Photo of Stacy Young

Stacy Young

Stacy Young is an associate in the London office. She advises technology and life sciences companies across a range of privacy and regulatory issues spanning AI, clinical trials, data protection and cybersecurity.

On July 30, 2024, the European Commission announced the launch of a consultation on trustworthy general-purpose artificial intelligence (“GPAI”) models and an invitation to stakeholders to express their interest in participating in the drawing up of the first GPAI Code of Practice (the “Code”) under the newly passed EU AI Act (see our previous blog here). Once finalized, GPAI model providers will be able to voluntarily rely on the Code to demonstrate their compliance with certain obligations in the AI Act.

Consultation

The consultation provides stakeholders with the opportunity to have their say on topics that will be covered by the Code. It will also inform the AI Office’s development of the template summary of training material that GPAI model providers will be required to publish under Article 53(1)(d) of the AI Act.

The consultation covers three topics:

  1. Transparency and copyright: This relates to the documentation and policies that providers of GPAI models should have in place to comply with EU copyright law. Part D relates to the content and level of granularity expected from the template summary of training material referenced above.
  2. GPAI models with systemic risk: This relates to how the systemic risks associated with certain GPAI models should be classified, identified and assessed, mitigated, and internally governed (through policies and procedures).
  3. Reviewing and monitoring the GPAI Code of Practice: This relates to how the AI Office will encourage and facilitate the review and adaptation of the Code after its initial implementation.

Interested parties can submit their responses to the consultation via an online form by September 18, 2024. They also have the option to share additional information with the AI Office by filling out the template document featured at the end of the questionnaire.Continue Reading European Commission Launches Consultation and Call for Expression of Interest on GPAI Code of Practice

Last month, the European Commission published a draft Implementing Regulation (“IR”) under the EU’s revised Network and Information Systems Directive (“NIS2”). The draft IR applies to entities in the digital infrastructure sector, ICT service management and digital service providers (e.g., cloud computing providers, electronic communications service providers, and online social networks). It sets out further detail on (i) the specific cybersecurity risk-management measures those entities must implement; and (ii) when an incident affecting those entities is considered to be “significant”. Once finalized, it will apply from October 18, 2024.

Many companies may be taken aback by the granular nature of some of the technical measures listed and the criteria to determine if an incident is significant and reportable – especially coming so close to the October deadline for Member States to start applying their national transpositions of NIS2.

The IR is open for feedback via the Commission’s Have Your Say portal until July 25.

  1. Cybersecurity risk-management measures

The Annex to the draft IR sets out further detail on the cybersecurity risk-management measures referred to in Article 21(2) of NIS2 that covered entities must implement.

As a general matter, the IR states that relevant entities should take a proportionate approach to applying these measures, and implement alternatives that achieve the same purpose if a specific measure is unsuitable (e.g., if a particular covered entity is small).Continue Reading NIS2: Commission Publishes Long-Awaited Draft Implementing Regulation On Technical And Methodological Requirements And Significant Incidents

On December 5, 2023, the Spanish presidency of the Council of the EU issued a declaration to strengthen collaboration with Member States and the European Commission to develop a leading quantum technology ecosystem in Europe.

The declaration acknowledges the revolutionary potential of quantum computing, which uses quantum mechanics principles and

Continue Reading Quantum Computing: Action in the EU and Potential Impacts