Articles, sector deep-dives, regulation comparisons, and high-demand topical briefings. One search. Every jurisdiction.
BRIEFING
AI Act
Non-EU AI providers need an authorised representative under Articles 22 to 25. What the representative must do, liability, and the documentation to hold.
BRIEFING
AI Act
Step-by-step guide to AI Act conformity assessment under Articles 40-43, including notified body requirements and technical documentation.
BRIEFING
AI Act
AI Act penalty structure compared across EU member states, with GDPR enforcement precedents showing likely fine levels by violation type.
BRIEFING
AI ActGDPR
Guide to AI Act fundamental rights impact assessment (FRIA) under Article 27, comparing with GDPR DPIA and covering deployer obligations.
BRIEFING
AI Act
GPAI model obligations under EU AI Act Articles 51-56, including systemic risk classification and transparency requirements for frontier models.
BRIEFING
AI Act
Check whether your AI system is high-risk under the EU AI Act: the 8 Annex III categories and the Article 6 test. Free corpus search.
BRIEFING
AI Act
Comprehensive list of high-risk AI systems under EU AI Act Annex III, including biometrics, recruitment, credit scoring, and law enforcement uses.
BRIEFING
AI Act
Article 50 makes chatbot deployers disclose AI at first contact from 2 August 2026. What to label, who is exempt, how to comply. Free check.
BRIEFING
AI ActGDPR
How AI Act Article 14 and GDPR Article 22 interact for automated decisions, with enforcement cases from 9+ EU countries.
BRIEFING
AI Act
Which EU AI Act duties hit on 2 August 2026? Article 50 transparency applies; Annex III high-risk provisionally moves to 2 Dec 2027. Free check.
COMPARISON
AI ActCRA
For a compliance director tracking vendor conformity across regulations: the Cyber Resilience Act (Regulation (EU) 2024/2847) was published in November 2024 and the substantive obligations apply from …
COMPARISON
AI ActData Act
AI Act and Data Act both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the tw…
COMPARISON
AI ActData Governance Act
AI Act and Data Governance Act both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref bet…
COMPARISON
AI ActDMA
AI Act and DMA both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two in …
COMPARISON
AI ActDORA
DORA has been live since 17 January 2025 for all financial entities in scope. The AI Act overlays on top, primarily through Annex III §5(b) creditworthiness and §5(c) life-and-health insurance pricing…
COMPARISON
AI ActDSA
AI Act and DSA both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two in …
COMPARISON
AI ActePrivacy Directive
AI Act and ePrivacy Directive both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref betw…
COMPARISON
AI ActNIS2
The AI Act and NIS2 do not conflict — they are cumulative. NIS2 governs the cybersecurity and operational resilience of essential and important entities. The AI Act governs the AI systems those entiti…
COMPARISON
Data ActDORA
Data Act and DORA both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two …
COMPARISON
Data ActGDPR
Data Act and GDPR both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two …
COMPARISON
Data ActNIS2 Directive
Data Act and NIS2 Directive both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref betwee…
COMPARISON
Data Governance ActDORA
Data Governance Act and DORA both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref betwe…
COMPARISON
Data Governance ActGDPR
Data Governance Act and GDPR both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref betwe…
COMPARISON
Data Governance ActNIS2 Directive
Data Governance Act and NIS2 Directive both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level cros…
COMPARISON
DMADORA
DMA and DORA both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two in th…
COMPARISON
DMAGDPR
DMA and GDPR both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two in th…
COMPARISON
DMANIS2 Directive
DMA and NIS2 Directive both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the…
COMPARISON
DORAAI Act
A financial entity deploying high-risk AI is now in scope of two parallel EU regimes. DORA (Regulation (EU) 2022/2554, in force 17 January 2025) governs ICT risk for the financial sector. The AI Act (…
COMPARISON
DORADSA
DORA and DSA both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two in th…
COMPARISON
DORAePrivacy Directive
DORA and ePrivacy Directive both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref betwee…
COMPARISON
DORAGDPR
DORA and GDPR both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two in t…
COMPARISON
DSAGDPR
DSA and GDPR both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the two in th…
COMPARISON
DSANIS2 Directive
