You will find here news and brief notes on what is happening in Europe and around the world in the
field of AI Regulation. Want to flag some important news? Please contact us.

On April 18, 2024, the draft Framework Convention on AI was unanimously adopted by the CoE Parliamentary Assembly. The next step for the Framework Convention on AI and its ‘Draft Explanatory Report’ is for these documents to be transmitted to the Committee of Ministers for adoption at the 133rd Session of the Committee of Ministers in Strasburg (16-17 May 2024).
On March 21st, 2024, the United Nations General Assembly adopted for the first time a non-binding Resolution that encourages the development of regulatory and governance principles and frameworks and includes standards to ensure that safe, secure and trustworthy AI systems are created.
On November 8th, 2023, in the midst of the stalled inter-institutional negotiations between the Council of the EU and the European Parliament (EP) on the regulation of foundation models in relation to the future AI law, the Organisation for Economic Co-operation and Development (OECD) announced that it had updated its definition of AI systems.
On October 13th, 2023, the European Commission launched a stakeholder survey on the eleven draft guiding principles for Generative AI (GAI) and other advanced AI systems. This initiative comes a few days after the 8th annual meeting of the Internet Governance Forum, organised by the United Nations.
On September 7th, 2023, the Court of Justice of the European Union (CJEU) upheld the decision of the General Court according to which the public can partially access documentation on the EU’s emotion recognition project (iBorderCtrl) in which it discusses the general reliability, ethics and legality of such technology.
Eight more American tech companies (Adobe, Cohere, IBM, Nvidia, Palantir, Salesforce, Scale AI, and Stability) signed up to President Joe Biden’s voluntary commitments governing AI (second round of voluntary commitments). In the meantime, a third trilogue will take place on the other site of the Atlantic in relation to the EU AI Act proposal.
The adoption of the negotiating position by the European Parliament sets the stage for the trilogues between the EU institutions, while the European Commission is pushing for the AI Act to be finalised by the end of 2023. The European Parliament’s position on this legislative file reflects its members’ fundamental desire to make the EU a leader in AI regulation and innovation.
On May 17th, 2023, the European Data Protection Board (EDPB) published its final report on the use of facial recognition technologies (FRTs) by Law Enforcement Authorities (LEAs). This report opposes mass surveillance, and, according to the EDPB, ‘the use of facial recognition by law enforcement agencies must be necessary, limited, and proportionate’.
On May 16th, 2023, the French data control agency – Commission Nationale de l’Informatique et des Libertés (CNIL) – published an action plan aimed at ensuring respect for the privacy of people in relation to Artificial Intelligence (AI) systems and more specifically generative AI (e.g. Midjourney and ChatGPT from the company OpenAI). This action plan follows the 2017 CNIL’s first global approach on these new tools.  
Between 21 and 23 April, the European Commission (Commission) held the closing session of the European citizens’ panels, to debate and propose recommendations on virtual worlds in the EU. As a result, a panel of 150 citizens has contributed to the provision of 23 recommendations on ‘fair and human-centric virtual worlds in the EU’.
The European Consumer Organisation (BEUC) is calling ‘for EU and national authorities to launch an investigation into ChatGPT and similar chatbots’, following the filing of a complaint on March 30th, 2023, on the other side of the Atlantic by the Center for Artificial Intelligence and Digital Policy (CAIDP) in relation to ChatGPT-4.
On March 27th, 2023, the European Union Agency for Law and Enforcement Cooperation (EUROPOL) released a report on the Impact of Large Language Models on Law Enforcement. Having considered the outcomes that resulted from a series of workshops organised by the Europol Innovation Lab on how criminals can abuse LLMs such as ChatGPT, as well as how it may assist investigators in their daily work, the report provided useful recommendations on enhancing law enforcement preparedness.
