Photo of Sam Jungyun Choi

Sam Jungyun Choi

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such as AI, digital health, and autonomous vehicles.

Sam is an expert on the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act, having advised on these laws since they started to apply. In recent years, her work has evolved to include advising companies on new data and digital laws in the EU, including the AI Act, Data Act and the Digital Services Act.

Sam's practice includes advising on regulatory, compliance and policy issues that affect leading companies in the technology, life sciences and gaming companies on laws relating to privacy and data protection, digital services and AI. She advises clients on designing of new products and services, preparing privacy documentation, and developing data and AI governance programs. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

On March 5, 2025, the European Commission published the Industrial Action Plan for the European Automotive Sector. This plan outlines measures to strengthen the competitiveness of the European automotive industry and to accelerate the transition to zero-emission mobility in the EU.  This plan is the result of the “Strategic Dialogue” that has been taking place in Brussels in the last month between vehicle manufacturers in the EU and EU officials.  The plan announces a catalogue of initiatives to be adopted by the Commission, but the expected timelines and the interplay between different initiatives is not always clear.  This blog summarizes some of the initiatives likely to be relevant to stakeholders in the EU automotive industry—particularly those in the electric vehicle (“EV”) supply chain.Continue Reading European Commission Publishes Automotive Industrial Action Plan

On February 7, 2025, the OECD launched a voluntary framework for companies to report on their efforts to promote safe, secure and trustworthy AI.  This global reporting framework is intended to monitor and support the application of the International Code of Conduct for Organisations Developing Advanced AI Systems delivered by the 2023 G7 Hiroshima AI Process (“HAIP Code of Conduct”).*  Organizations can choose to comply with the HAIP Code of Conduct and participate in the HAIP reporting framework on a voluntary basis.  This reporting framework will allow participating organizations that comply with the HAIP Code of Conduct to showcase the efforts they have made towards ensuring responsible AI practices – in a way that is standardized and comparable with other companies.

Organizations that choose to report under the HAIP reporting framework would complete a questionnaire that contains the following seven sections:

  1. Risk identification and evaluation – includes questions regarding, among others, how the organization classifies risk, identifies and evaluates risks, and conducts testing.
  2. Risk management and information security – includes questions regarding, among others, how the organization promotes data quality, protects intellectual property and privacy, and implements AI-specific information security practices.
  3. Transparency reporting on advanced AI systems – includes questions regarding, among others,  reports and technical documentation and transparency practices.
  4. Organizational governance, incident management, and transparency – includes questions regarding, among others, organizational governance, staff training, and AI incident response processes.
  5. Content authentication & provenance mechanisms – includes questions regarding mechanisms to inform users that they are interacting with an AI system, and the organization’s use of mechanisms such as labelling or watermarking to enable users to identify AI-generated content.
  6. Research & investment to advance AI safety & mitigate societal risks – includes questions regarding, among others, how the organization participates in projects, collaborations and investments regarding research on various facets of AI, such as AI safety, security, trustworthiness, risk mitigation tools, and environmental risks.
  7. Advancing human and global interests – includes questions regarding, among others how the organization seeks to support digital literacy, human centric AI, and drive positive changes through AI.

Continue Reading OECD Launches Voluntary Reporting Framework on AI Risk Management Practices

On 18 November 2024, the International Energy Agency (“IEA”) published a detailed 163-page Report titled “Recycling of Critical Minerals: Strategies to Scale Up Recycling and Urban Mining” (the “Report”). The Report emphasizes the importance of recycling in securing the supply of essential minerals – such as copper, lithium

Continue Reading Regulatory Insights from the IEA’s New Report on Recycling Critical Raw Materials

On 29 June 2024, the Net-Zero Industry Act (“NZIA”) entered into force.  The primary aim of the NZIA is to ensure that the EU has access to secure and sustainable net-zero technologies by scaling up their manufacturing capacity within the EU.

Here are the key takeaways:

