Login | January 31, 2025
New EU tech laws coming online
RICHARD WEINER
Technology for Lawyers
Published: January 31, 2025
Not to be too repetitive, but if you do business or vacation in the EU, you’re under the auspices of the EU’s technology laws. Three EU tech rules are coming into force in 2025 and 2026, some of which may affect you or a client. Here they are:
AI Act: The EU AI Act, which sets out harmonized AI rules, came into force on 8/1/24 and will be fully applicable on 8/2/26. This is the planet’s first comprehensive set of AI regulation, and expresses the EU Parliament’s desire that AI systems used in the EU are safe, transparent, traceable, non-discriminatory and environmentally friendly. The EU wants to assure its citizens that AI systems are overseen by people, rather than by automation, to prevent harmful outcomes.
Among other things, the Act will ban AI systems that are considered as having an unacceptable risk to people. These include cognitive behavioral manipulation of people or specific vulnerable groups; social scoring; biometric identification and categorization of people, and real-time biometrics. Exceptions can be made for law enforcement. There are also classifications of high-risk systems and transparency requirements.
DORA: Not what you’re thinking, this is a legal framework for financial transactions. This is the Digital Operational Resilience Act. It came into force on 1/16/23 and became fully operational on 1/17/25. It sets out prescriptive requirements for contracts between financial entities and their third-party IT service providers, transforming how financial entities and their information technology (IT) service providers manage operational risks. In anticipation of DORA, many financial entities implemented the required changes through contractual addenda that align existing supplier contracts with the requirements of DORA. And, of course, that language will be in all contracts going forward. If your clients do financial transactions in the EU, you need to be aligned with this regulation yourself.
Data Act: This Act harmonizes rules on data fair use. It became a regulation on 1/11/24 and will be in full force on 9/12/25. This Act is an attempt to widen the ability of people to access data throughout the EU (which may or may not be a problem in the doomscrolling US). The intent of this Act is to lower prices for aftermarket services and repair of smart devices (right to repair), the ability to access data from multiple platforms, and the ability to access various data from the same machine. Pretty complex.
If you would like more info on all of this, go here and search: https://commission.europa.eu/index_en