European Union

In this blog post we set out key practical steps for technology-focused deal-making, having regard to the regulatory, antitrust and foreign investment screening issues identified in our earlier blogs here and here.

Key impacts of technology regulation on deal outcomes

The evolving regulatory landscape is having a significant impact on deal outcomes, including (i) longer timelines due to complex regulatory approval requirements; (ii) higher diligence burden, especially around data, AI and ownership transparency; (iii) greater risk allocation pressure in deal terms; and (iv) increased use of creative structures to mitigate regulatory exposure. Continue Reading Technology Industry Trends and M&A Outlook in the EU and UK, Part 3: Recommendations for Tech M&A and Strategic Transactions

Until the last year, merger control in the UK has been fairly hostile towards tech deals, with a highly interventionist competition authority taking an uncompromising line on global deals; even where those deals had only a limited nexus to the UK. The EU has generally taken a more pragmatic approach, clearing Google’s acquisition of Fitbit in 2020, and Microsoft’s acquisition of Activision in May 2023, following the acceptance of remedies by the tech firms. However, it, too, has taken some more hardline positions, such as prohibiting the Booking.com/etraveli merger based on a novel theory of harm related to the Booking.com travel ecosystem. 

This has all taken place against the backdrop of an explosion of tech regulation (see our prior blog post here). The wave of new rules also introduced new merger filing requirements for those tech firms who have been designated as gatekeepers in the EU (under the Digital Markets Act (DMA) (2022)), or firms with strategic market status in the UK (under the Digital Markets Competition and Consumers Act (DMCCA) (2024)). Just this month the CMA designated Google with strategic market status (SMS) in general search and search advertising services. This comes, almost to the day, two years after the EU’s designation of Google’s parent company and five others as gatekeepers. More tech regulation is on the horizon, for example the remaining parts of the AI Act, on general-purpose AI, are due to enter into force in the EU in August 2026.Continue Reading Technology Industry Trends and M&A Outlook in the EU and UK, Part 2: Antitrust/FDI Environment for Tech

Technology-focused deals are driving many of the largest global M&A and strategic transactions—whether digital infrastructure, artificial intelligence (AI), digital services or gaming. The successful execution of these transactions and ultimate success of the business opportunities promised by them, depends on understanding how emerging technology, regulation and market norms are evolving. In this three-part blog series, from an EU and a UK perspective, we will cover: (1) the new regulatory landscape for tech, (2) the evolving antitrust and foreign investment screening environment and (3) recommendations for planning, structuring and executing technology-focused M&A and other strategic transactions.Continue Reading Technology Industry Trends and M&A Outlook in the EU and UK, Part 1: The New Regulatory Landscape for Tech

Before issuing a proposal for a Quantum Act, the European Commission has issued a call for evidence (“Call for Evidence”), asking for views from all stakeholders on the best approach to addressing structural problems that the Commission has identified in the areas of research, industrial capacity, and supply chain resilience. Industry stakeholders already grappling with multiple EU data and cyber-related laws, regulations, and assessment procedures may be most interested in the proposal to develop an EU-level monitoring and resilience framework for supply chain products needed to build quantum technologies. The Call for Evidence is open until 26 November 2025Continue Reading European Commission launches a call for evidence on the impact assessment for the forthcoming EU Quantum Act

On September 23, 2025, the Italian law on artificial intelligence (hereinafter, “Italian AI Law”) was signed into law, after receiving final approval by the Italian Senate on September 17, 2025. 

The law consists of varied provisions, including general principles and targeted sectoral rules in certain areas not covered by the EU AI Act.  The Italian AI Law will enter into force on October 10, 2025.

We provide below an overview of key aspects of the final text of the Italian AI Law.  For full detail, please see our previous blogpost here.Continue Reading Italy Adopts Artificial Intelligence Law

On June 26, 2025, the European Parliament’s Committee on Employment and Social Affairs published a draft report (“Draft Report”) recommending that the Commission initiate the legislative process for an EU Directive on algorithmic management in the workplace.  The Draft Report defines algorithmic management as the use of automated systemsincluding those involving artificial intelligenceto monitor, assess, or make decisions affecting workers and solo self-employed persons.

