Photo of Madelaine Harrington

Madelaine Harrington

Madelaine Harrington is an associate in the technology and media group. Her practice covers a wide range of regulatory and policy matters at the cross-section of privacy, content moderation, artificial intelligence, and free expression. Madelaine has deep experience with regulatory investigations, and has counseled multi-national companies on complex cross-jurisdictional fact-gathering exercises and responses to alleged non-compliance. She routinely counsels clients on compliance within the EU regulatory framework, including the General Data Protection Regulation (GDPR), among other EU laws and legislative proposals.

Madelaine’s representative matters include:

coordinating responses to investigations into the handling of personal information under the GDPR,
counseling major technology companies on the use of artificial intelligence, specifically facial recognition technology in public spaces,
advising a major technology company on the legality of hacking defense tactics,
advising a content company on compliance obligations under the DSA, including rules regarding recommender systems.

Madelaine’s work has previously involved representing U.S.-based clients on a wide range of First Amendment issues, including defamation lawsuits, access to courts, and FOIA. She maintains an active pro-bono practice representing journalists with various news-gathering needs.

Contact:Read more about Madelaine HarringtonEmail

The UK Government today announced that it intends to ban social media platforms from offering services to children under 16, alongside wider restrictions on certain online functionalities that the Government has identified as harmful to children.

The announcement follows the conclusion of the Department for Science, Innovation and Technology’s (“DSIT”) consultation, “Growing up in the online world,” which received more than 116,000 responses (we originally wrote about that consultation here). The Government intends to bring the first regulations to Parliament before the end of the year using powers created by the Children’s Wellbeing and Schools Act 2026 (“CWSA”), with protections expected to come into force in Spring 2027. Today’s announcement is the latest in a series of significant developments reshaping the UK’s online safety framework. We summarize some of these latest developments below.

Continue Reading Online Safety in the UK: Social Media Ban for Under 16s and Other Recent Developments

On 19 May 2026, the European Commission published its long-awaited draft, non-binding guidelines on the classification of high-risk AI systems (“HRAIs”) under the EU AI Act (the “Guidelines”). Across three documents—covering general principles, high-risk classification in the context of regulated products (Annex I), and high-risk use cases (Annex III)—the Commission sets out its approach to one of the AI Act’s central questions: when does an AI system fall within the high-risk regime (and, just as importantly, when does it not)?

Continue Reading EU AI Act Update: The European Commission Publishes Draft Guidelines on HRAIs

On 7 May 2026, negotiators from the Council of the European Union, the European Parliament, and the European Commission reached a provisional agreement on the terms of the Digital Omnibus on AI, marking the first set of amendments to the EU AI Act since its adoption in June 2024. The

Continue Reading EU AI Act Update: Timeline Relief, Targeted Simplification, and New Prohibitions

On 7 May 2026, negotiators from the Council of the European Union, the European Parliament, and the European Commission reached a provisional agreement on the terms of the Digital Omnibus on AI, marking the first set of amendments to the EU AI Act since its adoption in June 2024. The final package of amendments reflects a mix of pragmatic timeline extensions, focused simplification measures, and a small number of substantive policy changes.

Continue Reading EU AI Act Update: Timeline Relief, Targeted Simplification, and New Prohibitions

In a recent addition to the EU’s evolving digital rulebook, the European Commission has published a set of Guidelines under the European Media Freedom Act (“EMFA”). The Guidelines advise very large online platforms, as defined under the Digital Services Act (“DSA”), on how to set up a functionality that lets media organisations identify themselves—and, in doing so, unlock a set of procedural protections when it comes to content moderation.

Continue Reading European Commission Issues Guidelines on Article 18 of the European Media Freedom Act

On 3 February 2026, the second International AI Safety Report (the “Report”) was published—providing a comprehensive, science-based assessment of the capabilities and risks of general-purpose AI (“GPAI”). The Report touts itself as the largest global collaboration on AI safety to date—led by Turing Award winner Yoshua Bengio, backed by an Expert Advisory Panel with nominees from more than 30 countries and international organizations, and authored by over 100 AI experts.

