Embedded Files
AI Act Classification Starts With Visibility
AI Act Classification Starts With Visibility
AI Governance | Operational Accountability | EU AI Act
March 2026
The EU AI Act is now in force. Not all obligations apply yet, and implementation timelines remain uncertain across member states. But organisations still face a practical question: how should they begin thinking about compliance?
Don't panic, Moltbot is totally fine...
Don't panic, Moltbot is totally fine...
AI Governance | Operational Risk | AI Deployment
February 2026
Open source software (OSS) is meant to allow developers to build, create, and chase their curiosity. The real issue with OSS lies in the fact that security ≠ privacy. While it is necessary for privacy compliance, security alone is not sufficient...
International transfers and defensible decisions
International transfers and defensible decisions
International Transfers | Vendor Governance | Privacy Compliance
January 2026
Transferring data is inherently risky. EU and UK privacy laws don’t require your business to be omniscient. But if your position isn’t defensible, the decision becomes harder to defend...
Podcast: AI Governance explained: How law firms can stay compliant without slowing down
Podcast: AI Governance explained: How law firms can stay compliant without slowing down
AI Governance | Regulatory Strategy
January 2026
I sit down with Rok Ledinski of MPL Legal Tech Advisors to discuss AI governance, privacy risk, and cross-border regulation. We discuss AI not being a silver bullet, California vs EU AI rules, shadow AI, bias, dark patterns, and how firms should define purpose, risk tolerance, and governance before adopting AI.
The CJEU and Russmedia: Clarifying Platform Responsibility under the GDPR
The CJEU and Russmedia: Clarifying Platform Responsibility under the GDPR
Platform Governance | Digital Regulation | GDPR
December 2025
It might not be a white Christmas, but the CJEU’s recent decision in the Russmedia case has certainly removed a critical grey zone from GDPR compliance and closed off a long-relied-upon neutrality argument derived from the e-Commerce Directive.
Journal publication: Purpose before tool
Journal publication: Purpose before tool
AI Governance | Operational Strategy | Responsible AI
November 2025
This article published in the International Compliance Association's journal inCOMPLIANCE focuses on the decision point before implementation, helping compliance leaders evaluate whether an AI tool is truly needed based on corporate, strategic, and regulatory needs, and if so, how to ground its adoption in clear principles.
Caught red-handed
Caught red-handed
Biometric Data | Privacy Compliance | Accountability
October 2025
It isn’t new. But it is risky. Biometric data sits in the highest-risk category of personal data, called special category under GDPR, and sensitive information elsewhere. In the UK, EU, and some other big jurisdictions (like Texas and Illinois), obligations are heightened when it comes to how businesses obtain and use such information.
Journal publication: Untangling the AI knot
Journal publication: Untangling the AI knot
AI Governance | International Regulation | Operational Clarity
September 2025
This article published in the International Compliance Association's journal inCOMPLIANCE focuses how governments grapple with uncertainty and how both safety and innovation are driving yet competing forces, resultilng in a highly complex regulatory dynamic.
Report abuse