Hundreds of millions of people now confide in AI chatbots as though the conversation were private. In law, it is not. The concluding part of our consumer-AI privacy project follows a single conversation into the four places it can surface, a police referral, a government demand, a courtroom and a data breach, and asks what providers and regulators should do, including whether confidentiality can be built into the architecture itself.

The Court of Rome has annulled the only GDPR fine ever imposed on a generative-AI launch, holding that Italy’s Garante lost competence once OpenAI’s Irish establishment was recognised. A launch-period enforcement gap, and perhaps a question for the Court of Justice.

Discover how the forthcoming Europol reform is transforming the agency into an AI-enabled, infrastructure-driven model for European law enforcement, balancing operational integration with constitutional limits.

Meta’s new Incognito Chat with Meta AI is the first mass-market deployment of a chatbot the provider cannot read. We examine the architecture, the moderation trade-off, the liability consequence, and what it means for the Going Dark debate

The health agent rush may be the most consequential AI development of 2026. Yet, it has not received serious academic or regulatory attention. Until now.

Hundreds of millions of people confide their most intimate secrets to AI chatbots every day. The interface invites intimacy; the fine print reserves broad rights most users will never read. This first-of-its-kind study maps what really happens to your words across ChatGPT, Gemini, Claude, Grok, and DeepSeek. Read more

On February 11, 2026, the German Cabinet approved the German AI Draft Bill entitled ‘Gesetz zur Durchführung der Verordnung über künstliche Intelligenz’ (Law on the Implementation of the Regulation on Artificial Intelligence) to implement the EU AI Act in Germany. It regulates the national competent authorities, organises measures to promote innovation and the penalty regime, and specifies the amendments to be made to German law.

In his article published by the IAPP, Professor Christakis examines the “China data question” in greater depth, focusing on direct data collection, open-source deployment, and the limits of extraterritorial enforcement under EU law.

One year after “AI’s Sputnik moment,” the global regulatory response to DeepSeek has produced a starkly bifurcated outcome: constrained in the West, yet surging 960% worldwide. This comprehensive study documents the regulatory storm, unpacks the legal concerns, and confronts an uncomfortable truth about the limits of extraterritorial enforcement.

France has opted, in its draft designation of market surveillance authorities, for a decentralised market surveillance organisation based on authorities already identified by operators, with coordination led by the Ministry of the Economy. Despite the publication of the draft designation of MSAs, progress in the implementation of the EU AI Act in France remains unclear and appears significantly delayed.

This study seeks to provide an overview of current progress in the designation of national competent authorities, and to analyse how national governance frameworks are being developed. The study shows that one week prior to the deadline, the majority of member states were behind schedule. A few draft governance frameworks, some of them unofficial, were announced. These present a centralised architecture for notifying authorities, but a fragmented one for market surveillance, with most authorities already identified.

September–October 2025 saw a surge of EU-level initiatives aimed at strengthening Europe’s AI governance, innovation, and digital infrastructure. From a sweeping plan to streamline digital rules, to new strategies supporting AI deployment and research, and finally to the expansion of Europe’s AI Factory network, the EU is laying the groundwork for the next phase of its AI ecosystem.