Japan Passes Landmark AI Law: A New Governance Model for the Age of Artificial Intelligence
On May 28, 2025, Japan enacted its first national AI legislation, the AI Promotion Act; introducing a pioneering governance model that prioritizes structured collaboration, public transparency, and adaptive policy-making over traditional enforcement mechanisms. Find out more about the Japanese approach to AI governance in this article, and what makes it different.
The New ISO standard for AI Impact Assessment: ISO/IEC 42005 Published in May 2025
Released in May 2025, ISO/IEC 42005 is the newest European AI standard focused on real-world fundamental rights impact assessment. Paired with ISO 42001, it marks a major shift in global AI governance. ART25 Consulting helps you take the lead.
The Take It Down Act: U.S. Federal Law Addressing Non-Consensual Intimate Imagery and AI-Generated Deepfakes
Enacted on May 19, 2025, the Take It Down Act criminalizes non-consensual intimate images, including AI-generated deepfakes, and requires platforms to remove such content within 48 hours. It introduces “digital forgery” as a legal term and imposes strict compliance and penalties.
€530 Million in Fines: TikTok’s Costly Data Transfer Mistake and GDPR Lessons Learned for other companies
TikTok’s €530 million GDPR fine reveals critical data protection lapses in cross-border data transfers. From misleading regulators to exposing European data to unauthorized access, TikTok’s compliance failures are a wake-up call for global businesses. Could your data transfer practices withstand similar scrutiny? Discover the key lessons and strategies to avoid costly penalties.
How to Operationalize Human Oversight in HR: Key Steps for AI Governance and Privacy
Meaningful human oversight is a legal obligation under the EU AI Act for high-risk AI systems, requiring active, informed intervention by individuals with the authority and in-depth understanding of AI systems (AI literacy) to override decisions and identify compliance risks. This article explores how oversight must function in practice and how it intersects with automated decision-making under GDPR Article 22.
Shadows of Surveillance: How AI Exploitation Undermines National Security and Human Rights
Artificial intelligence is rapidly reshaping the world, but without robust AI governance and data protection laws, the consequences can be devastating for democratic societies. From AI-driven phishing attacks targeting seniors to AI-generated propaganda manipulating public opinion, the risks to national security are escalating. This article explores how AI exploitation is endangering data sovereignty, spreading disinformation, and deepening ideological divides, and what governments must do to protect vulnerable populations and maintain public trust.
Trump’s Actions Could End EU US Data Transfers. What Every C-Level Executive Should Prioritize Now
Can EU–US Data Transfers and the Adequacy Decision Survive Trump’s Drastic Geopolitical and Economic Policy Shift? With Trump already dismantling privacy oversight structures, the legal basis for EU US data transfers is unraveling. This article explains what managing directors and senior leaders must do now to prepare for compliance fallout and operational risk.
€1.2M Fine for Orange Telecom: How One Employee’s Mistake Led to a Massive GDPR Penalty
Learn how one employee’s oversight led to a €1.2 million fine for Orange Telecom in Spain. Find out what went wrong, the lessons learned, and actionable steps to protect your business from similar risks
Blind Trust or Due Diligence? Managing Supplier Risks Before Disaster Strikes
Ensure business resilience by implementing a comprehensive supplier governance framework, incorporating audits, risk reporting, and penalties for non-compliance, to protect against potential third-party disruptions and negligence
How Meta Pixel Mismanagement Led to Apoteket’s SEK 37 Million Fine
Delve into Apoteket’s experience with Meta Pixel misconfiguration, which led to unauthorized data transfers, and understand the critical role of continuous monitoring and gap analysis in maintaining data privacy compliance.
The EU AI Act: World’s first comprehensive AI Law as of August 2024
Gain insight into the AI Act’s objectives and requirements, and learn how to navigate AI regulation, ensuring compliance and mitigating potential legal risks for businesses.