On February 21th, 2023, the United States Copyright Office (USCO) cancelled the registration certificate previously issued to Ms. Kristina Kashtanova for the “comic book” entitled “Zarya of the Dawn”, considering that the images in the comic book are not the product of human authorship – since they were generated by an AI system – Midjourney – and were therefore not copyrightable.
Using innovative AI techniques, Berkeley’s researchers have analysed more than 2.5 million fully anonymized metaverse data recordings and found that individual users could be uniquely identified. The study stresses the need to enhance security and privacy awareness in relation to these platforms.
The legal and ethical risks that the use of ChatGPT poses, as well as the need to regulate the deployment of similar generative chatbots, is currently being debated across the world. The European Parliament is considering placing the use of generative AI models, such as ChatGPT, in a “high risk” category in its upcoming compromise text on the AI Act (Parliament Approach), thereby intending to subject such tools to burdensome conformity assessment requirements.
Are you interested in the societal impacts and major legal issues posed by the development of Artificial Intelligence and new technologies, including the Metaverse? Do you have a PhD in legal studies (preferably digital law, intellectual property law or European/International/Human Rights law)? Are you ready to dive into the issues that concern protection of personal data and privacy, freedom of expression and other human rights in the era of AI? Do you have an open and curious mind?
On February 16th, 2023, the First Senate of the Federal Constitutional Court arrived at the decision that Land Hesse’s and Hambourg’s legislation “authorising the police to process stored personal data through automated data analysis or automated data interpretation” is unconstitutional.
On February 2nd, 2023, the Italian Data Protection Agency (Garante Per La Protezione Dei Dati Personali) urgently ordered a temporary limitation “on the processing of personal data relating to users in the Italian territory as performed by Luka Inc., the US-based developer and operator of Replika, in its capacity as controller of the processing of personal data that is carried out via the said app”.
On December 16, 2022, Katia Bouslimani successfully defended her PhD Thesis entitled “Consent in the General Data Protection Regulation (GDPR)” in front of a Jury composed of Professors Brunessen Bertrand, Gloria González Fuster, Celia Zolynski, Peter Swire and Jean-Michel Bruguière and the supervisors of the PhD Thesis Karine Bannelier and Theodore Christakis.
The National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce released, on January 26, 2023, the AI Risk Management Framework (AI RMF 1.0.) in collaboration with the private and public sectors.
The purpose of the Convention is to ensure that during their lifecycle, AI systems fully comply with human rights, respect the functioning of democracy and observe the rule of law, regardless of whether these activities are undertaken by public or private actors. The design, development and application of AI systems used for purposes related to national defence are expressly excluded from the scope of this Convention. The negotiators seem to agree that such a Convention must be seen first and foremost as a broad framework which might be supplemented by further obligations in more specific fields.
On December 8th, 2022, the European Union Agency for Fundamental Rights (FRA) published a report on algorithm biases, in particular when used for predictive policing and offensive speech detection.
On December 15th, 2022, the European Union adopted an interinstitutional declaration on digital rights and principles that will guide the EU’s ambition to be “digitally sovereign in an open and interconnected world, and to pursue digital policies that empower people and businesses to seize a human centred, sustainable and more prosperous digital future”.
On December 6th, 2022, EU Member States voted on a “general approach” to the upcoming Artificial Intelligence Act (AI Act). On the same day, 192 civil society organisations and individuals published an open letter calling on the EU to modify a number of aspects of the AI Act to protect migrants from the risks that AI systems may pose to their fundamental rights.
On November 8th, 2022, the Information Commissioner’s Office (British DPA) published a document entitled ‘How to use AI and personal data appropriately and lawfully’, which is a guide to how data controllers should use AI systems in accordance with the law and in particular with people’s fundamental rights. This publication also contains a ‘frequently asked questions’ section which addresses certain specific issues that data controllers may have to deal with. 
The Italian ‘Garante per la protezione dei dati personali’ (Italian data protection authority) published a press release on November 14th, 2022, in which it announced that it had opened two separate investigations into the use of ‘smart video systems’ by two Italian municipalities.
