On February 11, 2026, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) (jointly, the Authorities) issued a Joint Opinion on the European Commission’s proposed Digital Omnibus Regulation (Digital Omnibus). This follows their Joint Opinion of January 20, 2026 on the Digital Omnibus on AI.

The Digital Omnibus, as with the other “omnibuses” released by the Commission, aims to streamline several EU laws, reduce administrative burdens for covered entities, and enhance competitiveness in the EU. Once adopted, it should reshape how organizations handle personal data generally, including in relation to AI development, scientific research, and incident reporting. The Authorities welcome efforts to simplify and to promote consistent interpretations of key concepts found in the GDPR, the ePrivacy Directive, the NIS2 Directive, and the remaining Data Acquis. At the same time, they caution that this initiative launched by the Commission must not weaken fundamental rights protections, including data protection.

Below is an overview of the Authorities’ positions. It covers only the key amendments discussed in our previous blog post on the Digital Omnibus.Continue Reading EU Regulators Issue Opinion on Revisions of GDPR and Other Data Laws

On 15 January 2026, the Belgian High Court delivered a judgment in proceedings initiated by the Belgian Supervisory Authority, in which it challenged the scope of judicial review exercised by the Market Court over its enforcement decisions. The authority was unsuccessful on both grounds of appeal.Continue Reading Belgian High Court Confirms Full Judicial Review of Supervisory Authority Decisions

On 3 February 2026, the second International AI Safety Report (the “Report”) was published—providing a comprehensive, science-based assessment of the capabilities and risks of general-purpose AI (“GPAI”). The Report touts itself as the largest global collaboration on AI safety to date—led by Turing Award winner Yoshua Bengio, backed by an Expert Advisory Panel with nominees from more than 30 countries and international organizations, and authored by over 100 AI experts.

The Report does not make specific policy recommendations; instead, it synthesizes scientific evidence to provide an evidence base for decision-makers. This blog summarizes the Report’s key findings across its three central questions: (i) what can GPAI do today, and how might its capabilities change? (ii) what emerging risks does it pose? And (iii) what risk management approaches exist?Continue Reading International AI Safety Report 2026 Examines AI Capabilities, Risks, and Safeguards

Introduction

As discussed in our previous blogpost (link), on 16 December 2025, the European Commission (“Commission”) released its Proposal for the European Biotech Act (“Biotech Act”) (see here). 

This blogpost focuses on Chapter II of the Proposal (“Union Health Biotechnology and Biomanufacturing”), which introduces a framework for the recognition of “health biotechnology strategic projects” (“Strategic Projects”) and “high impact health biotechnology strategic projects” (“High Impact Strategic Projects”), together with a package of regulatory and support measures aimed at accelerating their development and deployment in the Union.Continue Reading The Biotech Act Recognises and Supports “Strategic Projects” And “High Impact Strategic Projects” to Reinforce the Union Biotechnology Sector

The Federal Trade Commission (FTC) is poised to re-start a rulemaking process regarding disclosures and requirements for subscription and auto-renewing products and services.  On January 30, 2026, the FTC submitted a draft Advance Notice of Proposed Rulemaking (ANPRM) on the Rule Concerning the Use of Prenotification Negative Option Plans (the Rule), commonly known as the Negative Option Rule, to the Office of Information and Regulatory Affairs (OIRA) for review. Continue Reading FTC Restarts Negative Option Rulemaking Process

If the upcoming midterm elections result in a Democratic majority in the House next year, companies, organizations, and individuals can expect a new wave of congressional investigations, hearings, and oversight, with a familiar focus on the Trump administration and an emphasis on a variety of private sector targets. The Democratic

Continue Reading Democratic Investigations Agenda is Coming Into Focus

AI agents have arrived. Although the technology is not new, agents are rapidly becoming more sophisticated—capable of operating with greater autonomy, executing multi-step tasks, and interacting with other agents in ways that were largely theoretical just a few years ago. Organizations are already deploying agentic AI across software development, workflow automation, customer service, and e-commerce, with more ambitious applications on the horizon. As these systems grow in capability and prevalence, a pressing question has emerged: can existing legal frameworks—generally designed with human decision-makers in mind—be applied coherently to machines that operate with significant independence?

In January 2026, as part of its Tech Futures series, the UK Information Commissioner’s Office (“ICO”) published a report setting out its early thinking on the data protection implications of agentic AI. The report explicitly states that it is not intended to constitute “guidance” or “formal regulatory expectations.” Nevertheless, it provides meaningful insight into the ICO’s emerging view of agentic AI and its approach to applying data protection obligations to this context—insight that may foreshadow the regulator’s direction of travel.

The full report is lengthy and worth the read. This blog focuses on the data protection and privacy risks identified by the ICO, with the aim of helping product and legal teams anticipate potential regulatory issues early in the development process.Continue Reading ICO Shares Early Views on Agentic AI & Data Protection

On 9 January 2026, the Commission adopted its Guidelines on the application of certain provisions of Regulation (EU) 2022/2560 of the European Parliament and of the Council on foreign subsidies distorting the internal market (the “FSR Guidelines”). The FSR Guidelines explain how the Commission assesses whether foreign subsidies distort the internal market, and, if so, whether their potential positive effects outweigh their potential negative impacts. They also explain how the Commission may exercise its call-in powers to request the prior notification of any concentration or any foreign financial contributions (“FFCs”) in the context of a public procurement procedure that falls below the notification thresholds.

This blogpost describes the FSR Guidelines. The FSR Guidelines were adopted after a little more than two years of application of the FSR, on which the Commission will report in July 2026, potentially leading to its revision. While they crystallize the Commission’s practice thus far, they do not address the frequently voiced concern that they are overbroad and, consequently, too many unproblematic concentrations or tenders must undergo a cumbersome reporting process. For more details on the FSR, please see our previous blogpost.

Key takeaways

  • The FSR Guidelines offer detailed guidance on how the Commission will conduct its assessment of distortions. While the responsibility for this assessment lies with the Commission, companies under investigation may need to demonstrate that the foreign subsidies they have received are not linked to their economic activities in the EU. If they are unable to do this successfully, they must then provide a comprehensive analysis of the impact those foreign subsidies have on the internal market.  
  • In balancing the potential negative impact of foreign subsidies with their potential positive effects, the FSR Guidelines rely on an approach similar to State aid assessment. However, unlike in State aid, they do not provide any presumption that certain categories of subsidies are on balance positive when defined conditions are met. Instead, they require a case-by-case assessment.  
  • Regarding the Commission’s approach to requesting notification of concentrations or FFCs in the context of a public procurement procedure, the FSR Guidelines leave the Commission broad discretion when it determines that those activities merit prior review given their impact on the EU. As a result, companies may need to consider their FSR risks even if they do not engage in large concentrations or public procurement procedures in the EU.   

Continue Reading The European Commission adopts the Foreign Subsidies Regulation Guidelines

On his last day in office, January 20, 2026, former New Jersey Governor Phil Murphy signed an amendment to the New Jersey Data Privacy Act, A5017. The bill amends the state’s comprehensive privacy law to add new data- and entity-level exemptions and to expand the definition of de-identified data. The amendment took effect immediately.Continue Reading New Jersey Enacts Amendment to its Comprehensive Privacy Law

Consumer protection law across EMEA continues to evolve rapidly in response to digitalization, emerging technologies (particularly AI) and the continued expansion of online commerce. As we move into 2026, regulators are preparing significant reforms that will reshape business obligations and strengthen consumer‑protection enforcement. Below is an overview of the most important developments to watch this year.Continue Reading What to Watch in 2026: Key Developments in EMEA Consumer Protection