On March 13, 2024, the European Parliament adopted the European Union's (EU) Regulation laying down harmonized rules on artificial intelligence (AI), commonly known as the Artificial Intelligence Act (the AI Act) (see the European Parliament press release and OneTrust DataGuidance News article). Almost three years after the European Commission's first legislative proposal, and after the EU legislators reached a political agreement on the key aspects of the AI Act in December 2023 in the course of the trilogue following months of negotiations, the world's first comprehensive regulatory framework for AI has officially been approved. 

This Insight article addresses the most important questions as to what companies and other entities should know and consider when conducting any activities involving AI. Valentino Halim, Junior Partner at Oppenhoff & Partner, unpacks the AI Act and provides insight into the scope and key obligations of the new regulatory framework for AI at the EU level. 

The first part of this series on the EU's Artificial Intelligence Act (AI Act) explored the covered types of artificial intelligence (AI) and the corresponding obligations of each AI actor. The second part of this series provided a brief explanation of the importance for providers to comprehend and adhere to their obligations. In the third installment, we examined these provider obligations within the broader context of the evolving AI landscape. In the fourth article of this series, Starr Drum, Shareholder at Polsinelli PC, compares the AI Act with the National Institute of Standards and Technology's (NIST) Artificial Intelligence Risk Management Framework (AI RMF 1.0) (AI RMF). Through an exploration of their distinct features and complementary aspects, this article provides essential insights for organizations navigating AI governance.

As the adoption of AI accelerates globally, regulatory and voluntary frameworks play a crucial role in ensuring responsible and trustworthy AI deployment. This comparative analysis of the EU's AI Act against the NIST's AI RMF sheds light on the similarities and differences between these two influential guideposts, providing insights for organizations navigating the complex landscape of AI governance.

Kelly Hagedorn, Alex Sobolev, Hanna Hewitt, and Thomas Seward, of Orrick, Herrington & Sutcliffe (UK) LLP, provide a comprehensive overview of vendor privacy contracts in the UK. 

On December 22, 2023, the Turkish Personal Data Protection Authority (KVKK) published the Guidelines on the Protection of Privacy in Mobile Applications (the Guidelines) to address the existing and potential risks regarding the protection of privacy in mobile applications and to provide general recommendations to data subjects and data controllers. Melis Mert, of BTS & Partners, provides an overview of the key takeaways and enforceability of the Guidelines.