On Dec. 5, 2025, the German act implementing the EU NIS 2 Directive was published.
Continue Reading NIS2 in Germany: The New BSI Act Makes Cybersecurity a Board-Level Issue
New DSK Guidelines Aim to Set the Standard for International Research Collaborations
The German data protection supervisory authorities have released their take on international data transfers in medical research.
Continue Reading New DSK Guidelines Aim to Set the Standard for International Research Collaborations
EU NIS 2 Directive: Expanded Cybersecurity Obligations for Key Sectors
NIS 2 (Directive (EU) 2022/2555), the European Union’s updated framework for cybersecurity, is designed to enhance cybersecurity across the EU by establishing a high common level of security for network and information systems.
Continue Reading EU NIS 2 Directive: Expanded Cybersecurity Obligations for Key Sectors
EU AI Act: Key Compliance Considerations Ahead of August 2025
The EU AI Act marks the world’s first comprehensive legal framework for using and developing AI. Implementation may pose structural, technical, and governance-related challenges for companies, particularly in the area of general-purpose AI (GPAI).
Continue Reading EU AI Act: Key Compliance Considerations Ahead of August 2025
Digital Policy: Highlights of the German Coalition Agreement 2025
The newly published German Coalition Agreement 2025 (CA 2025), German language version available here, outlines a digital agenda of the new German government, aimed at strengthening Germany’s position as a leader in digital innovation, data protection, and technological sovereignty. This GT Alert provides an overview of key digital policy areas that the CA 2025
Enforcement Update: Regulatory Attention Focused on Deletion Requests
Regulatory authorities globally are prioritizing data deletion rights, including legislation like California’s Delete Act and enforcement actions in Europe and Oregon. Businesses should consider enhancing their mechanisms for handling deletion requests to ensure compliance and build consumer trust.
Continue Reading Enforcement Update: Regulatory Attention Focused on Deletion Requests
EDPB Release Pseudonymization Guidelines to Enhance GDPR Compliance
On Jan. 16, 2025 the European Data Protection Board (EDPB) published guidelines on the pseudonymization of personal data for public consultation. The Berlin Data Protection Commissioner (BlnBDI) played a leading role in drafting these guidelines (see the German-language BlnBDI press release). The consultation is ongoing, and comments can be submitted until Feb. 28, 2025
5 Trends to Watch: 2025 EU Data Privacy & Cybersecurity
- Full Steam Ahead: The European Union’s (EU) Artificial Intelligence (AI) Act in Action — As the EU’s landmark AI Act officially takes effect, 2025 will be a year of implementation challenges and enforcement. Companies deploying AI across the EU will likely navigate strict rules on data usage, transparency, and risk management, especially for high-risk AI
Developments in Data Protection Law – New EDPB Guidelines and Opinions
The European Data Protection Board (EDPB) has recently (re)positioned itself on several controversial topics and published three new guidelines and opinions. Although not legally binding, they do have a significant influence on proceedings before the supervisory authorities and courts. This GT Alert discusses the EDPB’s new guidelines and their implications for companies dealing with personal