Legal News

Public. Resource. Org and Right to Know v Commission and Others, Case C-588/21 What are the practical implications of this case? Although the dispute concerned four particular harmonised standards, the Court’s reasoning applies more widely to other harmonised standards as well. Where such standards are mandatory or create a presumption of conformity with safety requirements, there is a clear public interest in their disclosure, so the European Commission cannot refuse access by invoking the Article 4(2) exception in Regulation ( EC) 1049/2001. Consequently, companies will be able to obtain harmonised standards to verify and ensure compliance with EU legislation without paying a fee; however, this may influence the business model of European standardisation organisations. What was the background? Under the European product safety rules, certain products can only be placed on the EU market if they satisfy safety requirements. Showing compliance with those...

In recent months, solicitors have been guiding business clients on evaluating the risks posed by their artificial intelligence ( AI) systems and on taking immediate steps to establish internal governance frameworks, so that organisations keep pace with compliance under the far-reaching new law, approved by the Council of the EU in May 2024 and phased in across the next 36 months. Gibson Dunn & Crutcher LLP partner Joel Harrison, co-chair of the firm's privacy, cybersecurity and data innovation practice group, told Law360 that numerous companies are working out internally where responsibility for AI governance should sit within current corporate arrangements, a task complicated by lingering ambiguities in the statute. He said many organisations are wrestling with the placement of AI governance and how the new AI rules intersect with their data privacy and security practices, as they determine how these...

VT, UR v Conny Gmb H Case C-400/22 What are the practical implications of this case? Traders and consumers using websites to conclude distance contracts should note that the trader’s duty to secure, at the moment of ordering, the consumer’s clear confirmation of a commitment to pay, as required by Article 8(2) of Directive 2011/83/ EU, applies even where payment falls due only once a later condition is met. These consequences carry particular weight for traders that, as in the case before the Court of Justice, operate assignment-based models to advance consumers’ rights, with remuneration owed only if certain triggers occur—for example, a wholly or partly successful assertion of rights, or another formal step towards that result. Although the matter arises from a specific national context in which a trader offers to pursue tenancy-related entitlements, the knock-on effects are broader and touch any set-up where traders invite...

Online marketplaces and e-commerce sites may not be the most obvious targets of the EU’s landmark content-moderation law. Yet a wave of newcomers and mounting worries suggest they could soon sit at the centre of high-profile enforcement. Most coverage and political rhetoric around the Digital Services Act ( DSA)—the EU’s online safety regime applied to Very Large Online Platforms ( VLOPs) since August 2023 and to smaller services from February 2024—has zeroed in on social media. But marketplaces deserve equal attention. As EU internal market commissioner Thierry Breton underlined when opening a DSA probe into Ali Express, the law goes beyond hate speech, disinformation and cyberbullying; it also obliges e-commerce platforms to take down unlawful or unsafe goods offered in the EU Single Market, and compliance is a prerequisite for operating there. Some of these operations are vast businesses: Amazon, Zalando, Ali Express, Shein and, as of late last...

Meta is facing complaints from 11 European data protection authorities After announcing a privacy policy revision signalling it would use personal data to develop ‘ AI technology’, Meta now faces formal complaints from 11 European data protection authorities. Max Schrems’ campaign group NOYB has lodged cases with privacy watchdogs in Austria, Belgium, France, Germany, Greece, Ireland, Italy, the Netherlands, Norway, Poland and Spain, urging the regulators to urgently stop the change before it takes effect on 26 June. NOYB has specialised in strategic complaints, including those that led to the invalidation of Meta’s legal basis under contract for processing personal data for advertising. Since then, Meta has switched to the ‘legitimate interest’ legal basis. While the General Data Protection Regulation sets out six potential legal bases for processing personal data, the prevailing doctrine arising from data protection authorities’ guidance and decisions has......

In this issue: Commercial Data protection and cybersecurity Financial services Energy Environment IP Life sciences TMT Lex Talk®EU Law: a Lexis®Nexis community Daily and weekly news alerts New and updated content Commercial Council of the EU adopts Directive on right to repair The Council of the EU has approved a Right to Repair Directive aimed at encouraging the fixing of broken or faulty goods. It seeks to make repair services easier to access, more transparent and appealing, and brings in measures that include a European online portal for consumers to find repair providers, plus a 12-month extension to the legal guarantee when a customer chooses repair instead of replacement. Following signature by the President of the European Parliament and the President of the Council, the Directive will be published in the Official Journal of the EU and will...