The ‘Commission Nationale de l’Informatique et des Libertés’ (CNIL – the French DPA) released its final decision on October 20th, 2022, sanctioning Clearview AI for its unlawful activity, which consists of collecting images of millions of individuals from the open web without any legal basis under the GDPR for doing so. 
On October 13th, 2022, the European Data Protection Supervisor (EDPS) published an Opinion entitled “Recommendation for a Council Decision authorising the opening of negotiations on behalf of the European Union for a Council of Europe convention on artificial intelligence, human rights, democracy and the rule of law”. This independent supervisory authority welcomes the initiative taken by the European Commission to authorise negotiations on behalf of the EU regarding the future Council of Europe’s (CoE) Convention on Artificial Intelligence (AI).
In October 2022, the White House released its white paper on AI. The ‘Blueprint for an AI Bill of Rights. Making Automated Systems Work for the American People’ intends “to guide the design, use, and deployment of automated systems to protect the American public in the age of artificial intelligence”. The framework was published by the White House Office of Science and Technology Policy, which is responsible for providing the President and his Executive Office with advice on numerous topics, including technology and national security.  
An algorithmic tool designed to “predict migration flows” and “detect risks of tensions related to migration” is being developed by the EU as part of its security program. Against this background, a group of civil society organisations and individuals published a joint letter highlighting the risks posed by this technology in terms of criminalising migration and undermining human rights. 
On September 24th, 2022, the French NGO ‘La Quadrature du Net’ challenged the use of technology-driven tools by French police forces before the Commission Nationale de l’Informatique et des Libertés (CNIL – French DPA). By means of three separate complaints, the NGO wants to raise awareness about what it calls the ‘technopolice’, which amounts to the police using methods that may pose risks to privacy. These complaints follow a petition published by LQDN which collected 15 248 signatures.
An Argentinian Court has declared the use of the ‘Facial Recognition for Fugitives System’ (Sistema de Reconocimiento Facial de Prófugos), deployed in Buenos Aires in 2019, unconstitutional. In April 2022, in response to the legal challenge presented by Observatorio de Derecho Informático Argentino (ODIA), and several other human rights organisations, the judge suspended use of the system. 
European Digital Rights (EDRi), an association of civil and human rights organisations, published, on September 7th, 2022, its position paper on the European Union’s proposed “Regulation on automated data exchange for police cooperation”, known as Prüm II.  The report underlines several issues concerning the draft regulation, the purpose of which is to modify the data sharing process between EU member states, by including, among other things, ‘automated searching of facial images’.
On August 30th, 2022, the Conseil d’Etat (French Council of State) released a report, commissioned by former Prime Minister Jean Castex on June 24th, 2021, proposing a landscape of AI technology deployed in the public sector, which examines the technical, operational, ethical and legal aspects of this issue.
For several years now, the European Commission has been working on a number of projects concerned with regulating Artificial Intelligence, digital services, and digital markets.  It has now issued a proposal for tighter rules on liability with regard to the technology industry. Amid these developments, a coalition of start-ups, small and medium enterprises, and technology companies sent a letter, dated August 24, 2022, to the European Commission expressing their concerns about the forthcoming European legislation, which seeks to modify the liability rules concerning artificial intelligence.
On August 26, 2022, the European Commission published a set of rules that it says automated driving systems (ADS) must meet in order to be approved. The regulation focuses on the need to assure that performance requirements are met, and the safety of automated driving systems demonstrated, before they can be approved. For this purpose, the Commission considers it necessary to introduce measures aimed at making automated driving systems more safe, and strict parameters regarding their manufacture.
Due to the proliferation of “intelligent” video devices in public spaces, the French Data Protection Authority (CNIL) launched a public consultation on its draft position concerning the conditions for the deployment of so-called “smart” cameras in public spaces. Following several months of consideration, and various contributions from public and private actors, the Commission published its opinion last July.
