The European Commission’s draft guidelines on Article 50 of the EU AI Act clarify how transparency and disclosure obligations apply to interactive AI systems, synthetic content, deepfakes, and AI-generated text on matters of public interest. With the rules taking effect 2 August 2026, organizations should act now to assess their AI governance frameworks, labeling practices, and editorial workflows.
Greenberg Traurig Local Partner Dr. Philip Radlanski spoke at the 27th Handelsblatt Data Protection Congress in Berlin on May 19.
Continue Reading May 19 EVENT | GDPR Governance: Data Protection Meets Corporate Practice
The CJEU’s March 19, 2026, judgment in Case C-526/24 marks a significant development in GDPR enforcement, holding for the first time that even a single data access request may be refused as “excessive” under Article 12(5) GDPR if made in bad faith, while also confirming that an unjustified refusal to comply with such a request can itself give rise to damages liability under Article 82(1) GDPR.
Continue Reading CJEU: First Request for Access May Be Rejected as Abusive Under GDPR
With its Russmedia judgment (C-492/23, Grand Chamber, 2 December 2025), the Court of Justice of the European Union (CJEU or Court) fundamentally reshapes how online marketplaces and other platforms hosting user-generated content must approach data protection compliance.
Continue Reading CJEU’s Russmedia Decision Expands Platform Controller Duties Under GDPR
On Dec. 5, 2025, the German act implementing the EU NIS 2 Directive was published.
Continue Reading NIS2 in Germany: The New BSI Act Makes Cybersecurity a Board-Level Issue
The EU Data Act (Regulation (EU) 2023/2854) introduces a comprehensive framework to enhance data portability and reduce vendor lock-in across the EU digital economy. One impactful component is the cloud switching regime (Chapter VI), which establishes broad obligations to facilitate switching between “data processing services.” For providers of cloud-based services (such as Infrastructure
On Sept. 3, 2025, in a much-anticipated legal decision, the European General Court (EGC) rejected the request of a French member of Parliament to annul the EU-U.S. Data Privacy Framework (DPF or Framework).
Although this decision reinforces that U.S. organizations that have self-certified as to their adherence to the DPF principles may continue to receive
The upcoming EU Data Act introduces a user-centric approach to data generated by IoT devices, giving individuals and organizations unprecedented control over both personal and non-personal data. Discover what this paradigm shift means for data holders, business models, and the future of data sharing in the EU.
Continue Reading Action Required for Manufacturers of Connected Devices: Challenges Under the EU Data Act
NIS 2 (Directive (EU) 2022/2555), the European Union’s updated framework for cybersecurity, is designed to enhance cybersecurity across the EU by establishing a high common level of security for network and information systems.
Continue Reading EU NIS 2 Directive: Expanded Cybersecurity Obligations for Key Sectors
The EU AI Act marks the world’s first comprehensive legal framework for using and developing AI. Implementation may pose structural, technical, and governance-related challenges for companies, particularly in the area of general-purpose AI (GPAI).
Continue Reading EU AI Act: Key Compliance Considerations Ahead of August 2025