  • The NZIA focuses on 19 Net-Zero Technologies (“NZTs”), including renewable fuels of non-biological origin (“RFNBOs”), solar, wind, nuclear, batteries, and carbon capture and carbon storage technologies.  The Regulation sets non-binding benchmarks for 40% local production of such technologies by 2030 and 15% global market share by 2040.  
  • To reach those benchmarks, Net-Zero Technologies Manufacturing Projects (“NZT Manufacturing Projects”) will benefit from streamlined permitting procedures.  Further, NZT Manufacturing Projects that are deemed “strategic” will benefit from expedited permitting timelines.
  • The NZIA introduces a target of achieving an annual injection capacity of at least 50 million tons of CO2 by 2030.  Oil and gas producers identified by Member States must contribute to this target, according to a proportion to be defined by the Commission for each individual producer.  Member States must adopt penalties for non-compliance.
  • National public procurement procedures for NZTs must include requirements for achieving a minimum level of environmental sustainability, to be set out in future implementing regulations.  In addition, for any given public contract having NZTs as part of their subject matter, the contracting authorities and entities must consider the project’s so-called “resilience contribution”, which relates to supply chain diversification.  When the majority (or a near majority) of a specific NZT (or any of its main components) originates from a third country, the contracting authority or entity must impose specific public procurement conditions to reduce dependency on that country. Auctions to deploy renewable energy sources and schemes that incentivize households, companies, and consumers to purchase NZT final products must also be designed to favor bidders that contribute to increasing the sustainability and resilience of the supply of NZTs within the EU.
  • Auctions to deploy renewable energy sources and schemes that incentivize households, companies, and consumers to purchase NZT final products must also be designed to favor bidders that contribute to increasing the sustainability and resilience of the supply of NZTs within the EU.
  • Member States may establish regulatory sandboxes, i.e., schemes enabling companies to test technologies in a controlled real-world environment under monitoring by a competent authority.

Continue Reading The EU Net-Zero Industry Act enters into force

On 23 May 2024, the EU’s Critical Raw Materials Act (“CRMA”) entered into force.  The Regulation’s adoption within just one year after it was first proposed in March 2023 signals the EU’s political commitment to strengthen Europe’s strategic autonomy on the supply of Strategic Raw Materials (“SRMs”) and the broader category of “Critical Raw Materials” (“CRMs”).   

Here are the key takeaways for companies:

  • The CRMA sets non-binding capacity targets within the EU for the extraction, processing, refining, and recycling of SRMs that are key to achieve the green and digital transition.
  • To reach such targets, the CRMA empowers the European Commission (“the Commission”) to recognize projects that extract, process, refine or recycle SRMs, including projects outside the EU, as Strategic Projects (“SPs”) so that they may benefit from easier access to financing, expedited permitting process, and matchmaking with off-takers.  The Commission is expected to recognize the first SPs by the end of 2024.
  • The Commission must monitor disruption risks and propose mitigation measures, if needed, to ensure a secure supply of CRMs.  To enable the Commission to do this effectively, companies may be subject to new specific obligations, such as participating in surveys, carrying out risk assessments of SRMs supply chains, mitigating possible vulnerabilities, reporting on the implementation and the financing of their SPs, labelling some products, and recycling a minimum content of permanent magnets.  
  • The Commission will also create and operate a Joint Purchasing Mechanism to aggregate the demand of interested EU off-takers consuming SRMs and seek offers from suppliers to match that aggregated demand.

Critical and Strategic Raw Materials and Capacity Targets

SRMs are indispensable raw materials for strategic sectors that facilitate transition to a greener, digital economy.  They are characterized by high forecasted demand growth and significant challenges in scaling up production in Europe to meet such demand.  Annex I to the CRMA lists 17 SRMs, including copper, gallium, lithium, manganese, and titanium metal.Continue Reading The EU Critical Raw Materials Act enters into force

From February 17, 2024, the Digital Services Act (“DSA”) will apply to providers of intermediary services (e.g., cloud services, file-sharing services, search engines, social networks and online marketplaces). These entities will be required to comply with a number of obligations, including implementing notice-and-action mechanisms, complying with detailed rules on terms and conditions, and publishing transparency reports on content moderation practices, among others. For more information on the DSA, see our previous blog posts here and here.

As part of its powers conferred under the DSA, the European Commission is empowered to adopt delegated and implementing acts* on certain aspects of implementation and enforcement of the DSA. In 2023, the Commission adopted one delegated act on supervisory fees to be paid by very large online platforms and very large online search engines (“VLOPs” and “VLOSEs” respectively), and one implementing act on procedural matters relating to the Commission’s enforcement powers. The Commission has proposed several other delegated and implementing acts, which we set out below. The consultation period for these draft acts have now passed, and we anticipate that they will be adopted in the coming months.

Pending Delegated Acts

  • Draft Delegated Act on Conducting Independent Audits. This draft delegated act defines the steps that designated VLOPs and VLOSEs will need to follow to verify the independence of the auditors, particularly setting the rules for the procedures, methodology and templates used. According to the draft delegated act, designated VLOPS and VLOSEs should be subject to their first audit at the latest 16 months after their designation. The consultation period for this draft delegated act ended on June 2, 2023.
  • Draft Delegated Act on Data Access for Research. This draft delegated act specifies the conditions under which vetted researchers may access data from VLOPs and VLOSEs. The consultation period for this draft delegated act ended on May 31, 2023.

