On September 17, 2025, Brazil enacted the Digital Statute of the Child and Adolescent (“Digital ECA”), establishing a pioneering regulatory framework for protecting children (under 12 years of age) and adolescents (between the ages of 12 and 18) online. Brazil’s Congress approved the new law in a matter of just a few days in response to parents’ pressure, after a well-known Brazilian digital influencer published a series of online videos on the “adultization” of children on the internet.
Continue Reading Brazil Adopts Law Protecting Minors Online
Commission Collects Feedback to Simplify Rules on Data, Cybersecurity and Artificial Intelligence in Upcoming Digital Omnibus
On September 16, 2025, the European Commission launched a call for evidence to collect feedback and best practices on simplifying several key areas of the EU digital rulebook, ahead of its planned Digital Omnibus package. This initiative targets legislation related to data, cybersecurity, and artificial intelligence, aiming to reduce administrative burdens and compliance costs for businesses while preserving high standards of fairness, security, and privacy online.
Continue Reading Commission Collects Feedback to Simplify Rules on Data, Cybersecurity and Artificial Intelligence in Upcoming Digital OmnibusEU and Brazil Advance Towards Mutual Adequacy Decision
***Update (January 27, 2026): The EU and Brazil have now formally adopted mutual adequacy decisions, confirming that both jurisdictions ensure comparable levels of data protection and enabling the free and safe flow of personal data between the EU and Brazil without the need for additional transfer mechanisms.***
On September 5, 2025, the European Commission announced the launch of the process to adopt an adequacy decision with Brazil under the General Data Protection Regulation (GDPR), determining that Brazil ensures an adequate level of personal data protection comparable to that in the EU. Once adopted, the decision would permit personal data to flow freely between Brazil and the EU without the need for additional safeguards, covering flows from businesses, public authorities, and research projects.
The Brazilian federal government, through the National Data Protection Authority (ANPD), announced that it is simultaneously progressing on adopting an equivalent adequacy decision to facilitate the uninterrupted flow of data from Brazil to the EU. The parallel initiatives highlight a mutual commitment to aligning privacy and data protection standards across the Atlantic, and take place in a context of closer bilateral relations and increased U.S. scrutiny of Brazilian and European digital policies.
Continue Reading EU and Brazil Advance Towards Mutual Adequacy DecisionEuropean Parliament Study Recommends Strict Liability Regime for High-Risk AI Systems
On July 24, 2025, the European Parliament (EP) published a study entitled Artificial Intelligence and Civil Liability – A European Perspective. The study considers some of the EU’s existing and proposed liability frameworks, notably the revised Product Liability Directive (PLDr) and the AI Liability Directive (AILD), which was proposed by the European Commission only to be later withdrawn. The study concludes that neither instrument sufficiently addresses the full scope of product liability risks and defects uniquely posed by high-risk AI systems, as that concept is defined by the EU AI Act. Therefore, it calls for the creation of a dedicated strict liability framework, specifically designed to tackle the particular liability risks that these systems are said to give rise to. While it is too early to predict whether other key European stakeholders will support such a framework and bring it to fruition, this development is an important one to monitor closely for those creating or working with high-risk AI systems.
Continue Reading European Parliament Study Recommends Strict Liability Regime for High-Risk AI SystemsDigital Fairness Act Series — Topic 4: Digital Subscriptions
Digital contracts and subscriptions have significantly increased, with the subscription economy tripling since 2017, according to the European Commission’s Digital Fairness Act Fitness Check. However, the Fitness Check points out that the number of issues with digital subscriptions, such as difficult cancellations, automatic renewals without reminders, and unclear subscription terms, have also increased. The Commission proposes to tackle these issues in its proposed Digital Fairness Act (“DFA”), which recently entered its consultation phase (see our blog post here).
This post briefly highlights certain issues with digital subscriptions identified in the Fitness Check, outlines how these issues are currently regulated in the EU, and considers the Fitness Check’s proposals to address these issues. It is the fourth post in our series on the upcoming DFA – previous posts covered influencer marketing, AI chatbots in consumer interactions, and personalised advertising and pricing.
Continue Reading Digital Fairness Act Series — Topic 4: Digital SubscriptionsHelp Shape the New EU Consumer Protection Law: Join the Public Consultation on the Digital Fairness Act
On July 17, 2025, the European Commission launched a “call for evidence” and public consultation on the Digital Fairness Act (“DFA”), an anticipated new consumer protection law. The Commission seeks feedback on existing EU consumer protection laws and on proposals for how the DFA could address the following two problems with the existing laws, as identified through a “Fitness Check” of EU consumer law published in October 2024:
- Lack of digital fairness for consumers. This particularly affects vulnerable groups such as minors, offering them suboptimal choices that can lead to financial harm, loss of time, negative health impacts, and indirect effects like environmental costs.
- Unclear rules for businesses and market fragmentation. This results in increased business costs, hampers cross-border trade, leads to missed opportunities, and causes unfair competition, particularly from non-EU traders.
