Understanding Local Regulations

The European Commission has released an extensive and valuable document: the AI Act Service Desk FAQ. This publication brings together over 100 practical questions and answers on how to apply the EU AI Act. Directly based on queries from companies, legal experts and policymakers during the AI Pact webinars. 💡Why this document is so useful It’s an overview and a living document that is continuously updated by the European Commission itself. It clarifies, among other things: ✔️What the AI Act actually regulates and which systems fall under its scope ✔️The implementation timeline up to 2027 ✔️The definitions of AI systems and AI models, including the distinction between general-purpose AI models and AI systems ✔️The obligations for high-risk AI and the rules on prohibited practices ✔️Insights into the General-Purpose AI Code of Practice and the new AI regulatory sandboxes ✔️Even concrete technical thresholds, such as 10²³ and 10²⁵ FLOPs used to classify models with systemic risk. The document was prepared by the European Commission / AI Act Service Desk and currently represents the most reliable interpretative source of the law.

🚨 EU AI Act Handbook (May 2025) By White & Case LLP If you’re working on compliance or policy implementation, this is probably the most comprehensive and current private-sector resource on the EU AI Act yet. 📘 Why it stands out This 117-page handbook isn’t just a summary. It’s a deep, practical interpretation of the EU AI Act, breaking down uncertainty, gray areas, and implementation pitfalls with the clarity you’d expect from seasoned EU law practitioners. It covers: Definitions and role assignments across the value chain Risk classification, including systemic risk for GPAI High-risk AI requirements: logging, risk management, transparency GPAI & foundation model duties – including open-source distinctions Impact on downstream users, importers, and deployers Enforcement timelines and overlapping regulations (like GDPR & DSA) 🔍 What’s fresh This May 2025 edition reflects the final text of the Act and anticipates how courts and regulators might interpret ambiguous provisions. It translates vague mandates into actionable steps for tech companies, SMEs, and legal teams alike. 💬 Quote from the intro “Where the EU AI Act is ambiguous, we aim to be clear. Where it is high-level, we aim to be grounded.” — Tim Hickman, Dr. iur Sylvia Lorenz, Jenna Rennie, Clara Hainsdorf (White & Case) 💡 Why it matters? The EU AI Act doesn’t operate in a vacuum. It collides and overlaps with GDPR, the DSA, and national laws. This handbook gives structure and language to navigate it all – not just for compliance teams, but for product leads and AI governance folks trying to do the right thing in a shifting landscape. === Did you like this post? Connect or Follow 🎯 Jakub Szarmach Want to see all my posts? Ring that 🔔.

Eight countries have adopted legislation implementing CSRD, at least in part, according to the updated Ropes & Gray #CSRD Transposition Tracker. 🇨🇿 Czechia Most of the requirements of the CSRD, including reporting obligations for the companies that have obligations under the current NFRD, have been implemented in the Accounting Act through Act No 349/2023. The proposed law implements the reporting obligations for the remaining groups of companies. 🇩🇰 Denmark The scope is expanded compared to the CSRD, as the rules on #sustainabilityreporting will also include, for example, Danish commercial foundations and limited liability co-operatives. 🇫🇮 Finland Gold-plating in the implementation includes:  1) extension to cover co-operatives, 2) extension of digital format requirements to financial statements, 3)publication of the #sustainability report and financial statements within 6 months. 🇫🇷 France The thresholds for large companies, which were initially set at €20 million for assets and €40 million for turnover, have been increased to €25 million and €50 million, respectively. French companies that are subject to non-financial reporting requirements, while not being public interest entities, are still required to publish a report for 2024 under the previous regime. Limited information relating to sustainability matters not included in the CSRD must be included in the management report. 🇭🇺 Hungary Note that the balance sheet total and net revenue thresholds in the implementation legislation are set in local currency (HUF). The EUR equivalents therefore are slightly different than what is set out in the CSRD. 🇷🇴 Romania Local law proposes lower thresholds (compared to those in the CSRD) by which medium-sized and large entities are defined and therefore subject to reporting requirements. 🇸🇰 Slovakia The Slovak transposition of the CSRD was approved by the Slovak Parliament on April 24, 2024. If the act transposing the CSRD is endorsed by the President, it will come into effect on June 1, 2024. 🇱🇮 Liechtenstein  There is no gold plating. However, as a member of the EEA, EU legal acts must be incorporated into the EEA Agreement in order to become legally binding. Nevertheless, Liechtenstein is transposing the CSRD into national law ahead of the EEA incorporation schedule. It is still unclear whether the Delegated Regulation (EU) 2023/2772 will be implemented at the same time as the Directive or whether its implementation will wait until it is incorporated into the EEA Agreement. Eight countries have proposed legislation and seven have held consultations. #sustainabilityreporting #sustainabilitystandards

