On 10 June 2026, the Italian Council of Ministers approved, at a preliminary stage, two draft legislative decrees on artificial intelligence.

The first draft concerns the powers of national authorities, supervision, sanctions, testing environments and training, and also contains provisions relating to employment.

The second draft regulates the use of

Continue Reading AI: Italian Government gives initial approval to national implementing decrees

Quantum computing is poised to profoundly reshape the cybersecurity landscape, with significant legal and regulatory implications. By introducing fundamentally different computational methods, enabling the simultaneous processing of multiple possibilities, quantum computing has the potential to undermine and ultimately render many traditional encryption techniques ineffective. The result is a significant systemic

Continue Reading Quantum Computing and the Future of Cyber Security

The KRITIS Umbrella Act (Dachgesetz zur Stärkung der physischen Resilienz kritischer AnlagenKRITISDachG) has been in effect since March 17, 2026. For operators of critical infrastructure in Germany, this means: new obligations, tight deadlines, and hefty fines require swift action. For the first time, the law establishes

Continue Reading KRITIS Umbrella Act Now in Effect: What Critical Infrastructure Operators Need to Know and Do

Organisations increasingly use AI-enabled tools throughout the recruitment process. These tools screen CVs, score suitability, run online assessments, and analyse behaviour. They can speed up hiring and may help reduce the human bias found in traditional recruitment. However, their use often clashes with data protection rules that limit decisions based

Continue Reading UK: ICO Report on Automated Decision-Making in Recruitment

Providers of online coaching services take note: The German Federal Court of Justice (BGH) has recently provided clarity on which coaching offerings qualify as “distance learning” and thus, fall under the approval requirement of the German Distance Learning Act (FernUSG).

Anyone offering digital coaching models without the required official approval

Continue Reading Notable Decision for Digital Coaching Models

On 10 February 2026, the Federal Government adopted its official government draft (Regierungsentwurf) for the AI Market Surveillance and Innovation Promotion Act (KI-Marktüberwachungs- und Innovationsförderungs-GesetzKI-MIG), setting out Germany’s supervisory architecture, enforcement powers, and penalty regime for AI systems under the EU AI Act (

Continue Reading Germany’s AI Implementation Act (KI-MIG): Who are the responsible supervisory authorities?

NIS2, the EU’s second Network and Information Systems Directive, is not going anywhere. While the swathe of organisations newly in scope of the EU’s hallmark cybersecurity directive may have hoped that the EU’s recent announcements on regulatory simplification (including the Digital Omnibus) might have reduced their compliance burden, in

Continue Reading NIS2’s extended scope takes a deep dive: Unpacking the EU Commission’s proposed expansion to Submarine Data Transmission Infrastructure

Conceptually, you think of IoT devices, but the CRA has a far broader scope of application. In this article we examine one of the tricky nuances – distinguishing between a digital product and SaaS under the CRA.

The EU’s Cyber Resilience Act (CRA) looks to reshape product cybersecurity

Continue Reading Cyber Resilience Act: the fine line between SaaS and digital products

Any cloud service provider seeking to offer cloud services to the German public sector will inevitably have to deal with the Supplementary Contractual Conditions for the Procurement of IT Services (Ergänzende Vertragsbedingungen für die Beschaffung von IT-Leistungen – “EVB-IT”). The EVB-IT were developed by the Federal/State/Local Cooperation

Continue Reading EVB-IT Cloud – Standard Contract with Leeway for Cloud Providers

The European Commission has just unveiled its proposal for the Digital Networks Act (DNA). The DNA marks a fundamental shift from regulating traditional “electronic communications” to a broader, cloud-integrated ecosystem of “digital networks”.

In a nutshell: The DNA replaces the fragmented framework of the 2018 Electronic Communications Code (EECC)

Continue Reading From Telecoms to “Digital Networks”: Navigating the EU’s New Digital Networks Act (DNA)

The ICO has, this week, published extensive guidance on its expectations on Agentic AI, ICO tech futures: Agentic AI | ICO. The UK data protection regulator’s core message is clear: the future of the success of this technology is rooted in accountability.

Investor expectations on the realisation of commercial

Continue Reading Why Investors should lean into privacy-centric AI: key takeaways from the ICO’s Agentic AI Guidance