DSA and NIS2 Directive both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref between the…
COMPARISON
ePrivacy DirectiveGDPR
ePrivacy Directive and GDPR both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level crossref betwee…
COMPARISON
ePrivacy DirectiveNIS2 Directive
ePrivacy Directive and NIS2 Directive both apply across European business activity, but they were drafted at different times with different policy goals. This page summarises every article-level cross…
COMPARISON
GDPRAI Act
GDPR (Regulation (EU) 2016/679) and the AI Act (Regulation (EU) 2024/1689) both apply, in parallel, to any AI system processing personal data of EU residents. Neither replaces the other. The AI Act ex…
COMPARISON
GDPRNIS2
GDPR and NIS2 do not duplicate each other and they do not displace each other. GDPR governs the protection of personal data wherever it is processed; NIS2 governs the cybersecurity and operational res…
COMPARISON
NIS2DORA
DORA is lex specialis for financial-entity cybersecurity. NIS2 Article 4 explicitly carves financial entities out of the NIS2 substantive cybersecurity and incident-reporting obligations where DORA co…
SECTOR
AI ActGSRType-Approval
Automotive AI is high-risk through Annex I, not Annex III. The General Safety Regulation (Regulation (EU) 2019/2144) and the type-approval framework (Regulation (EU) 2018/858) are listed in AI Act Ann…
SECTOR
AI ActNIS2CER
Annex III §2 captures AI used as a safety component in the management and operation of critical digital infrastructure, road traffic, and the supply of water, gas, heating, and electricity. The framin…
SECTOR
AI ActDORAGDPR
Two of the three Annex III §5 categories sit in financial services: creditworthiness (§5(b)) and life-and-health insurance pricing (§5(c)). Both are high-risk by default. Fraud detection is explicitly…
SECTOR
AI ActMDRGDPR
AI used in clinical decision-making is almost always high-risk under the EU AI Act. There are two paths: the device path under Annex I (an AI system that is, or is a safety component of, a medical dev…
SECTOR
AI ActSolvency IIGDPR
Annex III §5(c) is precise: it covers life and health insurance pricing and risk assessment. Property, motor, travel, and other non-life lines sit outside §5(c). The boundary moves with telematics and…
SECTOR
AI ActLEDGDPR
Law-enforcement AI is the most heavily regulated category in the AI Act. Article 5 prohibits the most intrusive uses outright, Annex III §1 / §6 / §7 imposes the high-risk regime on what remains, and …
SECTOR
AI ActGDPR
Recruitment AI is one of the cleanest applications of the high-risk regime: anything that screens, ranks, scores, or selects candidates is captured by Annex III §4(a). Anything that allocates tasks, m…
TOPICAL
AI Act
AI Act Article 17 is the QMS clause for providers of high-risk AI systems. It is not a one-off artefact but a running governance system that documents design, development, testing, validation, modific…
TOPICAL
AI Act
AI Act Article 70 sets out the national supervisory architecture for the Regulation. Each Member State must designate at least one notifying authority and at least one market surveillance authority, c…
TOPICAL
AI Act
Annex VI is the internal-control conformity-assessment procedure. It is the default route for almost every Annex III high-risk system except biometric identification (§1, where Annex VII third-party a…
TOPICAL
AI Act
Yes, provisionally. Council presidency and European Parliament negotiators reached a provisional agreement on the Digital Omnibus on 7 May 2026. It amends Article 113 of the AI Act to move the substan…
TOPICAL
AI ActGDPRDSA
The AI Act regulates deepfakes through one article — Article 50 — across three different actors. Providers must mark synthetic output. Deployers must disclose. Platforms hosting deepfake content sit a…
TOPICAL
AI Act
The AI Act's Article 2 looks generous on first reading. It excludes military AI, scientific R&D, personal use and pre-market testing. Open-source GPAI models get partial relief under Article 53(2). SM…
TOPICAL
AI Act
A general-purpose AI model is, under Article 3(63) of the AI Act, an AI model "trained with a large amount of data using self-supervision at scale, that displays significant generality and is capable …
TOPICAL
AI ActGDPRDSADMA
Article 99 of the AI Act sets three EU-wide penalty ceilings. Underneath them sit eight obligation buckets. The bucket determines the tier; the tier determines the ceiling; the ceiling is the higher o…
TOPICAL
AI ActDORANIS2 Directive
Articles 72 and 73 of the AI Act split the post-market regime in two. Article 72 obliges providers to design, document and run a monitoring system across the lifetime of every high-risk AI system on t…
TOPICAL
AI ActGDPR
