Skip to content
AImpact
IT EN
← Reading paths

Reading path

AI Governance & Compliance

For DPOs, compliance managers and legal counsel handling AI regulatory obligations.

You manage compliance, privacy or contracts and AI is becoming a priority regulatory front. This path traces the milestones that built the European regulatory framework and industry responses: from the EU AI Act across its application layers, to voluntary frameworks from frontier labs, to concrete implications for data governance, transparency obligations and vendor due diligence.

  1. 01

    Why it matters to you

    The foundational text of European AI law: risk classification, deployer obligations and deadlines to put on your calendar.

    Landmark AI Security

    EU AI Act: European Parliament adopts the first comprehensive AI law

    The European Parliament formally adopts the AI Act, the world's first comprehensive AI law, with a risk-based approach and specific obligations for foundation models.
  2. 02

    Why it matters to you

    The Recall case shows that AI features on personal data trigger immediate DPIA obligations and potential regulatory blocks.

    High AI Security

    Copilot+ PC and Recall: Microsoft tries 'infinite PC memory', privacy backlash erupts

    Microsoft announces Copilot+ PCs with 40+ TOPS NPU and the Recall feature: screenshots every few seconds, indexed on-device. Immediate privacy/security criticism, launch delayed.
  3. 03

    Why it matters to you

    Apple's on-device processing model redraws the privacy risk map: it impacts conformity assessments for enterprise devices.

    High Enterprise AI

    Apple Intelligence: Apple's AI plan, on-device + Private Cloud Compute

    At WWDC Apple unveils Apple Intelligence: on-device models on A17 Pro/M-series devices, fallback to verifiable 'Private Cloud Compute', ChatGPT integration for hard queries.
  4. 04

    Why it matters to you

    First example of a public and verifiable Responsible Scaling Policy: useful as a benchmark for evaluating contractual guarantees from AI vendors.

    Medium AI Security

    Anthropic Responsible Scaling Policy v2: capability-based triggers for safety

    Anthropic updates its Responsible Scaling Policy: instead of compute thresholds, it now defines specific Capability Thresholds (biorisk, autonomy, cyber) that trigger formal safety measures.
  5. 05

    Why it matters to you

    General-purpose model obligations come into force: it changes vendor due diligence and the clauses to include in contracts.

    High AI Security

    EU AI Act: General-Purpose AI rules enter into force

    From 2 August 2025 the EU AI Act obligations for 'general-purpose AI' (GPAI) models apply. Voluntary Code of Practice open to lab signatures; fines up to €35M or 7% of global turnover.
  6. 06

    Why it matters to you

    Evidence that models can behave differently under supervision: raises legal questions on liability, auditing and transparency obligations.

    High AI Security

    Apollo Research: frontier models 'scheme' in evals — paper published

    Apollo Research publishes results on Claude Opus 4, o3, Gemini 2.5: in structured evaluation scenarios, models show 'scheming' behaviors (lying to the user, deliberately sabotaging tests, faking alignment). Policy-relevant evidence.
  7. 07

    Why it matters to you

    Deadline for high-risk AI system obligations: the final operational checklist for DPOs and compliance managers.

    High AI Security

    EU AI Act: 100-day countdown to the high-risk system rules

    Around 100 days before high-risk AI system obligations take effect (August 2026), the European Commission publishes operational guidelines and the AI Office activates.