How should Europe enforce data protection when AI chatbots operate across borders? In a notable move, Berlin’s Data Protection Authority invoked the Digital Services Act (DSA) Article 16 to ask Apple and Google to delist DeepSeek, the famous Chinese AI chatbot, over alleged GDPR-breaching transfers of EU users’ data to China. The request uses a tool designed for illegal online content to tackle a complex AI data-flow issue—raising big questions for AI governance.

How do the AI Act and DSA collide in shaping Europe’s AI future? This paper uncovers hidden gaps in systemic risk oversight, exposing costly “over-assessment” that stifles innovation. By calling for smarter, simplified regulation, it argues for a path that safeguards rights without derailing AI progress in the EU. The analysis offers a blueprint for balancing accountability with competitiveness in the digital era.

This analysis explores the EU AI Continent Action Plan’s approach to implementing the AI Act within a complex multi-level governance system. The paper assesses how simplification efforts can influence consistency, legal clarity, and the broader goal of establishing Europe as a global AI leader.

This article examines the intersection of biometric data and facial recognition in the EU, highlighting the legal and cybersecurity frameworks that shape their use. Drawing on GDPR requirements and current debates on ethical deployment, it explores how EU regulations seek to balance innovation with the protection of privacy and fundamental rights.

Governments face significant barriers to AI procurement due to the complexity of EU AI law and a lack of clear implementation guidance. Key challenges include definitional ambiguity around AI and a significant knowledge gap between public procurers and AI vendors. Data quality and technology infrastructure issues are also hampering the effective use of AI. The article highlights the critical need for clearer, practical guidance at both EU and national level to ensure compliant AI procurement.

Explore the pressing challenges at the intersection of military AI and international humanitarian law. Discover why current regulations may not be sufficient to address the unpredictable nature of AI-powered weapons, and the critical need for adaptive legal review to ensure the protection of civilians in an era of increasing autonomy in warfare.

The definition of systemic risk in Article 3(65) of the EU AI Act presents challenges of interpretation due to potential ambiguities. This working paper analyses these ambiguities and how the GPAI Code of Practice attempts to categorise these risks through a taxonomy. A key concern is the potential for exploitation of these systemic risk definitions by GPAI model providers.

The AI Regulation Chair is proud to announce its significant contribution to the book “The EU Artificial Intelligence (AI) Act: A Commentary”. This comprehensive work contains analyses from numerous experts and academics in the field. The Chair’s contribution includes a commentary on Articles 16 and 17 of the AI Act, which deal with the obligations of providers of high-risk AI systems and the implementation of a quality management system.

Insights on how GDPR should adapt to the rise of Generative AI as host Sergio Maldonado interviews Professor Theodore Christakis, director of the MIAI AI-Regulation Chair. They examine the EDPB’s latest Opinion, the DeepSeek case, the challenge of AI “hallucinations,” and the future of AI governance.

The EU is actively engaged in the process of shaping AI regulation, with the General-Purpose AI Code of Practice (GPAI CoP) playing a crucial role in complementing the EU AI Act. However, the development of this code is encountering certain challenges. Discover how this “living framework” aims to evolve with the rapidly changing AI landscape and why the AI Office’s upcoming decisions are critical.

Discover our AI Act Meta-Guide—a curated collection of 24 essential resources that simplifies the EU AI Act, offering academics, policymakers, and professionals a clear, convenient entry point to navigate its complexities and apply its provisions with confidence.

Exploring AI hallucinations through the lens of GDPR, this article focuses on the regulatory challenges, key DPA perspectives, and industry measures to balance innovation and data protection.