NIS2, the EU’s second Network and Information Systems Directive, is not going anywhere. While the swathe of organisations newly in scope of the EU’s hallmark cybersecurity directive may have hoped that the EU’s recent announcements on regulatory simplification (including the Digital Omnibus) might have reduced their compliance burden, in

Continue Reading NIS2’s extended scope takes a deep dive: Unpacking the EU Commission’s proposed expansion to Submarine Data Transmission Infrastructure

Conceptually, you think of IoT devices, but the CRA has a far broader scope of application. In this article we examine one of the tricky nuances – distinguishing between a digital product and SaaS under the CRA.

The EU’s Cyber Resilience Act (CRA) looks to reshape product cybersecurity

Continue Reading Cyber Resilience Act: the fine line between SaaS and digital products

Any cloud service provider seeking to offer cloud services to the German public sector will inevitably have to deal with the Supplementary Contractual Conditions for the Procurement of IT Services (Ergänzende Vertragsbedingungen für die Beschaffung von IT-Leistungen – “EVB-IT”). The EVB-IT were developed by the Federal/State/Local Cooperation

Continue Reading EVB-IT Cloud – Standard Contract with Leeway for Cloud Providers

The European Commission has just unveiled its proposal for the Digital Networks Act (DNA). The DNA marks a fundamental shift from regulating traditional “electronic communications” to a broader, cloud-integrated ecosystem of “digital networks”.

In a nutshell: The DNA replaces the fragmented framework of the 2018 Electronic Communications Code (EECC)

Continue Reading From Telecoms to “Digital Networks”: Navigating the EU’s New Digital Networks Act (DNA)

The ICO has, this week, published extensive guidance on its expectations on Agentic AI, ICO tech futures: Agentic AI | ICO. The UK data protection regulator’s core message is clear: the future of the success of this technology is rooted in accountability.

Investor expectations on the realisation of commercial

Continue Reading Why Investors should lean into privacy-centric AI: key takeaways from the ICO’s Agentic AI Guidance

Discussions surrounding the German Distance Learning Protection Act (FernUSG), which has been in effect since 1976, have gained momentum again in recent years in Germany. The reason is the growing popularity of online coaching. While remote coaching has already existed in some forms for over 30 years, the range of

Continue Reading Regulatory wake-up call: The increasing relevance of the German Distance Learning Protection Act (FernUSG) for digital coaching models

The Higher Regional Court of Hamburg has issued a ruling that contains important guidelines for the admissibility of AI training and data mining.

In its ruling dated 10 December 2025, the court dismissed the appeal brought by the photographer Robert Kneschke against the first-instance judgment of the Regional Court of

Continue Reading Robert Kneschke v. LAION: Judgment of 10 December 2025 (Ref.: 5 U 104/24)

The European Space Agency launched the James Webb Space Telescope on Christmas Day 2021 from its facility in French Guiana. A collaboration between NASA, CSA and ESA, the JWST’s launch could not have gone better – a perfect ballet of rocketry, automation and cutting -edge science. The James Webb continues

Continue Reading Digital Autofocus – Will Europe’s Digital Omnibus bring clarity to Regulation? 

In a significant stride toward strengthening digital stability in Europe’s financial sector, the European Supervisory Authorities (EBA, EIOPA, and ESMA) have, today, published the list of critical ICT third‑party service providers under the Digital Operational Resilience Act (DORA). This move gives the ESAs direct oversight of some of the

Continue Reading DORA’s Critical ICT Provider List Published – A New Milestone for Digital Resilience

The dream of directly effective supra-national legislation, applying in exactly the same way in each EU Member State: an EU Regulation should (in theory) provide the same protections in the same way at the same time to all EU citizens. As is ever the case, theory and reality rarely align

Continue Reading State of the Act: EU AI Act implementation in key Member States 

Earlier this week the European Policy Centre (with its partner the Vodafone Institute) published a new discussion paper looking at the strategic issues around European submarine cables and making some recommendations. Since it’s an area of work close to my heart I have reviewed and set out below – in

Continue Reading The Proposed European Strategy for Submarine Infrastructure