Regulatory Blog

On 17 February 2024, the Digital Services Act (DSA) came into effect, applying to all online intermediaries operating within the EU. This comprehensive regulation aims to enhance online safety, fairness, and transparency for users.

On 12 April 2024, the European Commission issued a set of much needed FAQs regarding reporting on outgoing transfers related to Article 5r under EU Council Regulation 833/2014.

On 13 March 2024, the European Parliament officially approved the AI Act, the world’s first regulation on artificial intelligence, with an overwhelming majority. The AI Act is a set of regulations designed to govern the deployment and use of AI systems – its mission is to both recognise the transformative potential of AI across various sectors, including healthcare, transportation, manufacturing, and energy, while also acknowledging the need for robust oversight to ensure the technology's safe and ethical utilisation.

On 20 February 2024, the EU Council removed the Bahamas, Belize, Seychelles, and Turks and Caicos Islands from its list of non-cooperative tax jurisdictions, leaving 12 jurisdictions on the list.

The European Commission has updated its Frequently Asked Questions on sanctions against Russia and Belarus.

The European Data Protection Board recently introduced a website auditing tool to improve compliance with the General Data Protection Regulation. This tool, developed within the framework of the EDPB Support Pool of Experts, is intended to be a pivotal resource for both legal and technical auditors at data protection authorities (DPAs), as well as controllers and processors looking to assess their own websites.

On 23 February 2024, the Council of the EU adopted the 13th package of sanctions and restrictive measures against the Russian regime, marking the two-year anniversary of Russia's invasion of Ukraine.

On the 12 February 2023, the EU Council has decided to regulate the handling of assets belonging to the Central Bank of Russia (CBR) which are immobilised due to EU sanctions. Financial institutions holding these assets must segregate revenues and follow specific rules. Central Securities Depositories (CSDs) with over €1 million of CBR assets must separate extraordinary cash balances and revenues, and are prohibited from disposing of net profits.

On 14 December 2023, the Court of Justice of the European Union (CJEU) issued a landmark ruling in the case of VB v. Natsionalna agentsia za prihodite (C‑340/21), placing a spotlight on the concept of non-material damage under Article 82 of the EU General Data Protection Regulation (GDPR) and specifically addressing the pivotal issue of the adequacy of technical and organisational measures (TOMs) in the context of a data breach.