Article 5(1)(c) of the AI Act prohibits "the placing on the market, the putting into service, or the use of AI systems for the evaluation or classification of natural persons or groups of persons over…
TOPICAL
AI Act
Update, 7 May 2026: the Digital Omnibus provisional agreement moves Annex III high-risk obligations to 2 December 2027 and Annex I embedded systems to 2 August 2028, pending formal adoption; until Off…
TOPICAL
AI ActGDPR
Article 50 of the AI Act sits in its own band — neither prohibited (Article 5) nor high-risk (Articles 6–27), but a horizontal transparency layer that catches systems the regulator decided users have …
TOPICAL
AI ActGDPRNIS2DORADMAePrivacy Directive
The Digital Omnibus trilogue collapsed on 28 April 2026 over Annex I architecture disputes, then closed: negotiators reached a provisional agreement on 7 May 2026. Annex III high-risk obligations move…
TOPICAL
AI Act
Article 99 sets three statutory tiers for administrative fines, plus a separate regime for GPAI providers under Article 101. Each tier is expressed as the higher of an absolute amount and a percentage…
TOPICAL
AI Act
Provider and deployer are the two principal roles in the AI Act. The provider develops the AI system and places it on the market; the deployer uses the system in operation. Article 16 sets the provide…
TOPICAL
AI Act
Article 9 sets up the spine that holds the rest of the high-risk regime together. It is a continuous, iterative, lifecycle risk-management system — not a one-off pre-market exercise. Articles 10 (data…
TOPICAL
AI Act
Annex IV is the contents specification for the technical documentation that every high-risk AI system must have. It is nine numbered sections that map onto Articles 9 through 15, plus the post-market …
TOPICAL
NIS2 Directive
3 NIS2 Directive obligations carry 17 April 2025 as their deadline. This page lists them grouped by sector with article references and the action each obligation requires — extracted verbatim from the…
TOPICAL
AI Act
4 AI Act obligations carry 2 August 2025 as their deadline. This page lists them grouped by sector with article references and the action each obligation requires — extracted verbatim from the Regulat…
TOPICAL
AI Act
6 AI Act obligations carry 2 August 2028 as their deadline. This page lists them grouped by sector with article references and the action each obligation requires — extracted verbatim from the Regulat…
TOPICAL
DORA
3 DORA obligations carry 17 January 2024 as their deadline. This page lists them grouped by sector with article references and the action each obligation requires — extracted verbatim from the Regulat…
TOPICAL
NIS2 Directive
5 NIS2 Directive obligations carry 17 January 2025 as their deadline. This page lists them grouped by sector with article references and the action each obligation requires — extracted verbatim from t…
TOPICAL
DORA
7 DORA obligations carry 17 July 2024 as their deadline. This page lists them grouped by sector with article references and the action each obligation requires — extracted verbatim from the Regulation…
TOPICAL
GDPR
5 GDPR obligations carry 25 May 2018 as their deadline. This page lists them grouped by sector with article references and the action each obligation requires — extracted verbatim from the Regulation.…
TOPICAL
AI Act
3 AI Act obligations carry 2 November 2024 as their deadline. This page lists them grouped by sector with article references and the action each obligation requires — extracted verbatim from the Regul…
TOPICAL
NIS2 Directive
3 NIS2 Directive obligations carry 17 October 2024 as their deadline. This page lists them grouped by sector with article references and the action each obligation requires — extracted verbatim from t…
TOPICAL
NIS2 Directive
5 NIS2 Directive obligations carry 17 October 2027 as their deadline. This page lists them grouped by sector with article references and the action each obligation requires — extracted verbatim from t…
TOPICAL
DORA
DORA Article 9 is the protection-and-prevention pillar of the ICT risk-management framework for financial entities. It is continuous: every row uses continuous tense — monitor, deploy, design and proc…
TOPICAL
DORA
DORA sets 13 obligations that apply to central securities depositories. This page lists them with article references, obligated-entity language, and penalties — extracted verbatim from the Regulation,…
TOPICAL
DORA
DORA sets 255 obligations that apply to financial services. This page lists them with article references, obligated-entity language, and penalties — extracted verbatim from the Regulation, not paraphr…
TOPICAL
DORA
DORA sets 5 obligations that apply to ICT services. This page lists them with article references, obligated-entity language, and penalties — extracted verbatim from the Regulation, not paraphrased.