The Report does not make specific policy recommendations; instead, it synthesizes scientific evidence to provide an evidence base for decision-makers. This blog summarizes the Report’s key findings across its three central questions: (i) what can GPAI do today, and how might its capabilities change? (ii) what emerging risks does it pose? And (iii) what risk management approaches exist?

Continue Reading International AI Safety Report 2026 Examines AI Capabilities, Risks, and Safeguards

On July 10, 2025, the AI Office published the final version of the Code of Practice for General-Purpose AI Models (the “Code”).  The Code is a voluntary compliance tool designed to help companies comply with the AI Act obligations for providers of general-purpose AI (“GPAI”) models.  The AI Office and the AI Board will now assess the Code and may approve it via an adequacy decision.  Once approved, the European Commission is expected to formally adopt the Code via an implementing act.

The Code details how providers of GPAI models may comply with their obligations under the AI Act.  It comprises three chapters, each covering different aspects of AI Act compliance: (i) transparency, (ii) copyright, and (iii) safety and security.  The first two chapters apply to all providers of GPAI models, while the third addresses obligations for providers of GPAI models with systemic risk.  By adhering to the Code, signatories agree to implement their AI practices in accordance with the commitments contained in the Code.

Continue Reading AI Office Publishes Final Version of the Code of Practice for General-Purpose AI Models

On 14 July 2025, the European Commission published its final guidelines on the protection of minors under the Digital Services Act (“DSA”) (the “Guidelines”). The Guidelines are intended to provide guidance to providers of online platforms that are “accessible to minors” on meeting their obligations to “put in place appropriate and proportionate measures to ensure a high level of privacy, safety, and security of minors, on their service” (DSA, Art. 28(1)).

The European Commission published a draft version of the guidelines for consultation on 13 May 2025 (“Draft Guidelines”) (see our blog post here). The final Guidelines include some amendments to the Draft Guidelines on the basis of the feedback received during consultation, clarifying and building out further the recommended measures.

Although the Guidelines are non-binding, the Commission has made clear that it intends to use the Guidelines as a “significant and meaningful” benchmark when assessing in-scope providers’ compliance with Article 28(1) DSA.

Continue Reading European Commission Makes New Announcements on the Protection of Minors Under the Digital Services Act

EU lawmakers are reportedly considering a delay in the enforcement of certain provisions of the EU Artificial Intelligence Act (AI Act). While the AI Act formally entered into force on 1 August 2024, its obligations apply on a rolling basis. Requirements related to AI literacy and the prohibition

Continue Reading European Commission hints at delaying the AI Act

In February 2025, the European Commission published two sets of guidelines to clarify key aspects of the EU Artificial Intelligence Act (“AI Act”): Guidelines on the definition of an AI system and Guidelines on prohibited AI practices. These guidelines are intended to provide guidance on the set of AI Act obligations that started to apply on February 2, 2025 – which includes the definitions section of the AI Act, obligations relating to AI literacy, and prohibitions on certain AI practices.

This article summarizes the key takeaways from the Commission’s guidelines on the definition of AI systems (the “Guidelines”). Please see our blogs on the guidelines on prohibited AI practices here, and our blog on AI literacy requirements under the AI Act here.

Defining an “AI System” Under the AI Act

The AI Act (Article 3(1)) defines an “AI system” as (1) a machine-based system; (2) that is designed to operate with varying levels of autonomy; (3) that may exhibit adaptiveness after deployment; (4) and that, for explicit or implicit objectives; (5) infers, from the input it receives, how to generate outputs; (6) such as predictions, content, recommendations, or decisions; (7) that can influence physical or virtual environments. The AI System Definition Guidelines provide explanatory guidance on each of these seven elements.

Continue Reading European Commission Guidelines on the Definition of an “AI System”