The ICO has kicked off 2026 with sharing its early thoughts on the data protection implications of agentic AI in its ICO tech futures: Agentic AI report. The report considers the novel data protection risks presented by agentic AI. It also considers how adoption could impact the risks and the effect that will have
Data Protection Report
Data protection legal insight at the speed of technology
Happy e-Discovery Day
Happy e-Discovery Day! On December 4, 2025, legal professionals around the globe will unite to celebrate e-Discovery Day, a day where we honor the pivotal 2006 amendments to the Federal Rules of Civil Procedure (FRCP) that marked a turning point formally recognizing electronically stored information (ESI) as a central component of modern legal discovery.
As…
Update: CISA 2015 is reauthorized until January 2026
The Cybersecurity Information Sharing Act of 2015 (CISA 2015) has been temporarily reauthorized as part of the broader legislation passed on November 12, 2025, to reopen the federal government. Under the appropriation legislation, CISA 2015 is now reauthorized until January 30, 2026.
As previously discussed in details on this blog, CISA 2015 expired at…
Changes to EU and UK data protection law – a tale of two GDPRs?
The EU Commission recently held a call for evidence on “simplification” of legislation in the data, cybersecurity, and AI space, ahead of a “Digital Omnibus” Act. These changes look to make the EU’s digital rulebook more innovation-friendly, supporting the Commission’s Competitiveness Compass.
The Commission is due to present its simplification proposals on 19 November. Ahead…
NYDFS releases guidance on third-party service provider risks
On October 21, 2025, the New York Department of Financial Services (NYDFS) issued guidance to help licensees comply with its cybersecurity regulation. The non-exclusive checklists may be of interest to companies not licensed by NYDFS and even those not offering financial services, given NYDFS’ comment that the guidance is intended to “recommend industry best…
Happy Cyber Awareness Month
Happy October and Cyber Awareness Month! While October ends with ghosts and goblins and other scary monsters for Halloween, the entire month of October is dedicated to raising awareness of cyber security and preventing (and if necessary responding to) cyber security incidents.
It is hard in this day and age not to be aware of…
Italy’s Law No. 132/2025 on Artificial Intelligence
On September 23, 2025, Italy adopted Law no. 132/2025 on Artificial Intelligence (AI). The law will enter into force on 10 October 2025 and aims, inter alia, to complement the Regulation EU 2024/1689 (EU AI Act).
Pseudonymised data could fall outside data protection law – introducing the “means reasonably likely” assessment
The Court of Justice of the European Union (CJEU) has delivered its judgment on case C 413/23 P European Data Protection Supervisor (EDPS) v Single Resolution Board (SRB). The CJEU has confirmed that pseudonymised data will not be personal data in all cases. This will be a welcome confirmation for innovative uses of data, including training AI models. The question…
Explain yourself: The legal requirements governing explainability
Agentic AI brings the promise of AI making a range of decisions autonomously. It has been proposed as the way forward for some of the most impactful decisions in our lives: interacting with customers and actioning requests, triaging requests for medical appointments, and hiring candidates — to name a few.
But many of the models…
White House unveils AI Action Plan in artificial intelligence
On July 23, 2025, the White House released a sweeping new policy framework titled “Winning the AI Race: America’s AI Action Plan” (the “Plan”), describing the federal government’s approach to artificial intelligence (“AI”). This initiative, developed under the executive order, “Removing Barriers to American Leadership in AI,” outlines a plan relating to various…