ZeroGravity Weekly Brief | December 22, 2025

This week, the legal shift is less about “new rules” and more about operational detail. AI Act transparency is getting a playbook, GDPR is getting sharper case law, and cyber rules in Sweden are now on a fixed start date.

EU Level

AI Act moves from text to tooling: The Commission published a first draft Code of Practice for marking and labelling AI-generated content (AI Act Article 50). Feedback is open until 23 January 2026 and the transparency obligations kick in 2 August 2026.

Read More

GDPR pressure on ad personalisation increases: Austria’s Supreme Court ruled Meta’s personalised advertising model unlawful, strengthening the direction of travel on consent, sensitive data, and user access rights.

Read More

Sweden Level

NIS2 becomes a real start date: The government issued the new cybersecurity law and ordinance. It enters into force 15 January 2026, with clearer supervisory roles and hard requirements on measures and significant incident reporting.

Read More

GDPR clarity on camera-based collection: IMY highlights an EU-court clarification tied to SL body cameras: Article 13 applies when personal data is collected directly via observation (like body cams). That implies immediate information, and the exception space is narrow.

Read More

Continue reading
Need help?
Contact Us