Organisations increasingly use AI-enabled tools throughout the recruitment process. These tools screen CVs, score suitability, run online assessments, and analyse behaviour. They can speed up hiring and may help reduce the human bias found in traditional recruitment. However, their use often clashes with data protection rules that limit decisions based only on automated processing. On
S‑RM’s 2026 Cyber Incident Insights Report offers one of the clearest indicators yet of how rapidly the global threat landscape is shifting. Drawing on more than 800 incidents handled throughout 2025, the report reveals a ransomware ecosystem that is expanding, fragmenting and becoming less predictable, while AI adoption(on both sides of the divide) introduces new
On 10 February 2026, the Federal Government adopted its official government draft (Regierungsentwurf) for the AI Market Surveillance and Innovation Promotion Act (KI-Marktüberwachungs- und Innovationsförderungs-Gesetz – KI-MIG), setting out Germany’s supervisory architecture, enforcement powers, and penalty regime for AI systems under the EU AI Act (Regulation (EU) 2024/1689).
In our earlier overview of
After a legislative lull last year, 2026 has brought a new wave of state privacy lawmaking activity.
A number of states have introduced comprehensive state privacy bills during the legislative cycle, reflecting a continued trend toward expanding individual privacy rights and creating new compliance obligations on businesses that collect and process personal data.
While many
Navigating Simplification Without Sacrificing Safeguards: Key Takeaways
As the EU begins the complex task of making the European Artificial Intelligence Act[1] (the “AI Act”) workable in real life, the European Commission’s Proposal for a Regulation amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial
Conceptually, you think of IoT devices, but the CRA has a far broader scope of application. In this article we examine one of the tricky nuances – distinguishing between a digital product and SaaS under the CRA.
The EU’s Cyber Resilience Act (CRA) looks to reshape product cybersecurity by imposing uniform baseline requirements on “products
On 5 February 2026, the main changes to data protection legislation in Part 5 of the Data (Use and Access) Act 2025 (“DUAA”) came into force.
The DUAA was passed and received Royal Assent on 19 June 2025. Although some of the DUUA provisions came into force automatically, many of the reforms need to be
The European Commission has just unveiled its proposal for the Digital Networks Act (DNA). The DNA marks a fundamental shift from regulating traditional “electronic communications” to a broader, cloud-integrated ecosystem of “digital networks”.
In a nutshell: The DNA replaces the fragmented framework of the 2018 Electronic Communications Code (EECC) with a directly applicable Regulation. Unlike
The ICO has, this week, published extensive guidance on its expectations on Agentic AI, ICO tech futures: Agentic AI | ICO. The UK data protection regulator’s core message is clear: the future of the success of this technology is rooted in accountability.
Investor expectations on the realisation of commercial benefits from AI deployment are
The Higher Regional Court of Hamburg has issued a ruling that contains important guidelines for the admissibility of AI training and data mining.
In its ruling dated 10 December 2025, the court dismissed the appeal brought by the photographer Robert Kneschke against the first-instance judgment of the Regional Court of Hamburg dated 27 September 2024 (Ref.: 310