Continue Reading Draft Delegated and Implementing Acts Pursuant to the Digital Services Act

In a new strategy published on July 11, the European Commission has identified Web 4.0 and virtual worlds—often also referred to as the metaverse—as having the potential to transform the ways in which EU citizens live, work and interact.  The EU’s strategy consists of ten action points addressing four themes drawn from the Digital Decade policy programme and the Commission’s Connectivity package: (1) People and Skills; (2) Business; (3) Government (i.e., public services and projects); and (4) Governance.

The European Commission’s strategy indicates that it is unlikely to propose new regulation in the short to medium-term: indeed, European Competition Commissioner Margarethe Vestager has recently warned against jumping to regulation of virtual worlds as the “first sort of safety pad.” Instead, the Commission views its framework of current and upcoming digital technology-related legislation (including the GDPR, the Digital Services Act, the Digital Markets Act and the proposed Markets in Crypto-Assets Regulation) to be applicable to Web 4.0 and virtual worlds in a “robust” and “future-oriented” manner. 

What Are Virtual Worlds and Web 4.0?

The Commission defines virtual worlds as being “persistent, immersive environments, based on technologies including 3D and extended reality (XR), which make it possible to blend physical and digital worlds in realtime, for a variety of purposes.”  It considers Web 4.0 to be the “fourth generation of the World Wide Web,” which will feature “advanced artificial and ambient intelligence, the internet of things, trusted blockchain transactions, virtual worlds and XR capabilities.”  These will enable digital and real objects to integrate and communicate with each other to “seamlessly blen[d] the physical and digital worlds.”  According to Internal Market Commissioner Thierry Breton, the EU will “connect virtual world developers with industry users, invest in the uptake and scale-up of new technologies, and give people the tools and the skills to safely and confidently use virtual worlds.”  The EU is keen to ensure that it establishes itself as a leader in Web 4.0 and virtual worlds, and that the emerging metaverse reflects EU values, principles, and fundamental rights. The strategy is the latest in a series of metaverse-related EU initiatives and announcements.Continue Reading European Commission Publishes New Strategy on Virtual Worlds

Late yesterday, the EU institutions reached political agreement on the European Data Act (see the European Commission’s press release here and the Council’s press release here).  The proposal for a Data Act was first tabled by the European Commission in February 2022 as a key piece of the European

Continue Reading Political Agreement Reached on the European Data Act

There is a flurry of new EU initiatives to regulate the metaverse. Last week, the European Commission launched a public consultation (open until May 3, 2023) to “develop a vision for emerging virtual worlds (e.g. metaverses), based on respect for digital rights and EU laws and values” such that “open, interoperable and innovative virtual worlds … can be used safely and with confidence by the public and businesses.” This initiative follows closely on another EU public consultation on allocating costs of expanding network infrastructure (open until May 19, 2023). As explained by the EU’s internal market commissioner, Thierry Breton, the increased data required by new technologies such as the metaverse necessitate transforming the underlying digital infrastructure. Separately, Commission President Ursula von der Leyen launched last September a non-legislative initiative on the metaverse. Similarly, the European Parliament is also working on its own-initiative report on opportunities, risk and policy implications for the metaverse.

As EU officials grapple with potential regulatory constraints as well as policy building blocks for the metaverse, they will need to address issues common across the globe: how to take advantage of the technological inflection point offered by the metaverse, while ensuring competition, privacy, and cybersecurity, among the many legal topics raised by the metaverse.

Metaverse Prospects

This rapidly increasing regulatory attention is unsurprising as the metaverse is estimated to generate up to $5 trillion in global market impact by 2030 and already in 2022, investments into the metaverse doubled compared to the previous year, reaching over $120 billion. As a multifaceted and complex digital ecosystem, the metaverse provides a wide array of investment opportunities as, in principle, nearly anything done physically could be done meta.Continue Reading Regulating the Metaverse in Europe

In 2022, the European Union announced the creation of Digital Partnerships with three Asian countries: Japan, South Korea and Singapore. This is in line with the EU’s Digital Compass strategy which seeks to make the European Union the most connected continent by 2030. The European Commission is expanding its connections between Europe and the rest of the world to address the digital divide and further develop a sustainable digital economy with trusted partners.

Below we set out the key points from the Digital Partnerships that the European Commission has announced with Japan, South Korea and Singapore, respectively.