On July 13th, 2022, the Greek Data Protection Authority (DPA) released its decision about the claims brought by the NGO Homo Digitalis on the processing of individuals’ biometric data by Clearview and fined Clearview 20 million euros. This lawsuit follows many similar cases filed by Noyb, Privacy International, and the Hermès Center for transparency and Digital Human Rights before the French, British, Italian and Austrian DPAs to stop the American start-up collecting biometric data belonging to European citizens.
In June 2022, the Ada Lovelace institute published an ‘Independent legal review of the governance of biometric data in England and Wales’ written by Matthew Ryder. This review aims to address the current legal uncertainty concerning the collection, use and processing of biometric data in England and Wales. It also puts forward 10 recommendations to improve the legal framework as well as the governance of biometrics in England and Wales.
At a time when ad hoc legislation on AI is being negotiated at the European level, the French Senate published on May 10, 2022, a report proposing regulations on biometric recognition in public spaces. The purpose of this report is to put forward a framework for facial recognition experimentation and to reinforce French and European technological sovereignty.
In 2019, Buenos Aires City Council introduced the ‘Facial Recognition for Fugitives System’ (Sistema de Reconocimiento Facial de Prófugos (SNRP)), which involved deploying 9,500 surveillance cameras equipped with facial recognition technology.
Earlier this month, the US Federal Trade Commission (FTC), a civil law enforcement agency, published a settlement order requiring WW International, Inc. (formerly known as Weight Watchers) and its subsidiary Kurbo to delete the personal data illegally collected from children under 13 and to destroy any algorithm or AI model built using such data.
On March 7th, 2022, the Center for a New American Security held a workshop on Transatlantic Artificial Intelligence, which gathered together senior researchers, PhD candidates, NGO members, Institutional representatives and AI professionals from both sides of the Atlantic to discuss the future of Euro-American relationships as regards AI-related matters.
Aiming to raise awareness about the effects of AI on women, and to outline the challenges and opportunities emerging from AI technologies, the United Nations Educational, Scientific and Cultural Organization (UNESCO), the Inter-American Development Bank (IAD), and the Organisation for Economic Co-operation and Development (OECD) came together to examine the effects of the use of AI on the working lives of women.
On November 16th, 2021, the Future of Privacy Forum, in partnership with the Brussels Privacy Hub, organised the 2021 Brussels Privacy Symposium entitled ‘The Age of AI Regulation: Global Strategic Directions’. This symposium marked one of the first opportunities to discuss the AI Regulation Chair’s current project, which aims to map the use of facial recognition in public places in Europe.
The Center for AI and Digital Policy, a non-profit organisation based in Washington DC, issued a statement on March 1st 2022 supporting the Ukrainian people and alerting the World as to the dangers that AI might pose during the conflict.
With the rapid development of technology, artificial intelligence is becoming more and more sophisticated. This trend has led States to be concerned about the possible consequences that this technology may have on society.
On January 4th, 2022, the regulation “Provisions on the Management of Algorithmic Recommendations in Internet Information Services” was adopted by China. This text will enter into force on March 1st. It follows an initial draft presented by China’s Cyberspace Administration in August 2021 and it seeks to regulate algorithms, especially those that will be employed for ‘recommendation’ purposes such as those used in search filters, social media, online stores, content services or gig work platforms.
A few weeks ago, the 120 State parties to the Convention on Certain Conventional Weapons (CCW) met in Geneve for the 6th Review of the Convention. The discussion about the use of lethal autonomous weapons systems (LAWS) was on the top of the agenda.
From November 30 to December 2nd 2021, the Council of Europe’s Ad hoc Committee on Artificial Intelligence (CAHAI) held its final plenary meeting. In this session, the recommendation on the “Possible elements of a legal framework on artificial intelligence, based on the Council of Europe’s standards on human rights, democracy and the rule of law” was adopted.