AI providers in the EU AI firms operating in the EU, including Open AI, and their users are unlikely to face a standalone AI product liability regime, as EU governments and the European Parliament doubt the need for one. Most countries prefer to wait for the outcome of the Parliament’s study, an EU official told MLex, with France and the Netherlands particularly sceptical. The prevailing worry is that the sector could be over-regulated. Such an AI liability law would ease the burden of proof for individuals seeking compensation for harm linked to AI systems, and impose fresh disclosure duties on systems labelled ‘high-risk’ under the EU AI Act. Member States concur that addressing liability in the AI context matters. However, the EU Product Liability Directive, approved in March 2024, together with existing national liability frameworks, may already suffice, MLex...

Within digital policy circles, the adoption of the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR), marked a defining milestone, signalling the moment the EU positioned itself as a check on Big Tech and a global pacesetter in digital rule‑making. Even six years on, its meaning and enforcement still prompt extensive debate—so much so that a new instrument is being negotiated to revise its procedural framework. Yet the EU GDPR proved only the opening chapter. During Ursula von der Leyen’s tenure, the European Commission tabled and ultimately enacted a wave of digital and cybersecurity measures, many rivalling or even exceeding the EU GDPR in breadth and ambition. The Digital Services Act, Digital Markets Act, Artificial Intelligence Act, Data Act, Data Governance Act, Network and Information Security Directive, Directive ( EU) 2022/2555 ( NIS2), Cyber Solidarity Act, Cyber...

In this issue: EU fundamentals Competition and state aid Data protection and cybersecurity Free movement, immigration and employment Financial services Energy Environment IP Life sciences Regulatory TMT International trade Daily and weekly news alerts New and updated content EU fundamentals European Commission releases May 2024 infringement package The Commission has published the May 2024 infringement package, setting out the EU Member States it is taking action against for failing to comply with their obligations under EU law. The May 2024 package comprises formal letters of notice to Portugal for not correctly transposing Directive 92/43/ EEC (the Habitats Directive), to Italy for failing to fully and correctly transpose Directive ( EU) 2019/904 (the Single- Use Plastics Directive) and for breaching obligations under Directive ( EU) 2015/1535 (the Single Market Transparency Directive), and it also refers Italy to the Court of Justice for failure to ensure the correct implementation of Directive 2014/89/ EU (the Directive establishing a framework for maritime spatial...

In Citadines v MPLC Deutschland Gmb H ( Case C‑723/22), the Court of Justice delivered a fresh ruling on Article 3(1) of the EU Copyright Directive, addressing the extent of liability for communicating a protected work to the public. The matter came by way of a reference from a German court in proceedings between the hotel operator Citadines Betriebs Gmb H ( Citadines) and the collective management organisation MPLC Deutschland Gmb H ( MPLC). Background The dispute relates to the transmission of an episode from a television series, in which MPLC held the rights. The episode first aired on a public television channel and was subsequently relayed for viewing by guests on television sets installed by Citadines in bedrooms and in the hotel’s fitness area. That relay took place via the hotel’s own cable distribution network. Citadines had already entered into licensing...

In this issue: Commercial Data protection and cybersecurity Financial services Energy Environment IP Life sciences TMT Daily and weekly news alerts Trackers New and updated content Commercial Viagogo commits to better inform consumers of the resale of tickets The European Commission has confirmed that Viagogo, an online marketplace for second-hand event tickets, has pledged to stop pressuring consumers with excessive countdown prompts and to provide clearer details about ticket resale conditions in line with EU consumer protection rules. This follows numerous complaints submitted to the Commission and national consumer authorities. Viagogo will roll out website changes by the end of August 2024, including clearer ticket ranking in search results, fewer countdown notices on the site, and early disclosure on the ticket selection page of whether the ticket seller is a trader or another consumer. Viagogo has also committed, by the end of August 2024, to make changes and clarifications to several clauses in its terms and...

Kneipp Gmb H v EUIPO, Case T‑157/23 What are the practical implications of this case? The decision underscores key principles about the legacy reputation of a trade mark whose commercial peak has passed, yet which continues to enjoy a residual standing within the relevant market. It also offers guidance on assessing evidence of the step-by-step build-up of reputation for the purposes of Article 8(5) of Regulation ( EU) 2017/1001. This is particularly pertinent for businesses seeking to file new trade marks that resemble earlier signs linked to once best‑selling, emblematic products. The General Court reiterates that the decisive point in time for establishing the reputation of an earlier mark is the date on which the later applicant files its application. It further indicates that a later filer must demonstrate that, at that very moment, the earlier sign experienced an abrupt and significant collapse in...

Public statement and non-public legal letter It revealed the step in a notice on its website, but provided fuller particulars in a private legal letter, seen by MLex, understood to have gone to more than 700 firms. Sony Music said it wished to reaffirm its reservation of all rights in respect of any text and data mining of Sony Music Group content, save where specifically and expressly authorised. Owing to the nature of your operations and publicly available details about your AI systems, we have grounds to believe you and/or your affiliates may already have made unauthorised uses of SMG content for the training, development or commercialisation of AI systems, the letter stated. The company asked developers and streaming companies to either: confirm that neither you nor any affiliate has made any such unauthorised uses; or disclose any such uses, including how the...

