🔴  Artificial Intelligence Act (AI Act)

• European Commission | Guidelines on AI System Definition. Clarifies how AI systems are defined under the AI Act, providing seven key parameters and distinctions between AI and non-AI systems. Link
• European Commission | Guidelines on Prohibited AI Practices. Provides practical explanations of prohibited AI practices under the AI Act. It covers bans on AI systems that engage in harmful manipulation, exploit vulnerabilities, conduct social scoring, predict individual criminal behavior, or use biometric categorization in certain contexts. Link

🟡 General Data Protection Regulation (GDPR)

• EDPB | Statement on Age Assurance. Provides recommendations on implementing age verification and assurance mechanisms in compliance with GDPR’s child protection requirements. Includes references to DSA. Link

🟣 Digital Services Act (DSA)

• European Commission | DSA Elections Toolkit for Digital Services Coordinators. Designed to help national regulators enforce the DSA during election periods, focusing on transparency and disinformation mitigation. Link
• European Commission | Code of Practice on Disinformation. The Commission and the European Board for Digital Services has endorsed the integration of the Code into the framework of the DSA. This integration will make the Code a benchmark for determining platforms’ compliance with the DSA. Link

🟢 Digital Operational Resilience Act (DORA)

• European Commission | RTS on Harmonisation of Conditions for Oversight Conduct. Now published in the Official Journal. Defines oversight requirements for ICT third-party service providers under DORA. Link
• European Commission | RTS on Reporting of Major ICT-Related Incidents. Now published in the Official Journal. Outlines standardized reporting obligations for major ICT-related incidents affecting financial institutions. Link | 💡 Streamlex analysis

🟢 Cyber Resilience Act (CRA)

• ENISA | Cyber Resilience Act Implementation via EUCC and its Applicable Technical Elements. Examines how the Cyber Resilience Act can be implemented in relation to the European Common Criteria-based cybersecurity certification scheme (EUCC). Link

🟢 Cyber Security Act (CSA)

• ENISA | EUCC Scheme Guidelines on Vulnerability Management and Disclosure. Outlines processes for vulnerability management and disclosure under the European Common Criteria-based cybersecurity certification scheme (EUCC). Also relevant to NIS2 and CRA. Link | 💡 Streamlex analysis

💡 StreamLex Exclusive Insights

• Delegated and Implementing Acts Under the CRA - Link
• First Provisions of the EU AI Act Take Effect - Link
• Seven New Acts and the Future of EU Digital Laws - Link
• Insights from AI Literacy Practices Implemented by 15 Organizations - Link
• DPIA Resources from the Swedish DPA - Link