risk AI systems. A commentary, which provides guidance on how to use the MCC-AI, is also available.

Continue Reading EU’s Community of Practice Publishes Updated AI Model Contractual Clauses

Kenya has released its first National Artificial Intelligence Strategy (2025–2030), a landmark document on the continent that sets out a government-led vision for ethical, inclusive, and innovation-driven AI adoption. Framed as a foundational step in the country’s digital transformation agenda, the strategy articulates policy ambitions that will be of

Continue Reading Kenya’s AI Strategy 2025–2030: Signals for Global Companies Operating in Africa

On February 4, 2025, the Japanese Government announced its intention to position Japan as “the most AI-friendly country in the world”, with a lighter regulatory approach than that of the EU and some other nations.  This statement follows: (i) the Japanese government’s recent submission of an AI bill to Japan’s Parliament, and (ii) the Japanese Personal Data Protection Commission’s (“PPC”) proposals to amend the Japanese Act on the Protection of Personal Information (“APPI”) to facilitate the use of personal data for the development of AI.

Continue Reading Japan Plans to Adopt AI-Friendly Legislation

State lawmakers are considering a diverse array of AI legislation, with hundreds of bills introduced in 2025.  As described further in this blog post, many of these AI legislative proposals fall into several key categories: (1) comprehensive consumer protection legislation similar to the Colorado AI Act, (2) sector-specific legislation on automated decision-making, (3) chatbot regulation, (4) generative AI transparency requirements, (5) AI data center and energy usage requirements, and (6) frontier model public safety legislation.  Although these categories represent just a subset of current AI legislative activity, they illustrate the major priorities of state legislatures and highlight new AI laws that may be on the horizon.

Continue Reading State Legislatures Consider New Wave of 2025 AI Legislation