Not all EU acts are created equal. Some bind every member state. Others simply suggest. This quick guide cuts through the legal noise, showing what’s mandatory, what’s flexible, and what’s merely advisory. In short: Regulations = uniform law Directives = goals with national flexibility Decisions = binding for addressees only Recommendations and Opinions = guidance, not obligations Examples: 𝑹𝒆𝒈𝒖𝒍𝒂𝒕𝒊𝒐𝒏 Ensures uniform rules across the EU (e.g., MDR 2017/745) 𝑫𝒊𝒓𝒆𝒄𝒕𝒊𝒗𝒆 Harmonizes outcomes while allowing flexibility (e.g., MDD 93/42/EEC) 𝑫𝒆𝒄𝒊𝒔𝒊𝒐𝒏 Used for targeted rulings or authorizations (e.g., Commission Decision of 01/10/2025 declaring a concentration to be compatible with the common market) 𝑹𝒆𝒄𝒐𝒎𝒎𝒆𝒏𝒅𝒂𝒕𝒊𝒐𝒏 Suggests a course of action, encourages compliance (e.g., 2025 European Semester: Country Specific Recommendation / Commission Recommendation - Austria) 𝑶𝒑𝒊𝒏𝒊𝒐𝒏 Expresses an institution’s stance or advice (e.g., Actions/methodology to avoid the build-up of unnecessary reporting obligations)

Many businesses still copy-paste the same data privacy clause into every contract—regardless of which country the client or user is based in. That might be one of the most expensive mistakes they’re making. The UK expects contracts to include GDPR-compliant language: clear consent requirements, data processing purposes, data subject rights, and specific safeguards for international transfers. The US, on the other hand, doesn’t have one federal privacy law like GDPR. Instead, there are state-level laws—most notably the CCPA in California and the newer CPRA—each with different definitions, requirements, and exemptions. A contract written under UK standards might be too strict for US clients. A contract written for US businesses might fall short of UK legal requirements, putting your client in breach of GDPR. I’ve reviewed contracts where: • Privacy clauses only mentioned “personal data” but didn’t define it under either law • Data processors were not clearly distinguished from controllers • Cross-border transfer mechanisms (like SCCs) were missing entirely These aren’t small oversights. They expose both parties to regulatory investigations, fines, and client distrust. If you’re drafting or reviewing agreements between UK and US parties, your data privacy clause must be localized—not assumed. One clause does not fit all. Next in the series: IP ownership. Because in one country, you might not even own the work you paid for. #TransatlanticTraps #UKvsUSContracts #GDPR #CCPA #DataPrivacyLaw #ContractClauses #FreelanceLawyer #LegalCompliance #InternationalContracts #PrivacyClauses