The Commission has also emphasized its objective to enhance the EU’s competitiveness, aiming for simplification of consumer protection rules and the removal of barriers within the EU Market. This includes efforts to achieve greater legal certainty regarding unfair commercial practices. The goal is to address enforcement deficiencies, regulatory gaps, and market fragmentation, as some Member States have regulated or are considering new regulation in these areas.
Continue Reading Help Shape the New EU Consumer Protection Law: Join the Public Consultation on the Digital Fairness ActOverview of Key CJEU Rulings on EU Consumer Protection Law of June 2025
n June 2025, the Court of Justice of the European Union (CJEU) delivered important rulings clarifying the application of the EU Unfair Contract Terms Directive (UCTD), which protects consumers from unfair standard contract terms that have not been individually negotiated. The UCTD ensures such terms are transparent, clear, and balanced; unfair terms are not binding on consumers and may expose businesses to enforcement actions.
This blog post highlights four significant cases decided in June 2025. These cases involve preliminary references from national courts to the CJEU to clarify whether national laws are aligned with EU law.
Continue Reading Overview of Key CJEU Rulings on EU Consumer Protection Law of June 2025When is a Safety Component of Radio Equipment a High-Risk AI System Under the EU Artificial Intelligence Act?
There is an ongoing debate in Brussels about the circumstances under which AI-based safety components integrated into radio equipment are subject to the requirements for high-risk AI systems of the EU Artificial Intelligence Act 2024/1689 (the “AI Act”). The debate is particularly relevant because, if AI-based safety components are considered high-risk under the AI Act, they will be subject to a comprehensive set of regulatory requirements under the AI Act as of August 2, 2027. These requirements include risk management, data quality measures, transparency towards users, human oversight, as well as obligations relating to accuracy, robustness, and cybersecurity.
The discussion affects devices like smartphones with AI-driven emergency call features, smart home safety systems, smart home appliances and drones using AI for obstacle avoidance and emergency landing. In effect, many, if not all, of the AI-based safety components of internet-connected radio equipment could be subject to the AI Act’s requirements for high-risk AI systems.
Below we briefly outline the framework of the current debate.
Continue Reading When is a Safety Component of Radio Equipment a High-Risk AI System Under the EU Artificial Intelligence Act?Council and Parliament Agree on Key Reforms to the EU ADR Framework
On June 26, 2025, the Council and the European Parliament reached a provisional agreement on modernizing the EU’s framework for alternative dispute resolution (ADR) in consumer matters.
The current ADR framework—established in Directive 2013/11/EU (ADR Directive)—has not been amended since its adoption in 2013. As noted in our previous blog, the European Commission recognized the need to modernize the system and, on October 17, 2023, proposed a legislative package to (i) amend the ADR Directive, and (ii) repeal the Online Dispute Resolution (ODR) Regulation, which created the European Online Dispute Resolution (ODR) Platform, on the basis that this platform was infrequently used. The ODR repeal regulation was formally adopted on November 19, 2024 and the ODR Platform will be discontinued on July 20, 2025. Since then, the focus has shifted to finalizing a reformed ADR framework.
Continue Reading Council and Parliament Agree on Key Reforms to the EU ADR FrameworkDigital Fairness Act Series: Topic 2 – Transparency and Disclosure Obligations for AI Chatbots in Consumer Interactions
AI chatbots are transforming how businesses handle consumer inquiries and complaints, offering speed and availability that traditional channels often cannot match. However, the European Commission’s recent Digital Fairness Act Fitness Check has spotlighted a gap: EU consumers currently lack a cross-sectoral right to demand human contact when interacting with AI chatbots in business-to-consumer settings. It is still unclear whether and how the European Commission is proposing to address this. The Digital Fairness Act could do so, but the Commission’s proposal is only planned to be published in the 3rd quarter of 2026. This post highlights key consumer protection considerations for companies deploying AI chatbots in the EU market.
AI Chatbots Cannot Be the Only Contact Channel
Under EU law–particularly the Consumer Rights Directive (“CRD”) and the eCommerce Directive–consumers must have access to traditional communication channels such as the trader’s postal address, telephone number, and email address. The Court of Justice of the EU has made clear that consumers must be able to contact traders directly, quickly, and effectively (Case C-649/17). While chatbots can assist, they cannot replace mandatory human contact options.
AI Chatbots as Supplementary Communication Channels
The CRD requires traders to disclose their primary contact details before concluding a contract, but does not prohibit offering AI chatbots as additional communication tools. Where chatbots enable consumers to retain durable records of their interactions – including timestamps – traders should inform consumers about that. Durable records are defined as information stored in a medium accessible and unalterable for future reference, such as emails or downloadable files.
In any event, certain communications, such as the acknowledgment of a consumer’s right of withdrawal, must be provided in a “durable medium,” ensuring consumers have a stable and accessible record of important contractual information.
Human Oversight and the Right to Human Intervention
Continue Reading Digital Fairness Act Series: Topic 2 – Transparency and Disclosure Obligations for AI Chatbots in Consumer Interactions