%20(A2%20(Landscape))%20(11).png)
EU Level
GDPR
The EDPB has launched CEF 2026, focusing on enhancing transparency and improving information obligations under the GDPR. The initiative aims to promote consistent enforcement across Member States. In parallel, the EDPB and EDPS issued a joint opinion on the Cybersecurity Act 2 and NIS2, highlighting the crucial interplay between data protection and cybersecurity and stressing the need for alignment between the frameworks.
AI Act
EP committees adopted an “AI omnibus” position setting fixed compliance timelines for high-risk AI systems: December 2027 and August 2028. Requirements related to watermarking have been postponed to November 2026 to allow stakeholders more implementation time. Additionally, a new proposed ban targets AI-powered “nudifier” applications, reflecting ongoing political concerns around misuse of generative tools.
DMA
Media (Reuters, 16 Mar) reported that EU publishers and technology associations are urging the Commission to wrap up its ongoing Google Search DMA investigation as quickly as possible. The groups emphasized the importance of timely enforcement to address concerns around market dominance and ensure a level playing field.
Sweden
GDPR
IMY has opened interest registration for the autumn 2026 GDPR innovation sandbox, aimed at supporting organizations working with privacy-oriented digital solutions. They also published guidance ahead of the new EU political advertising rules, helping stakeholders prepare for the regulatory changes coming later this year.
AI Act
IMY submitted its official response regarding the police and customs authorities’ use of AI-based biometric identification (ex post). This consultation is particularly relevant given the AI Act’s strict approach to biometric systems, and IMY’s feedback contributes to shaping how such technologies may be regulated in high‑risk law enforcement contexts.
