Over the past few months, Chinese regulators have taken steps to update the country’s cybersecurity framework, with a particular focus on artificial intelligence (AI) safety and clarifying incident reporting obligations for onshore infrastructure. These developments reflect a broader trend toward more proactive AI and cyber governance and could signal priorities for the year ahead.
Why AI Risk Is Now Every Company’s Problem (and How to Manage It)
“We need someone to figure out our AI governance plan, and everyone thinks it should be you.”
If you work in privacy, or your role intersects with it, you’ve probably heard or had this conversation. Maybe it came from Legal after they realized the new vendor contract doesn’t address AI data processing. Perhaps it was
European Commission Publishes Apply AI Strategy to Accelerate Sectoral AI Adoption Across the EU
On 8 October 2025, the European Commission published its Apply AI Strategy (the “Strategy”), a comprehensive policy framework aimed at accelerating the adoption and integration of artificial intelligence (“AI”) across strategic industrial sectors and the public sector in the EU.
The Strategy is structured around three pillars: (1) introducing sectoral flagships to boost AI use
EU Member States Begin Rolling Out New Product Liability Rules
By December 9, 2026, all EU Member States must update their product liability laws to align with the (new) Product Liability Directive (EU) 2024/2853 (“PLD”). The PLD imposes liability on manufacturers of products (and other relevant parties) for harm caused by defective products, regardless of fault. The PLD modernizes the current EU product liability framework
“Smile, You’re on Camera”: Meets GDPR and U.S. Privacy Law in the retail context
A Bavarian court held that a store’s private security guard lawfully used a body-worn camera under Article 6(1)(f) GDPR to protect property, maintain order, and ensure staff safety, in a decision that provides actionable insights for U.S.-based retailers as well.
The court blessed the recording because the store took a number of privacy-protective measures:
- The
Accelerating AI Adoption Through AI Week
When Big Doesn’t Mean Bulletproof: The Importance of Third-Party Service Provider Due Diligence
Leaders charged with safeguarding data privacy and cybersecurity often assume that size equates to security—that large, well-resourced organizations must have airtight defenses against cyberattacks and data breaches. It’s a natural assumption: mature enterprises tend to have robust policies, advanced technology, and deep security teams. Yet, as recent events remind us, even the biggest organizations can
UK: It’s time to act – the UK National Cyber Security Centre’s wake-up call for business leaders
Visible cyber fallout is everywhere. Impact to business operations (and therefore revenue) including halted production lines, emptied supermarket shelves, online payment unavailability, and patient backlogs have all brought cyber into the media and the boardroom at an alarming rate in the last year. Last week, the NCSC’s Annual Review 2025[1] showed impact climbing fast
California Enacts New Privacy Laws
Recently, California Governor Gavin Newsom signed into law several privacy and related proposals, including new laws governing browser opt-out preference signals, social media account deletion, data brokers, reproductive and health services, age signals for app stores, social media “black box warning” labels for minors, and companion chatbots. This blog summarizes the statutes’ key takeaways.
- Opt-Out
UK: ICO v Clearview – a test of the ICO’s reach?
Summary
The Upper Tribunal (UT) has handed down its judgment in the UK Information Commissioner’s (Information Commissioner) appeal against the First-tier Tribunal (FTT) decision on Clearview AI Inc (Clearview). The UT upheld three of the Commissioner’s four grounds of appeal, concluding that:
- Clearview’s processing of personal information is related to monitoring of behaviour of UK