EU-Japan Digital Partnership

During the EU-Japan Summit organised on May 12, 2022, the European Union and Japan concluded the EU-Japan Digital Partnership, the first digital cooperation initiative to advance economic growth and provide a safe and inclusive space to solve digital issues. This effort furthers the “Data Free Flow with Trust” agenda, aimed at facilitating safe and secure cross-border data flows.

The EU-Japan Partnership will also focus on the following areas:

  • 5G/6G technologies;
  • Ethical considerations for Artificial Intelligence (“AI”);
  • Global supply chains in the semiconductor industry;
  • Green data infrastructures and data innovation;
  • Development of digital skills for private and public sectors; and
  • Facilitation of digital trade and application of global interoperable standards.

As part of the common vision, the Digital Partnership identified a number of key action items, as follows:

  • Collaborating on the development of innovative technologies through research;
  • Implementing concrete pilot projects in cutting-edge areas such as AI and digital identity;
  • Establishing mechanisms for international collaboration and common approaches to digital transformation; and
  • Developing common principles and rules through regulatory cooperation on key technology enablers for digital trade.

All the above will reflect the highest standards of data protection and follow the objectives set out by the EU-Japan mutual adequacy arrangement. The implementation of the EU-Japan Digital Partnership will start in 2023 and the countries will review their targets and progress on an annual basis.

EU-South Korea Digital Partnership

On November 28, 2022, the European Union and the Republic of Korea launched a new Digital Partnership to boost the cooperation between the two countries in the digital field. This collaboration will mainly focus on:

  • Semiconductors;
  • Next generation mobile networks;
  • Quantum technology;
  • High Performing Computing (“HPC”);
  • Cybersecurity;
  • AI;
  • Digital platforms and standardization; and
  • Data and digital skills.

The key action items from the EU-Korea Digital Partnership include:

  • Engaging in collaborative research activities, facilitating access to, and participation in, international standardisation relating to emerging technologies in the digital sector.
  • The sharing of information on: (i) cybersecurity threats and other aspects of cybersecurity, (ii) data-related laws and systems, which build on the existing adequacy decision that the European Commission granted to Korea (and ensuring data free flow of data between Korea and the EU) and working towards identifying commonalities between their existing regulatory approaches, (iii) views on a 6G roadmap and future 6G spectrum needs, (iv) the laws and systems aimed at the development and global use of trustworthy and human-centric AI (e.g., definitions, use cases, high risk AI applications, and response measures) and coordinating positions on AI governance, (v) platform policies, and (vi) approaches to protectionist measures in the digital space.
  • The Digital Partnership will also establish a Korea-EU forum for semiconductor researchers to (i) discuss and share information on the latest technologies and trends, (ii) identify gaps and potential disruptions to the global supply chain, and (iii) explore potential opportunities for international standardisation of trusted chips and chip security.

EU-Singapore Digital Partnership

The European Union and Singapore announced on December 15, 2022 a new partnership that will focus on the digital sector and its issues. The EU-Singapore Digital Partnership will be formally signed and launched in 2023 and aims at reinforcing existing relationships between the European Union and Singapore in the digital realm to achieve sustainable economic growth. The range of digital issues the collaboration will focus on are:

  • Trade facilitation;
  • Trusted data flows and data innovation;
  • Digital trust and standards;
  • Digital skills for workers;
  • Digital transformation of businesses and public services; and
  • Emerging technologies (e.g. 5G/6G, AI and digital identities).

In contrast to the other partnerships, the EU-Singapore Digital Partnership is the first one to agree on the development and application of Digital Trade Principles (“Principles”). These Principles are designed to provide a common framework for digital strategies, which will in turn be used contribute to the ongoing OECD discussions on establishing rules regarding electronic commerce.

What are the next steps?

In announcing these Digital Partnerships, EU Commissioner, Thierry Breton mentioned that these Digital Partnerships are likely to:

  • impact recent EU proposals, such as the EU Chips Act or AI Act; and
  • help achieve interoperability between the EU and Asia, as the EU Commission and ASEAN countries continue to cooperate in the digital space.

As mentioned above, all three Digital Partnerships will be formally launched in 2023. We expect that the Digital Partnerships will be used as a strategic pathfinder for closer region-to-region digital connectivity and to develop enhanced cooperation with other ASEAN countries such as Thailand, Malaysia, among others.

If you would like to learn more about these Digital Partnerships, or how Covington could help you participate in related policy initiatives, please do not hesitate to contact us.Continue Reading EU Digital Partnerships with Asia: A New Path Towards Enhanced Digital Collaboration and Opportunities