On November 24, 2021, during the 41st session of UNESCO’s General Conference, the “Recommendation on the Ethics of Artificial Intelligence” was adopted. This is the first global “standard-setting instrument” that seeks to regulate the use of AI in an ethical way, although some initiatives were taken in the European context. The project came about due to a decision made at the General Conference at its 40th session in 2019.
On September 22nd 2021, the European Economic and Social Committee (EESC), the Body that represents civil society organisations within the European Union, adopted Catelijne Muller’s Opinion on the EU Commission’s Artificial Intelligence Act (AIA) proposal.
On September 14th and 15th 2021, the Slovenian Presidency of the Council of the European Union hosted a High-Level Conference on Artificial Intelligence entitled “From ambition to Action”.
On September 3rd, 2021, the Garante per la protezione dei dati personali (the GPDP – Italian data protection authority), issued an official request to the local Health authority USL Roma 3, to provide information about its deploying of AI technologies to combat Covid19.
On June 29, 2021, a draft report was presented and adopted by the Committee on Civil Liberties, Justice and Home Affairs (LIBE) on artificial intelligence in criminal law and its use by the police and judicial authorities in criminal matters.
On June 23, 2021, the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) shared a joint opinion regarding the European Commission’s AI regulation proposal.
On May 27, 2021, a coalition of civil society groups including Privacy International, the Hermes Center for Transparency and Digital Human Rights, Homo Digitalis and noyb, filed several claims in Europe against the U.S facial recognition firm Clearview AI.
On April 29, 2021, the French Defense Ethics Committee issued an Opinion on the integration of autonomy into lethal weapon systems. Through this work, the Committee aims to establish a clear definition of autonomy and a clear distinction between fully (LAWS) and partially autonomous lethal weapon systems (PAWLS).
On April 16, 2021, the Garante per la protezione dei dati personali, the Italian Data Protection Authority (DPA), issued an unfavourable opinion on the use of the SARI Real Time system by the Ministry of the Interior, a real-time facial recognition system aiming to assist the Police Force in the management of public order and safety.
After a preleminary initiative was announced in January 2021, the European Digital Rights (EDRi) organisation and 55 others sent a new letter to Didier Reynders (European Commissioner for Justice) on April 1st, 2021 to support their demand for a specific ban on biometric mass surveillance technologies.
Over the past few weeks, the Council of Europe, the Strasbourg-based organisation that promotes and protects human rights, democracy and the rule of law, has been raising awareness about the risks of using AI enabled technologies and preparing a draft proposal for ensuring adequate AI regulation.
On March 12, 2021, the European Data Protection Board (EDPB) opened a public consultation about their new guidelines on Virtual Vocal Assistants (VVA) which were adopted on March 9, 2021.
On March 9, 2021, the European Data Protection Board (EDPB) adopted version 2.0 of its guidelines – On processing personal data in the context of connected vehicles and mobility related applications following a period of public consultation that ended in May 2020.
The French government issued a decree on March 10, 2021 authorising automated analysis of the rate of compliance with the obligation to wear a mask on public transport
On Thursday 18, 2020, the President of the CNIL issued a warning to a sports club who were considering using a facial recognition system to stop people with stadium bans from attending their games.
The Swedish DPA fines the police authorities for their use of facial recognition. Employees from two services were using Clearview AI’s App.
On January 28, 2020, The Council of Europe (CoE) adopted a new set of guidelines on facial recognition addressed to governments, legislators and businesses. The guidelines were developed by the Consultative Committee of the Council of Europe, after a 7-year process, that resulted in the updating of Convention 108
On January 20, 2020, the Legal Affairs Committee of the European Parliament (EP) adopted a resolution which includes new guidelines for the use of artificial intelligence (AI) for civil and military use.
The Ad Hoc Committee on Artificial Intelligence of the Council of Europe adopted their first feasibility study on a legal framework on AI.