European Union

On 25 June 2025, the European Commission (“EC”) announced its long-awaited proposal for a Regulation on the safety, resilience, and sustainability of space activities in the EU (the “Draft EU Space Act” or “Draft EUSA”). The Draft EUSA proposes to impose obligations on providers of “space services,” which are:

  • The operation and control of human-made objects sent to space;
  • The provision of space launch services;
  • Services provided by “primary providers of space-based data,” a term covering providers that carry out the first processing of either communications data or observation data received from outer space (which may include electronic communications service providers);
  • In-space services and operations; and
  • Collision-avoidance services.

Most of the obligations in the Draft EUSA would apply to providers of space services that are located in the EU, and those located outside the EU but that provide services to space operators in the EU. However, the rules on safety described below would apply to space objects that generate data or enable the provision of space services in the EU. These rules, and certain rules on collision avoidance, would also apply to space objects that at or lower than a geostationary orbit.

The explanatory memorandum notes that 13 EU Member States have passed national legislation related to space, which creates the risk of a fragmented internal market for the space sector. The Draft EUSA therefore establishes rules in four main areas in an attempt to harmonize the law relating to this sector, namely authorization and registration requirements, and obligations to ensure safety, resilience, and sustainability of space services. We describe these in more detail below.

Continue Reading The European Commission announces a proposal for the first EU Space Act

There is an ongoing debate in Brussels about the circumstances under which AI-based safety components integrated into radio equipment are subject to the requirements for high-risk AI systems of the EU Artificial Intelligence Act 2024/1689 (the “AI Act”). The debate is particularly relevant because, if AI-based safety components are considered high-risk under the AI Act, they will be subject to a comprehensive set of regulatory requirements under the AI Act as of August 2, 2027. These requirements include risk management, data quality measures, transparency towards users, human oversight, as well as obligations relating to accuracy, robustness, and cybersecurity.

The discussion affects devices like smartphones with AI-driven emergency call features, smart home safety systems, smart home appliances and drones using AI for obstacle avoidance and emergency landing. In effect, many, if not all, of the AI-based safety components of internet-connected radio equipment could be subject to the AI Act’s requirements for high-risk AI systems.

Below we briefly outline the framework of the current debate.

Continue Reading When is a Safety Component of Radio Equipment a High-Risk AI System Under the EU Artificial Intelligence Act?

On 24 June 2025, the European Commission published its “roadmap” for ensuring lawful and effective access to data by law enforcement (“Roadmap”). The Roadmap forms a key part of the Commission’s internal security strategy, which was announced in April, and follows on from the November 2024 recommendations of the High-Level Group on Access to Data for Effective Law Enforcement.

Of most immediate relevance to electronic communications service (“ECS”) providers, the Commission intends to propose new data retention requirements, is considering changes to better enable cross-border live interception of communications, and will support the development of tools enabling law enforcement authorities (“LEAs”) to access encrypted data. We describe these proposals, and other elements of the Roadmap, in more detail below.

Continue Reading European Commission publishes its plan to enable more effective law enforcement access to data

EU lawmakers are reportedly considering a delay in the enforcement of certain provisions of the EU Artificial Intelligence Act (AI Act). While the AI Act formally entered into force on 1 August 2024, its obligations apply on a rolling basis. Requirements related to AI literacy and the prohibition of specific AI practices have been applicable since 2 February 2025. Additional obligations are scheduled to come into effect on 2 August 2025 (general-purpose AI (GPAI) model obligations), 2 August 2026 (transparency obligations and obligations on Annex III high-risk AI systems), and 2 August 2027 (obligations on Annex I high-risk AI systems). The timeline and certainty of regulatory enforcement of these future obligations now appears uncertain.

Continue Reading European Commission hints at delaying the AI Act

On 28 June 2025, the European Accessibility Act (“EAA”)—a 2019 directive—will begin applying to covered products and services.  The EAA imposes various obligations on technology and online service providers among others, requiring them to ensure that the products and services that they offer in the EU are made accessible to consumers with disabilities. According to its recitals, the goal of the EAA is to increase the availability of accessible products and services in the EU and improve the accessibility of information provided to consumers about those products and services.

Continue Reading European Accessibility Act: June 2025 deadline has arrived

In February 2025, the European Commission published two sets of guidelines to clarify key aspects of the EU Artificial Intelligence Act (“AI Act”): Guidelines on the definition of an AI system and Guidelines on prohibited AI practices. These guidelines are intended to provide guidance on the set of AI Act obligations that started to apply on February 2, 2025 – which includes the definitions section of the AI Act, obligations relating to AI literacy, and prohibitions on certain AI practices.

This article summarizes the key takeaways from the Commission’s guidelines on the definition of AI systems (the “Guidelines”). Please see our blogs on the guidelines on prohibited AI practices here, and our blog on AI literacy requirements under the AI Act here.

Continue Reading European Commission Guidelines on the Definition of an “AI System”

In February 2025, the European Commission published two sets of guidelines to clarify key aspects of the EU Artificial Intelligence Act (“AI Act”): Guidelines on the definition of an AI system and Guidelines on prohibited AI practices. These guidelines are intended to provide guidance on the set of AI Act obligations that started to apply on February 2, 2025 – which includes the definitions section of the AI Act, obligations relating to AI literacy, and prohibitions on certain AI practices.

This article summarizes the key takeaways from the Commission’s guidelines on prohibited AI practices (“Guidelines”). Please see our blogs on the guidelines on the definition of AI systems here, and our blog on AI literacy requirements under the AI Act here.

Continue Reading European Commission Guidelines on Prohibited AI Practices under the EU Artificial Intelligence Act

On April 3, 2025, the Budapest District Court made a request for a preliminary ruling to the Court of Justice of the European Union (“CJEU”) relating to the application of EU copyright rules to outputs generated by large language model (LLM)-based chatbots, specifically Google’s Gemini (formerly Bard), in response to a user prompt. This Case C-250/25 involves a dispute between Like Company, a Hungarian news publisher, and Google Ireland Ltd.

Continue Reading CJEU Receives Questions on Copyright Rules Applying to AI Chatbot

On June 2, 2025, the Global Cross-Border Privacy Rules (“CBPR”) Forum officially launched the Global CBPR and Privacy Recognition for Processors (“PRP”) certifications.  Building on the existing Asia-Pacific Economic Cooperation (“APEC”) CBPR framework, the Global CBPR and PRP systems aim to extend privacy certifications beyond the APEC region.  They will allow controllers and processors to voluntarily undergo certification for their privacy and data governance measures under a framework that is recognized by many data protection authorities around the world.  The Global CBPR and PRP certifications are also expected to be recognized in multiple jurisdictions as a legitimizing mechanism for cross-border data transfers.

Continue Reading Global CBPR and PRP Certifications Launched: A New International Data Transfer Mechanism

On May 14, 2025, Covington convened experts across our practice groups for the Fourth Annual Covington Robotics Forum to explore the legal and regulatory risks and opportunities impacting robotics, AI, and connected devices. Eight Covington attorneys discussed global forecasts relevant to these spaces in a highly concentrated 90-minute session, culminating in an Industry Spotlight moderated

Continue Reading Covington Robotics Forum Spotlight – Enhanced Autonomy: Strategies to Navigate New Regulations, Risks & Opportunities