US plots bold new AI policy course with “US AI Action Plan”
19 August 25
Jose Jehuda Garcia
This Global Trends Flash discusses the new US AI Action Plan (AIAP). This plan outlines over 90 federal policy actions aimed at achieving global artificial intelligence (AI) “dominance” for the US. The AIAP amounts to a stark departure from the prior presidential administration’s risk-focused AI policy approach. In many jurisdictions around the world, AI risk management is also at the heart of AI policy.
EU AI Act: Commission issues mandatory template for summary of content used to train general-purpose AI models
30 July 25
Elisar Bashir
The template requires the listing of data sources used to train the model such as public and private datasets as well as measures taken to avoid or remove illegal content under EU law from the training data. It is obligatory for all providers of GPAI models, including those released under free and open-source licenses. Providers of GPAI models already available in Europe before 2 August 2025 will have two years to publish their summaries.
EU AI Act: Commission issues non-binding guidelines for providers of general-purpose AI models
30 July 25
Elisar Bashir
The guidelines give the European Commission’s interpretation of how the AI Act applies to providers of GPAI models. They establish a threshold for all GPAI models covered by the new EU rules and clarify the notification procedure for those models with systemic risks. They also address the effect of signing up to the recently published code of practice. The provisions on GPAI models enter into application on 2 August 2025.
EU AI Act: analysis of code of practice on general-purpose AI models
28 July 25
Elisar Bashir
Providers of general-purpose AI (GPAI) models such as ChatGPT can demonstrate conformity with the relevant obligations under the AI Act by voluntarily signing up to the code. The chapters on transparency and copyright are addressed to all providers, while the commitments on safety and security are relevant only to providers of GPAI models which present systemic risks.
Key takeaways from EU co-legislator’s compromise text on new GDPR procedural rules for cross-border cases
28 July 25
Javier Huerta Bravo
A 15-month deadline for the lead data protection authority to adopt its draft decision on the case is set out. This could speed up the resolution of cross-border cases, which currently may take nearly five years from receiving a complaint to issuing a final decision.
Canada consults on children’s privacy code
24 July 25
Carolina Limbatto
The Canadian data protection authority is consulting until 5 August 2025 on a children’s privacy code that would clarify the obligations of private parties under the data protection framework PIPEDA. The code would apply to the handling of the personal information of those under the age of 18.