The first requirements under the EU Artificial Intelligence (AI) Act come into effect on February 2, 2025, banning prohibited AI practices and requiring AI literacy measures for providers and deployers. The AI Act, which entered into force on August 1, 2024, is being implemented in stages, with most provisions applying by August 2, 2026. This article outlines the key provisions now in effect and considers additional guidance to be expected from the regulators.

The Cyber Resilience Act (CRA) relies heavily on delegated and implementing acts, along with guidance documents, adopted by the European Commission. This approach reflects a broader trend in EU legislation, particularly in complex and technical areas like cybersecurity. However, it also introduces regulatory uncertainty for businesses. This article examines the delegated and implementing acts under the CRA and explores their potential impact on economic operators.

The EU Cyber Resilience Act (CRA), in force since 10 December 2024, introduces mandatory cybersecurity requirements for products with digital elements in the EU market. The legislation impacts manufacturers, importers, and distributors of hardware and software with digital components. This article outlines the key provisions of the regulation, focusing on aspects relevant to manufacturers of digital products, and explains the implementation timeline and enforcement approach.

The European Union has taken a significant step forward in modernizing its product liability framework. On 18 November 2024, the new Product Liability Directive (PLD) was officially published, marking a shift in how the EU addresses liability for defective products in the digital age. This update to the nearly 40-year-old regime brings major changes that will impact businesses across various sectors, particularly those involved in software and AI development.