U…
TOPICAL
DORA
DORA sets 16 obligations that apply to critical ICT third-party providers. This page lists them with article references, obligated-entity language, and penalties — extracted verbatim from the Regulati…
TOPICAL
GDPR
GDPR Article 58 is the powers and duties article for national supervisory authorities — the article a compliance director at a payment institution, EMI, fintech or insurer needs when a data protection…
TOPICAL
AI Act
A major ICT incident at a payment institution triggers up to three EU reporting regimes at once. DORA Article 19 (with RTS (EU) 2025/301) demands an initial notification within 4 hours of classifying …
TOPICAL
NIS2 Directive
NIS2 Article 14 sets up the Cooperation Group, the EU body that coordinates Member State cybersecurity policy under the Directive. The Group is composed of Member States, the Commission, and ENISA, an…
TOPICAL
NIS2 Directive
NIS2 Article 32 sets out the supervisory and enforcement powers Member States must give competent authorities over essential entities, and requires those measures to be effective, proportionate, and d…
TOPICAL
NIS2 Directive
NIS2 Article 33 sets out a lighter, ex post supervisory regime for important entities. Competent authorities must take action when there is evidence of non-compliance, and the measures imposed must be…
TOPICAL
NIS2 Directive
NIS2 Article 7 obligates each Member State to adopt a national cybersecurity strategy that sets out the strategic objectives, resources, and policy measures needed to achieve a high common level of cy…
ARTICLE 5
AI Act
This article bans specific AI practices that manipulate or exploit individuals, including systems using subliminal or deceptive techniques to distort decision-making, or those exploiting vulnerabiliti…
ARTICLE 6
AI Act
This article establishes the criteria for classifying AI systems as high-risk. An AI system is considered high-risk if it functions as a safety component of a product or is itself a product covered by…
ARTICLE 7
AI Act
The Commission may amend Annex III by adding or modifying high-risk AI use cases if they are intended for areas listed in Annex III and pose risks to health, safety, or fundamental rights equivalent t…
ARTICLE 9
AI Act
Providers of high-risk AI systems must establish, implement, document, and maintain a continuous risk management system throughout the AI system's lifecycle. This system requires regular reviews and u…
ARTICLE 10
AI Act
Providers of high-risk AI systems must ensure training, validation, and testing datasets meet strict quality criteria, including relevance, representativeness, and completeness. They must implement ro…
ARTICLE 11
AI Act
Providers of high-risk AI systems must prepare and maintain detailed technical documentation before placing the system on the market or putting it into service. This documentation must demonstrate com…
ARTICLE 13
AI Act
This article requires providers of high-risk AI systems to ensure their systems are sufficiently transparent for deployers to interpret outputs and use them correctly. Providers must supply clear, acc…
ARTICLE 14
AI Act
This article requires providers of high-risk AI systems to design them with human oversight capabilities, ensuring natural persons can effectively monitor and intervene during use. The oversight must …
ARTICLE 15
AI Act
This article requires providers of high-risk AI systems to design and develop their systems to achieve appropriate levels of accuracy, robustness, and cybersecurity, ensuring consistent performance th…
ARTICLE 16
AI Act
This article sets out the core obligations for providers of high-risk AI systems. Providers must ensure their systems comply with the requirements outlined in Section 2 of the AI Act, including risk m…
ARTICLE 17
AI Act
Providers of high-risk AI systems must establish and maintain a documented quality management system to ensure compliance with the AI Act. The system must cover regulatory compliance strategies, desig…
ARTICLE 22
AI Act
Providers of high-risk AI systems established outside the EU must appoint a written mandate for an authorised representative within the Union before placing their systems on the market. The authorised…
ARTICLE 26
AI Act
Deployers of high-risk AI systems must use these systems strictly according to the provider's instructions and ensure human oversight is assigned to competent personnel with adequate training and auth…
ARTICLE 27
AI Act
Deployers of high-risk AI systems that are public bodies or private entities providing public services must conduct a Fundamental Rights Impact Assessment before deploying such systems. The assessment…
ARTICLE 40
AI Act
This article establishes that high-risk AI systems or general-purpose AI models compliant with harmonised standards published in the Official Journal are presumed to meet the relevant requirements of …
ARTICLE 41
AI Act
The Commission may adopt implementing acts to establish common specifications for high-risk AI systems or general-purpose AI models when harmonised standards are not delivered, insufficient, or non-co…
ARTICLE 42
AI Act
This article establishes two presumptions of conformity for high-risk AI systems. First, systems trained and tested on data representative of their intended operational context are presumed to meet th…
ARTICLE 43
AI Act
Providers of high-risk AI systems listed in Annex III must follow specific conformity assessment procedures to demonstrate compliance with regulatory requirements. For systems in Annex III, point 1, p…
ARTICLE 50
AI Act
Providers and deployers must ensure users are informed when interacting with AI systems, unless it is obvious from the context. AI systems generating synthetic content (e.g., deepfakes) must clearly l…
ARTICLE 99
AI Act
This article requires EU Member States to establish and enforce penalties for violations of the AI Act, ensuring they are effective, proportionate, and dissuasive. Fines may reach up to 35 million EUR…
No briefings match the current filters.