EU and Swedish regulators are moving from AI policy design to practical enforcement, with clearer rules on AI content, platform duties, data responsibility, and cyber resilience.

The AI Act advances with new guidance on AI-generated content and stronger enforcement support. Under the DSA, trusted flagger rules move forward, while the DMA debate grows as Apple delays Siri AI in the EU. In Sweden, IMY clarifies data responsibility in AI systems, while ENISA strengthens cyber preparedness in critical NIS2 sectors.

EU

AI Act

The Commission published the Code of Practice on marking and labelling of AI-generated content. The code is a voluntary tool to guide providers and deployers of generative AI systems in complying with the AI Act's transparency obligations, including marking AI-generated content and disclosing the artificial nature of images, audio (including deepfakes) and text under Article 50.

Read More

GDPR

At its plenary on 10 June, the EDPB adopted a common data breach notification template to harmonise incident reporting across all EU data protection authorities, aimed particularly at reducing time and costs for smaller organisations without dedicated DPOs. The template is open for public consultation until 5 August 2026. The Board also met with Commissioner McGrath, where the Digital Omnibus was among the key topics discussed.

Read More

NIS2 / Cybersecurity

ENISA ran the 8th edition of the Cyber Europe exercise on 10–11 June, focused on cyber preparedness and continuity of essential services in the European rail and maritime sectors — both NIS2 subsectors of high criticality.

Read More

DMA

Apple announced that its Siri AI will be delayed in the EU due to the Digital Markets Act, a move that has visibly irritated the European Commission. Not an official EU action, but the most significant DMA development of the week, feeding the broader debate on gatekeepers withholding features in the EU.

Read More

Sweden

AI

IMY published a report examining companies' responsibility for personal data when working with AI applications. The report establishes that the controller/processor role depends on the degree of influence the company has over the processing of the data when fine-tuning AI applications.

Read More

Continue reading
Need help?
Contact Us