Topics Internet Law Update

New European Law on Cybersecurity of Digital Products

The European Union’s Cyber Resilience Act entered into force in December. The Act aims to establish horizontal cybersecurity requirements for products with digital elements to ensure they are placed on the market with fewer vulnerabilities, and that manufacturers take security seriously throughout a product’s lifecycle. This regulation intends to improve transparency regarding product support periods, enabling users to consider cybersecurity ...

New Australian Cyber Law Requires Notification of Ransomware Payouts

Australia has enacted a new law designed to improve cyber security for the country. The law addresses several key areas including mandatory security standards for internet-connectable products, ransomware reporting obligations, information sharing for significant cyber incidents, and the establishment of a Cyber Incident Review Board.

The law mandates security standards for relevant internet-connectable products. Manufacturers and suppliers of these products ...

Israeli Competition Regulator May Block Mergers for Overconcentrated Personal Data

The Israeli Competition Authority recently signaled, in a conference celebrating its 30th anniversary, that the regulatory Merger Directive may soon be updated to weigh the factor of data ownership concentration mergers approval application, even when the merging companies are not in direct competition.

Data ownership concentration was a pivotal concern for the regulator in its decision to deny the merger ...

New European Directive on Liability in Digital Products, Software, and AI Technology

The European Union Directive on liability for defective products came into force in December 2024 and will become effective from December 2026. It establishes common rules for the liability of economic operators for damages caused by defective products. The directive aims to enhance the EU market and ensure high consumer protection by addressing innovative technologies such as AI and global ...

New European Directive - Liability for Defective Digital Products, Software & AI

A new European Product Liability Directive (the “PLD”) now applies to digital and AI-based products. It replaces its predecessor from 1985. The PLD defines rules of evidence and liability for compensation for property damage, personal injury, and data loss. It applies to any company in the supply chain of software and artificial intelligence (AI) systems to the European Union market, ...

Meta Hit with a €251 Million Fine For Compliance Failures Amid Data Breach

The Irish Data Protection Commission (DPC) hit Meta Platforms Ireland Limited (MPIL) with a fine of €251 million following two inquiries into a 2018 data breach. The breach affected approximately 29 million Facebook accounts globally, with about 3 million of those accounts based in the EU/EEA. The personal data exposed included users’ full names, email addresses, phone numbers, locations, places ...

European Privacy Regulators Opine on Personal Data Processing in AI Model Training

The European Data Protection Board (EDPB) issued a detailed opinion on privacy implications for AI models under the GDPR. The opinion outlines key considerations including the application of the GDPR to AI Models trained on personal data, the applicability of the “legitimate interest” legal basis for training AI models on personal data, and the implications for AI models unlawfully trained ...

UK Regulator Issues Guidance on Use of AI in Recruitment

The UK Information Commissioner’s Office (ICO) has published a report outlining recommendations for the fair and lawful use of artificial intelligence in screening job applicants. Following a sector-wide review, the ICO emphasized the importance of fairness, data minimization, and increased transparency in processing personal information for recruitment purposes.

AI tools can streamline recruitment by filtering unqualified candidates, scoring applicants against ...

More from Internet Law Update