The EU AI Act is entering into force in stages. While most of its provisions will not apply until August 2026, key requirements for general-purpose AI (GPAI) models took effect much earlier, starting on August 2, 2025.
In anticipation of this earlier milestone, the Code of Practice for General-Purpose AI Models was published on the…
As companies begin to move beyond large language model (LLM)-powered assistants into fully autonomous agents—AI systems that can plan, take actions, and adapt without human-in-the-loop—legal and privacy teams must be aware of the use cases and the risks that come with them.
What is Agentic AI?Agentic AI refers to AI systems—often built using LLMs but…
With the entry into force of the AI Act (Regulation 2024/1689) in August 2024, a pioneering framework of AI was established.
On February 2, 2025, the first provisions of the AI Act became applicable, including the AI system definition, AI literacy and a limited number of prohibited AI practices. In line with article 96 of…
The European Commission published its long-awaited Guidelines on Prohibited AI Practices (CGPAIP) on February 4, 2025, two days after the AI Act’s articles on prohibited practices became applicable.
The good news is that in clarifying these prohibited practices (and those excluded from its material scope), the CGPAIP also addresses other more general aspects…
(Updated May 12, 2025)
Since January, the federal government has moved away from comprehensive legislation on artificial intelligence (AI) and adopted a more muted approach to federal privacy legislation (as compared to 2024’s tabled federal legislation). Meanwhile, state legislatures forge ahead – albeit more cautiously than in preceding years.
As we previously reported,…
Our very own Alan Friel, Julia Jacobson, Kyle Dull and Samuel Marticke will be featured in a series of upcoming CLE webinars designed to equip legal professionals with practical strategies for drafting enforceable terms of use, managing privacy risks in AI, and navigating the latest state data privacy laws.
Drafting Terms of Use…
As we have covered, the public comment period closed on February 19th for the California Privacy Protection Agency (CPPA) draft regulations on automated decision-making technology, risk assessments and cybersecurity audits under the California Consumer Privacy Act (the “Draft Regulations”). One comment that has surfaced (the CPPA has yet to publish the comments), in particular,…
As we have previously detailed here, the latest generation of regulations under the California Consumer Privacy Act (CCPA), drafted by the California Privacy Protection Agency (CPPA), have advanced beyond public comments are closer to becoming final. These include regulations on automated decision-making technology (ADMT), data processing evaluation and risk assessment requirements and cybersecurity audits.…
Join Team SPB’s Alan Friel, Julia Jacobson and Kyle Dull for three informative webinars addressing key topics including AI-driven decision-making technologies, the development of terms of service and privacy policies, and best practices for the responsible use of AI and associated risk management.
A limited number of complimentary passes are available to clients for…
The European Commission has recently released its Guidelines on the Definition of an Artificial Intelligence System under the AI Act (Regulation (EU) 2024/1689). The guidelines are adopted in parallel to commission guidelines on prohibited AI practices (that also entered into application on February 2), with the goal of providing businesses, developers and regulators with further…
