Explore the pressing challenges at the intersection of military AI and international humanitarian law. Discover why current regulations may not be sufficient to address the unpredictable nature of AI-powered weapons, and the critical need for adaptive legal review to ensure the protection of civilians in an era of increasing autonomy in warfare.

The definition of systemic risk in Article 3(65) of the EU AI Act presents challenges of interpretation due to potential ambiguities. This working paper analyses these ambiguities and how the GPAI Code of Practice attempts to categorise these risks through a taxonomy. A key concern is the potential for exploitation of these systemic risk definitions by GPAI model providers.

The AI Regulation Chair is proud to announce its significant contribution to the book “The EU Artificial Intelligence (AI) Act: A Commentary”. This comprehensive work contains analyses from numerous experts and academics in the field. The Chair’s contribution includes a commentary on Articles 16 and 17 of the AI Act, which deal with the obligations of providers of high-risk AI systems and the implementation of a quality management system.

Insights on how GDPR should adapt to the rise of Generative AI as host Sergio Maldonado interviews Professor Theodore Christakis, director of the MIAI AI-Regulation Chair. They examine the EDPB’s latest Opinion, the DeepSeek case, the challenge of AI “hallucinations,” and the future of AI governance.

The EU is actively engaged in the process of shaping AI regulation, with the General-Purpose AI Code of Practice (GPAI CoP) playing a crucial role in complementing the EU AI Act. However, the development of this code is encountering certain challenges. Discover how this “living framework” aims to evolve with the rapidly changing AI landscape and why the AI Office’s upcoming decisions are critical.

Discover our AI Act Meta-Guide—a curated collection of 24 essential resources that simplifies the EU AI Act, offering academics, policymakers, and professionals a clear, convenient entry point to navigate its complexities and apply its provisions with confidence.

The Commission Nationale de l’Informatique et des Libertés (CNIL), the French data protection authority, recently published two recommendations to support innovation in the field of artificial intelligence (AI) in accordance with the General Data Protection Regulation (GDPR). It adopts a didactic approach, issuing recommendations, best practice and explanations on how to apply the principles of the GDPR in the context of AI.

The global AI regulatory landscape is undergoing significant changes, with governments adopting divergent approaches to artificial intelligence governance. In Asia, North America, and Europe, policymakers are setting new standards that could reshape the future of AI development and deployment.

The United States’ Intelligence Community1 (IC) has released Interim Guidance about the acquisition and use of foundation AI models (FMs).  This guidance has been provided by inter-agency lawyers and concerns the application of AG guidelines and policies to the IC’s acquisition and use of FMs. As well as clearly suggesting that IC elements will use FMs for intelligence purposes, the document provides additional guidance concerning model acquisition, modification, augmentation, prompts and outputs.

The Information Commissioner’s Office (ICO) has published its final response to the public consultation on the application of UK data protection law to generative AI (GAI). The response marks the culmination of an extensive consultation process aimed at clarifying key data protection principles in the context of generative AI systems.

Exploring AI hallucinations through the lens of GDPR, this article focuses on the regulatory challenges, key DPA perspectives, and industry measures to balance innovation and data protection.

In October 2024 the International Enforcement Cooperation Working Group (IECWG) from the Global Privacy Agency(GPA) issued a Concluding Joint Statement on data scraping and the protection of privacy. It completes the Initial Joint Statement on data scraping and the protection of privacy published in August 2023. It contains three objectives: firstly, to outline the key privacy risks associated with data scraping; secondly, to set out how Social Media Companies (SMCs) and other organisations should protect individual personal information; and thirdly, to set out measures that individuals can take to protect their personal data.