What is the TDM copyright exception under the EU DSM Copyright Directive and how does it apply to the use of datasets in generative AI? Generative artificial intelligence depends on extensive volumes of data and content to build its learning capacity, support creativity, and deliver dependable outputs. In such a data-centric environment, text and data mining ( TDM) plays a pivotal role in processing material, uncovering knowledge, and training AI models. Article 2 of the EU DSM Copyright Directive—intended to enhance access to protected works and, in turn, drive research and innovation—defines TDM as any automated analytical method used to analyse text and data in digital form to produce information, including (but not limited to) trends, patterns, and correlations. The Directive’s overarching purpose is to widen access to protected content to stimulate research and innovation, while maintaining a fair equilibrium between the rights and...

In this issue: Data protection and cybersecurity Free movement, immigration, and employment Financial services Energy Environment Insurance and reinsurance IP Regulatory TMT Daily and weekly news alerts New and updated content Trackers Data protection and cybersecurity EU prolongs the temporary Regulation to tackle online child sexual abuse effectively. Regulation ( EU) 2024/1307 of the European Parliament and of the Council of 29 April 2024, amending Regulation ( EU) 2021/1232 on a temporary derogation from certain provisions of Directive 2002/58/ EC concerning the use of technologies by providers of number-independent interpersonal communications services to process personal and other data for the purpose of combating online child sexual abuse, has been published in the Official Journal of the EU. The Regulation took effect on 14 May 2024. See: LNB News 15/05/2024 14. Free movement, immigration, and employment Council of the EU adopts ten legislative acts to comprehensively overhaul the EU asylum and migration system. The Council of the EU has...

How does the EU AI Act define AI systems? Are all AI systems subject to the EU AI Act? The EU AI Act uses the Organisation for Economic Co‑operation and Development ( OECD)’s description of an AI system. It covers machine‑based systems designed to operate with varying levels of autonomy, which may exhibit adaptiveness after deployment, and which, to meet explicit or implicit aims and purposes, infer from the input they receive how to generate outputs—predictions, content, recommendations, or decisions—that can influence physical or virtual environments. The term ‘artificial intelligence ( AI) system’ does not extend to AI models, including so‑called general‑purpose AI ( GPAI) models. In other words, AI models fall outside this definition. ......

The EU's General Court decided on 8 May 2024 that The Not Co Sp A could not obtain a trade mark for its line of nondairy beverages because it didn't take much mental effort for consumers to understand that 'not milk' meant that the drinks lacked dairy products. The court explained that the English-speaking public would instantly and unambiguously take the sign as an informative statement about the drink’s composition and, echoing the board of appeal, concluded that the phrase 'not milk' is descriptive. Not Co had filed for registration in July 2021 covering vegetable drinks and milk substitutes. The mark’s wording appeared vertically, with 'not' in black lettering and 'milk' shown in a light blue shade......

Advocate General Maciej Szpunar stated in a non-binding view that video game developers (in this instance, Sony Computer Entertainment Europe Ltd) should not be permitted to prevent external companies from creating cheat software tools that adjust the manner a game operates, since such tools do not modify the copyright-protected source code. Szpunar rejected Sony’s “illusory” contention that its monopoly over the game code extends to encompass the way in which the game plays out in practice, including effort to prohibit cheat programmes that make the game easier for the user. “ In the same fashion, the author of a detective novel cannot forbid a reader from turning to the end of book to see who the killer is,......

In this issue: EU fundamentals Competition and state aid Corporate Data protection and cybersecurity Free movement, immigration and employment Financial services Energy Environment Insurance and reinsurance IP Life sciences TMT International trade Daily and weekly news alerts New and updated content Trackers EU fundamentals Council of the EU approves two Directives reinforcing equality bodies’ roles across the EU The Council of the EU has confirmed the formal adoption of two Directives intended to enhance the authority of equality bodies across the Union. Under existing EU rules, every Member State must create national equality bodies to handle discrimination cases related to sex and racial or ethnic origin. However, current legislation grants significant flexibility to Member States regarding these bodies’ competences, independence, resources, accessibility and overall...

Open AI faces a complaint alleging a breach of the General Data Protection Regulation ( GDPR) linked to its generative AI chatbot, Chat GPT, lodged by Austrian campaign group Noyb alongside an individual claimant. The data protection organisation, co-founded by data protection activist Max Schrems, asserts Open AI supplied inaccurate details concerning the personal data of a publicly known individual — in this instance, namely his date of birth......