Know your Labour Laws; ⚖️ Termination & Dismissal: Are You Following the Right Procedure? ⚖️ Termination of employment is sometimes necessary, but how it is handled matters. The Employment Code Act No. 3 of 2019 sets clear guidelines for fair dismissal and termination procedures to protect both employers and employees from unfair labor practices. 🔹 What Does the Law Say? Under the Act, termination must be justified, procedurally fair, and in line with employment contracts and labor laws. Key provisions include: Notice Periods: Employers must provide written notice or payment in lieu of notice: ✅One month’s notice for employees on a monthly contract ✅Two weeks’ notice for those on a fortnightly contract ✅One week’s notice for weekly contracts ✅One day’s notice for daily wage earners Valid Grounds for Dismissal: ✅Poor performance (after proper warnings and opportunities for improvement) ✅Misconduct (must be properly investigated with a disciplinary hearing) ✅Redundancy (must follow proper procedures, including consultation and severance benefits) Unfair Dismissal Protections: 🔹Employees cannot be dismissed due to pregnancy, union membership, illness, or whistleblowing. Any dismissal without following due process can be challenged in court, leading to compensation or reinstatement orders. Ensuring Compliance & Fairness Employers must: 🔹Document all performance reviews and warnings before termination. 🔹 Conduct fair disciplinary hearings before dismissing for misconduct. 🔹 Follow redundancy procedures, including severance pay where applicable. 🔹Ensure terminations are not discriminatory or in violation of labor laws. A fair workplace benefits everyone, businesses reduce legal risks, and employees feel secure. Are termination procedures in your workplace legally compliant? Let’s discuss! #Zambia #LabourLaws #FairDismissal #EmploymentRights #HR #WorkplaceFairness #Compliance #LegalObligations

Managing data sovereignty and compliance with diverse international data protection regulations in the context of global data flows and cloud services involves several strategic and technological approaches. Here's how organizations can navigate these challenges: 1. Understanding Local and International Regulations Organizations must first gain a deep understanding of both local and international data protection laws that apply to their operations, such as the GDPR in Europe, PDPL in UAE, KSA, and other regional laws. This knowledge is crucial for developing data handling practices that comply with varying requirements. 2. Data Localization Strategies In some cases, data localization, which involves storing and processing data within the borders of the country where it was collected, can help comply with data sovereignty laws. However, this approach requires careful planning to balance legal compliance with operational efficiency. 3. Privacy by Design Incorporating privacy by design principles into the development and deployment of IT systems ensures that privacy controls are integrated from the outset, rather than being added as an afterthought. This approach is effective in minimizing data privacy risks across borders. 4. Adopting Privacy-Enhancing Technologies (PETs) PETs, such as encryption and anonymization, can protect the privacy of data in transit and at rest, making it safer to transfer data across borders while complying with regulations. 5. Cloud Services and Vendor Management When using cloud services or third-party vendors, organizations should ensure that their partners comply with relevant data protection laws. This might involve negotiating contracts that include strict data handling and privacy clauses. 6. Cross-Border Data Transfer Mechanisms Utilize legal mechanisms for cross-border data transfer, such as SCCs for transfers outside the EU, ensuring that data is protected according to the originating country's standards. 7. Regular Audits and Compliance Checks Conducting regular audits and compliance checks helps identify potential gaps in data protection practices, ensuring ongoing adherence to international dp laws. 8. Employee Training and Awareness Educating employees about the importance of data privacy and the specific regulations affecting the organization is vital. This ensures that all team members are aware of their roles in maintaining compliance. 9. Leveraging Data Management and Governance Tools Investing in data management and governance tools can help organizations map data flows, classify data according to sensitivity, and enforce access controls, all of which are essential for managing data privacy across borders. By combining these strategies, organizations can better manage the complexities of data privacy in a global context, ensuring compliance while maintaining operational efficiency.

💼 Essential Labour Laws Every HR Must Know in a Pvt Ltd Company (India) 📜 As an HR professional, staying updated with labour laws is crucial to ensure compliance and fair treatment of employees. Here are 12 key labour laws that every HR in a Private Limited Company must be aware of: ✅ Code on Wages, 2019 – Salaries must be paid on time (before the 7th of the next month). No unauthorized deductions. ✅ Payment of Wages Act, 1936 – Salary slips are mandatory, and payments should be made via bank transfer or cheque (not cash). ✅ Shops & Establishments Act – Employees can work max 9 hours/day and 48 hours/week. Weekly offs & public holidays are mandatory. ✅ EPF Act, 1952 – Provident Fund (PF) is mandatory for companies with 20+ employees. Employer & employee contribute 12% each. ✅ ESI Act, 1948 – Companies with 10+ employees must provide medical, maternity & disability benefits. ✅ Maternity Benefit Act, 1961 – Women are entitled to 26 weeks of paid maternity leave, with nursing breaks after returning to work. ✅ Payment of Gratuity Act, 1972 – Employees who complete 5+ years of service are eligible for gratuity, payable within 30 days of exit. ✅ Industrial Disputes Act, 1947 – 1-month notice or compensation is required for termination. Mass layoffs need government approval. ✅ POSH Act, 2013 – Companies with 10+ employees must form an Internal Complaints Committee (ICC) to prevent workplace harassment. ✅ Contract Labour Act, 1970 – Companies with 20+ contract workers must register. Contract employees must receive minimum wages & benefits. ✅ Workmen’s Compensation Act, 1923 – Employers must compensate employees for work-related injuries. ✅ Full & Final Settlement – All dues must be cleared within 30 days after resignation. Relieving & experience letters are mandatory. 🔹 Staying compliant with these laws ensures a fair, safe, and legally compliant workplace. HRs, let’s keep our workforce protected and motivated! #HR #LabourLaws #HumanResources #WorkplaceCompliance #EmploymentLaws #HRCompliance #India

