European Union

EU lawmakers are reportedly considering a delay in the enforcement of certain provisions of the EU Artificial Intelligence Act (AI Act). While the AI Act formally entered into force on 1 August 2024, its obligations apply on a rolling basis. Requirements related to AI literacy and the prohibition of specific AI practices have been applicable since 2 February 2025. Additional obligations are scheduled to come into effect on 2 August 2025 (general-purpose AI (GPAI) model obligations), 2 August 2026 (transparency obligations and obligations on Annex III high-risk AI systems), and 2 August 2027 (obligations on Annex I high-risk AI systems). The timeline and certainty of regulatory enforcement of these future obligations now appears uncertain.Continue Reading European Commission hints at delaying the AI Act

On 28 June 2025, the European Accessibility Act (“EAA”)—a 2019 directive—will begin applying to covered products and services.  The EAA imposes various obligations on technology and online service providers among others, requiring them to ensure that the products and services that they offer in the EU are made accessible to consumers with disabilities. According to its recitals, the goal of the EAA is to increase the availability of accessible products and services in the EU and improve the accessibility of information provided to consumers about those products and services.Continue Reading European Accessibility Act: June 2025 deadline has arrived

In February 2025, the European Commission published two sets of guidelines to clarify key aspects of the EU Artificial Intelligence Act (“AI Act”): Guidelines on the definition of an AI system and Guidelines on prohibited AI practices. These guidelines are intended to provide guidance on the set of AI Act obligations that started to apply on February 2, 2025 – which includes the definitions section of the AI Act, obligations relating to AI literacy, and prohibitions on certain AI practices.

This article summarizes the key takeaways from the Commission’s guidelines on the definition of AI systems (the “Guidelines”). Please see our blogs on the guidelines on prohibited AI practices here, and our blog on AI literacy requirements under the AI Act here.Continue Reading European Commission Guidelines on the Definition of an “AI System”

In February 2025, the European Commission published two sets of guidelines to clarify key aspects of the EU Artificial Intelligence Act (“AI Act”): Guidelines on the definition of an AI system and Guidelines on prohibited AI practices. These guidelines are intended to provide guidance on the set of AI Act obligations that started to apply on February 2, 2025 – which includes the definitions section of the AI Act, obligations relating to AI literacy, and prohibitions on certain AI practices.

This article summarizes the key takeaways from the Commission’s guidelines on prohibited AI practices (“Guidelines”). Please see our blogs on the guidelines on the definition of AI systems here, and our blog on AI literacy requirements under the AI Act here.Continue Reading European Commission Guidelines on Prohibited AI Practices under the EU Artificial Intelligence Act

On April 3, 2025, the Budapest District Court made a request for a preliminary ruling to the Court of Justice of the European Union (“CJEU”) relating to the application of EU copyright rules to outputs generated by large language model (LLM)-based chatbots, specifically Google’s Gemini (formerly Bard), in response to a user prompt. This Case C-250/25 involves a dispute between Like Company, a Hungarian news publisher, and Google Ireland Ltd.Continue Reading CJEU Receives Questions on Copyright Rules Applying to AI Chatbot

On June 2, 2025, the Global Cross-Border Privacy Rules (“CBPR”) Forum officially launched the Global CBPR and Privacy Recognition for Processors (“PRP”) certifications.  Building on the existing Asia-Pacific Economic Cooperation (“APEC”) CBPR framework, the Global CBPR and PRP systems aim to extend privacy certifications beyond the APEC region.  They will allow controllers and processors to voluntarily undergo certification for their privacy and data governance measures under a framework that is recognized by many data protection authorities around the world.  The Global CBPR and PRP certifications are also expected to be recognized in multiple jurisdictions as a legitimizing mechanism for cross-border data transfers.Continue Reading Global CBPR and PRP Certifications Launched: A New International Data Transfer Mechanism

On May 14, 2025, Covington convened experts across our practice groups for the Fourth Annual Covington Robotics Forum to explore the legal and regulatory risks and opportunities impacting robotics, AI, and connected devices. Eight Covington attorneys discussed global forecasts relevant to these spaces in a highly concentrated 90-minute session, culminating in an Industry Spotlight moderated

Continue Reading Covington Robotics Forum Spotlight – Enhanced Autonomy: Strategies to Navigate New Regulations, Risks & Opportunities

The European Commission first published a proposal for an AI Liability Directive (“AILD”) in September 2022 as part of a broader set of initiatives, including proposals for a new Product Liability Directive (“new PLD”) and the EU AI Act (see our blog posts here, here and here).

The AILD was intended to introduce uniform rules for certain aspects of non-contractual civil claims relating to AI, by introducing disclosure requirements and rebuttable presumptions.

However, unlike the new PLD and EU AI Act, which have both been adopted and have entered into force, the AILD has encountered stagnation and resistance during the legislative process.Continue Reading The Future of the AI Liability Directive

On January 29 – 31, 2025, Covington convened authorities from across our practice groups for the Sixth Annual Technology Forum, which explored recent global developments affecting businesses that develop, deploy, and use cutting-edge technologies. Seventeen Covington attorneys discussed global regulatory trends and forecasts relevant to these industries, highlights of which are captured below.  Please click here to access any of the segments from the 2025 Tech Forum.

Day 1: What’s Happening Now in the U.S. & Europe

Early Days of the New U.S. Administration

Covington attorney Holly Fechner and Covington public policy authority Bill Wichterman addressed how the incoming administration has signaled a shift in technology policy, with heightened scrutiny on Big Tech, AI, cryptocurrency, and privacy regulations. A new Executive Order on AI aims to remove barriers to American leadership in AI, while trade controls and outbound investment restrictions seek to strengthen national security in technology-related transactions. Meanwhile, the administration’s approach to decoupling from China is evolving, with stricter protectionist measures replacing prior subsidy-based initiatives.Continue Reading Covington Technology Forum Spotlight – The Great Race: Keeping Up as Technology and Regulation Rapidly Evolve

The Commission and the European Board for Digital Services have announced the integration of the revised voluntary Code of conduct on countering illegal hate speech online + (“Code of Conduct+”) into the framework of the Digital Services Act (“DSA”). Article 45 of the DSA states that, where significant systemic risks emerge under Article 34(1) (concerning the obligation on very large online platforms (“VLOPs”) and very large online search engines (“VLOSEs”) to identify, analyse, and assess systemic risks), and concern several VLOPs or VLOSEs, the Commission may invite VLOPs and VLOSEs to participate in the drawing up of codes of conduct, including commitments to take risk mitigation measures and to report on those measures and their outcomes. The Code of Conduct+ was adopted in this context. VLOPs and VLOSEs’ adherence to the Code of Conduct+ may be considered as a risk mitigation measure under Article 35 DSA, but participation in and implementation of the Code of Conduct+ “should not in itself presume compliance with [the DSA]” (Recital 104).

The Code of Conduct+—which builds on the Commission’s original Code of Conduct on countering illegal hate speech online, published in 2016—seeks to strengthen how Signatories address content defined by EU and national laws as illegal hate speech. Adhering to the Code of Conduct+’s commitments will be part of the annual independent audit of VLOPs and VLOSEs required by the DSA (Art. 37(1)(b)), but smaller companies are free to sign up to the Code as well.Continue Reading Introduction of the Revised Code of Conduct+ and the Digital Services Act