UK law
UK government tables amendment to Crime & Policing Bill to tackle AI child abuse images
Under new amendments to the Crime & Policing Bill, designated bodies like AI developers and child protection organisations, such as the Internet Watch Foundation (IWF), may scrutinise AI models, and ensure safeguards are in place to prevent them generating or proliferating child sexual abuse material, including indecent images and videos of children. Currently, criminal liability to create and possess this material means developers cannot carry out safety testing on AI models, and images can only be removed after they have been created and shared online. The new law aims to make sure that AI systems’ safeguards can be robustly tested. The laws will also enable organisations to check that AI models have protections against extreme pornography and non-consensual intimate images. While possessing and generating child sexual abuse material is already illegal under UK law, both real and synthetically produced by AI, improving AI image and video capabilities present a growing challenge. The new provisions aim to make misuse more difficult by enabling companies to ensure their safeguards are effective and to develop innovative, robust methods to prevent model misuse.
ICO issues Guide to Law Enforcement Processing
The ICO has issued its Guide to Law Enforcement Processing. It is aimed at those with day-to-day responsibility for data protection in organisations with law enforcement functions. It explains the data protection regime that applies to those authorities when processing personal data for law enforcement purposes. It covers part 3 of the Data Protection Act 2018, which is separate from the UK GDPR regime. It explains each of the data protection principles, rights and obligations. It summarises the key points people need to know and answers frequently asked questions. Where relevant, this guide also links to more detailed guidance and other resources, including ICO guidance and relevant European guidance published by the European Data Protection Board. EDPB guidelines are no longer directly binding on the UK regime but are included as a useful reference resource.
EU law
EDPS issues guidance for risk management of AI systems
The EDPS has published a new guidance document designed to support controllers in conducting data protection risk assessments when developing, procuring, and deploying AI systems under Regulation 2018/1725. It aims at providing valuable insights and practical recommendations to help identify and mitigate common technical risks associated with AI systems, helping to protect personal data.
EU Gigabit Infrastructure Act now in effect
The EU’s Gigabit Infrastructure Act (GIA) is now largely in effect, aiming to make fast and advanced connectivity widely available across the EU by tackling persisting challenges that operators encounter when setting up infrastructure. The Act further aims to reduce costs and complexities in the deployment of fibre and 5G networks in the EU. Future-proof networks are needed to support the innovative services rapidly developing with the use of AI and cloud computing among others. The Act focuses on simplifying complex procedures and making telecom network expansion faster. Key features include more infrastructure sharing and better coordination of civil works among operators, as well as enabling network installation together with other public works. Other important aspects of the new rules include digitalising procedures for permits to install infrastructure, making available information on existing physical infrastructure and planned civil works. GIA also leverages the building renovation wave by equipping new structures and those undergoing major renovation with fibre-ready in-building physical infrastructure and fibre wiring. The Commission is working closely with EU member states and The Body of European Regulators for Electronic Communications (BEREC) on the application of these new rules.
EUIPO launches new AI-powered tool to screen trade marks before filing
The European Union Intellectual Property Office has launched “Early TM Screening”, a new standalone pre-assessment tool designed to help users identify potential issues with their prospective trade mark. The tool makes the filing journey smoother, simpler and less error-prone through early detection of problems that could lead to refusal of a trade mark, thus helping users safeguard their financial investment. Some of its functions are powered by AI, providing enhanced accuracy and speed in the pre-assessment process.
Irish DPC issues statement on LinkedIn AI training
The Irish Data Protection Commission has issued a statement about LinkedIn’s plans for AI training. In March 2025, LinkedIn informed the DPC of its intention to train its own proprietary generative AI models using the personal data of LinkedIn members based in the EU/EEA, beginning in early November 2025. The DPC identified a series of risks and other issues with the company’s proposed processing of personal data. The DPC made several recommendations to LinkedIn to address the potential negative impact its plans could have on the data protection rights of individuals. As a result, LinkedIn adopted a number of changes to its plan, including: improved transparency notices for users helping them to understand the personal data LinkedIn will process to train its AI models and their ability to opt out if they so wish; a reduction in the scope of the personal data that LinkedIn would process to train its models, both in terms of the personal data to be used and the time period from which it proposed to draw the data; improved measures to prevent the personal data of LinkedIn users under the age of 18 from being used to train the models; improved measures to protect users, including through the implementation of filters to avoid the collection of potentially sensitive information shared on certain LinkedIn Pages and Groups, including trade union-related content; and the provision of more detailed risk assessments and other required documentation under the GDPR, such as their Legitimate Interest Assessment, Data Protection Impact Assessment and a Compatibility Assessment. The DPC has not approved, or found compliant, LinkedIn’s use of users’ personal data for generative AI model training. However, the additional measures implemented by LinkedIn have sufficiently addressed the DPC’s concerns such that further regulatory intervention is not considered necessary at present. The DPC will continue to monitor LinkedIn’s GDPR compliance and will exercise further regulatory powers if necessary.
Coimisiún na Meán Investigates X
Coimisiún na Meán is investigating X under the EU Digital Services Act (DSA). The investigation will assess if X has contravened Article 20 of the DSA. The investigation arises from concerns held by Coimisiún na Meán’s Platform Supervision Team, regarding X’s compliance with Article 20 of the DSA (as well as concerns expressed by an NGO, HateAid and a user). The investigation will look into: if people can appeal X’s decisions not to remove content when they report something that they think breaches X’s terms of service; if people are properly informed of the outcome of a report they make and if they are told about their rights of appeal, and if X has an internal complaints-handling mechanism that is easy to access and user friendly. Article 20 of the DSA states that users must be provided with access to an effective internal complaint-handling system that allows them to lodge complaints (effectively an appeal) against certain decisions taken by the platforms, eg whether to remove or disable access to content or to suspend or terminate accounts. An Coimisiún, as Ireland’s Digital Services Coordinator, is responsible for the application of the DSA, and for supervising platforms established in Ireland for their compliance with the DSA. Coimisiún na Meán also supervises compliance with the Online Safety Code and the EU Terrorist Content Online Regulation under its Online Safety Framework. The investigation will be conducted under Part 8B of the Broadcasting Act 2009, as amended. If a provider is found in violation of the DSA, Coimisiún na Meán can apply an administrative financial sanction, including a fine of up to 6% of turnover. Any fine imposed would be confirmed by either the Circuit Court or High Court. During an investigation concerning a possible breach of the DSA, Coimisiún na Meán and the provider can enter into a binding Commitment Agreement, in which the provider agrees to take measures that appear to An Coimisiún to address any issue relating to compliance by the provider.