Ropes & Gray – in conjunction with leading law firms across Europe – has released a new update of its monthly CSRD Transposition Tracker. The Tracker describes Corporate Sustainability Reporting Directive transposition and other Omnibus activity across the 27 EU member states and 3 EEA EFTA countries. This update includes information and developments as of September 30, and for some countries into October, as well as additional commentary from many of the participating law firms.   Adoption of the “Stop the clock” directive continues, but still has a way to go. Thus far, 12 countries have adopted legislation to implement the “Stop the clock” directive. Another 10 countries have introduced, but not yet adopted, implementing legislation. For further details, see the Tracker.   All eyes are on the European Parliament as its slow slog to finalize its negotiating position on the Omnibus proposal continues. In a vote last week, the Parliament rejected the proposal to enter into Omnibus negotiations on the terms adopted by the Parliament’s Legal Affairs Committee (JURI) on October 13. The Omnibus proposal will now be considered by the Parliament at its next plenary session in mid-November. Members of Parliament may propose further amendments to the text in advance of the vote. Parliament’s negotiating position on the CSRD may therefore change from the October 13 JURI position. This also likely prolongs the uncertainty around the ultimate requirements of the CSRD.   As part of a broader call to action in advance of the Council’s October 23 meeting, the leaders of 19 EU countries sent a letter to the European Council President, calling for among other things swift adoption of CSRD simplification. At the October 23 meeting, the Council reaffirmed the urgent need to pursue the simplification of EU rules and welcomed the progress achieved so far, including on the “Stop the clock” directive. It urged the co-legislators to swiftly conclude remaining Omnibus work.    In the meantime, EFRAG continues to work toward finalizing its European Sustainability Reporting Standards drafts.   To receive updates to the Tracker and other Ropes & Gray ESG, CSR and business and human rights compliance thought leadership, sign up here: https://lnkd.in/eaMB3yc6 Marc Rotter Peter Witschi #CSRD

The plenary debate of the European Parliament on the packaging and packaging waste regulation (PPWR), which took place this afternoon, was marked by a strong division between MEPs. On the one hand, MEPs in favor of the regulation stressed the need to act to reduce the amount of packaging waste produced in Europe. They particularly recalled that the production of packaging waste has increased significantly, much more than economic growth and recycling capacity, and that recycling must be combined with reuse to accelerate the deployment of the circular economy. On the other hand, MEPs opposed to the regulation estimated that it is too ambitious and unrealistic. They particularly emphasized that the regulation would impose heavy constraints on businesses, lead to market fragmentation and could lead to higher prices for consumers. The key negotiation issues for the vote tomorrow include: ❌ The list of single-use packaging to be banned. 👀 Reuse exemptions and derogations. ♻ Deposit return system. 🛠 Other measures such as 📈 overpackaging, 📉 waste reduction targets, 📐 a credit system to facilitate the achievement of recycled content targets, 🧀 the exemption of wooden packaging from recycling obligations (the so-called "Camembert gate"), 🔍 a proposal to certify that recycled plastic materials sold in Europe are indeed recycled, and ➰ the distinction between recycled content targets and bio-based targets. ⁉ The outcome of tomorrow's vote is still uncertain 🔮