digital economy regulation

The US Department of Justice issued a rule, effective from 8 April 2025, to mitigate national security risks arising from adversarial foreign nations accessing sensitive personal and U.S. government-related data. The rule marks a new stage in US data governance, since the US does not have a federal, comprehensive personal data privacy law.

This report gathers policy and regulatory developments at EU level covered by Cullen International’s Digital Economy and Media services during last week. It also lists events taking place this week.

While the guidelines offer an interpretation of the banned AI use cases, the application of the relevant provisions will require an assessment case by case. The guidelines aim to assist national competent authorities in their enforcement activities and providers and deployers of AI systems in fulfilling their obligations under the AI Act.

This report gathers policy and regulatory developments at EU level covered by Cullen International’s Digital Economy and Media services during last week. It also lists events taking place this week.

The action plan encouraged EU member states to ensure that all operators of submarine cables are covered by the national transposition laws of the Directive on measures for a high common level of cybersecurity across the EU (NIS2). This could also potentially affect operators of submarine cables different from, for example, telecoms operators or online platforms. Moreover, the Commission, together with EU member states and the EU cybersecurity agency (ENISA), will complete the submarine cables security toolbox (similar to the 5G toolbox) by 4Q 2025.

This report summarises key developments related to the transposition of the Directive on measures for a high common level of cybersecurity across the EU (NIS2). To date, only nine member states have adopted legislation to transpose the NIS2.