This Draft Report follows a Commission study published in March 2025 (“Commission Study”), which found that while existing EU legislation, such as the GDPR, addresses some risks to workers from algorithmic management, others remain.  The Commission Study also recognizes that the AI Act does not establish specific rights for workers in the context of AI use, which is noted as a concern.

The Draft Report encloses the proposed text for a new Directive on algorithmic management in the workplace (“Proposed Directive”).  The Draft Report has not yet been endorsed by the European Parliament.Continue Reading European Parliament Committee Recommends Commission to Propose EU Directive on Algorithmic Management

On 25 June 2025, the European Commission (“EC”) announced its long-awaited proposal for a Regulation on the safety, resilience, and sustainability of space activities in the EU (the “Draft EU Space Act” or “Draft EUSA”). The Draft EUSA proposes to impose obligations on providers of “space services,” which are:

  • The operation and control of human-made objects sent to space;
  • The provision of space launch services;
  • Services provided by “primary providers of space-based data,” a term covering providers that carry out the first processing of either communications data or observation data received from outer space (which may include electronic communications service providers);
  • In-space services and operations; and
  • Collision-avoidance services.

Most of the obligations in the Draft EUSA would apply to providers of space services that are located in the EU, and those located outside the EU but that provide services to space operators in the EU. However, the rules on safety described below would apply to space objects that generate data or enable the provision of space services in the EU. These rules, and certain rules on collision avoidance, would also apply to space objects that at or lower than a geostationary orbit.

The explanatory memorandum notes that 13 EU Member States have passed national legislation related to space, which creates the risk of a fragmented internal market for the space sector. The Draft EUSA therefore establishes rules in four main areas in an attempt to harmonize the law relating to this sector, namely authorization and registration requirements, and obligations to ensure safety, resilience, and sustainability of space services. We describe these in more detail below.Continue Reading The European Commission announces a proposal for the first EU Space Act

There is an ongoing debate in Brussels about the circumstances under which AI-based safety components integrated into radio equipment are subject to the requirements for high-risk AI systems of the EU Artificial Intelligence Act 2024/1689 (the “AI Act”). The debate is particularly relevant because, if AI-based safety components are considered high-risk under the AI Act, they will be subject to a comprehensive set of regulatory requirements under the AI Act as of August 2, 2027. These requirements include risk management, data quality measures, transparency towards users, human oversight, as well as obligations relating to accuracy, robustness, and cybersecurity.

The discussion affects devices like smartphones with AI-driven emergency call features, smart home safety systems, smart home appliances and drones using AI for obstacle avoidance and emergency landing. In effect, many, if not all, of the AI-based safety components of internet-connected radio equipment could be subject to the AI Act’s requirements for high-risk AI systems.

Below we briefly outline the framework of the current debate.Continue Reading When is a Safety Component of Radio Equipment a High-Risk AI System Under the EU Artificial Intelligence Act?

On 24 June 2025, the European Commission published its “roadmap” for ensuring lawful and effective access to data by law enforcement (“Roadmap”). The Roadmap forms a key part of the Commission’s internal security strategy, which was announced in April, and follows on from the November 2024 recommendations of the High-Level Group on Access to Data for Effective Law Enforcement.

Of most immediate relevance to electronic communications service (“ECS”) providers, the Commission intends to propose new data retention requirements, is considering changes to better enable cross-border live interception of communications, and will support the development of tools enabling law enforcement authorities (“LEAs”) to access encrypted data. We describe these proposals, and other elements of the Roadmap, in more detail below.Continue Reading European Commission publishes its plan to enable more effective law enforcement access to data

EU lawmakers are reportedly considering a delay in the enforcement of certain provisions of the EU Artificial Intelligence Act (AI Act). While the AI Act formally entered into force on 1 August 2024, its obligations apply on a rolling basis. Requirements related to AI literacy and the prohibition of specific AI practices have been applicable since 2 February 2025. Additional obligations are scheduled to come into effect on 2 August 2025 (general-purpose AI (GPAI) model obligations), 2 August 2026 (transparency obligations and obligations on Annex III high-risk AI systems), and 2 August 2027 (obligations on Annex I high-risk AI systems). The timeline and certainty of regulatory enforcement of these future obligations now appears uncertain.Continue Reading European Commission hints at delaying the AI Act