The AI Act rules for General-Purpose AI models have been applicable since August 2, 2025, with existing models having an extended deadline until August 2, 2027. The European Commission has published the final version of the General-Purpose AI Code of Practice, outlining commitments expected of these models. Member States were required to designate AI Act market surveillance authorities by August 2, 2025, and notify them to the Commission.
Recent developments include the German Conference of Data Protection Authorities issuing recommendations on GDPR compliance for AI systems, emphasizing data minimization, security, and transparency. Additionally, the Berlin data protection authority has deemed the Chinese chatbot DeepSeek unlawful due to extensive personal data collection and transmission to servers in China, violating GDPR.
Key Regulatory Updates:
- AI Act: Applicable to new General-Purpose AI models placed on the EU market after August 2, 2025
- GDPR: Emphasizes data minimization, security, and transparency in AI system development
- UK AI Regulation: Expected to introduce legislation in the second half of 2026, focusing on clear regulatory expectations for AI developers and users
Companies are adapting to data privacy changes by implementing robust data governance frameworks, conducting regular risk assessments, and utilizing privacy-enhancing technologies like encryption and differential privacy. Employee training and regulatory engagement are also crucial for ensuring compliance with evolving data protection regulations.
