- Home
- News & Insights
Search by
Latest
Europe recalibrates: AI copyright and GDPR scope under pressure
Two parallel developments suggest that Europe is drawing clearer boundaries around both AI ownership and data protection. One comes from the Council and the other from a German court, and both signal a more cautious approach toward redefining legal fundamentals in the name of innovation or administrative simplification. 1. Digital omnibus leak: Member States cut the core of the proposed GDPR reform A leaked Council compromise draft removes entirely the proposed redefinition of “personal data” under the GDPR, and that alone underscores how controversial the Digital Omnibus has become. What happened? In November 2025, the European Commission launched the Digital Omnibus, with one of its central ambitions
The Czech Cybersecurity Authority calls upon entities to notify their regulated services
On Monday, 9 February 2026, the Czech National Cyber and Information Security Agency (“Czech Cybersecurity Authority”) issued and dispatched more than 4,800 administrative decisions designating providers of regulated services pursuant to the newly enacted Czech Cybersecurity Act. The expected number of regulated entities, however, exceeds 6,000. In its press release of 11 February 2026, the Czech Cybersecurity Authority called on entities that had not yet done so to submit their notification of regulated services as soon as possible to avoid potential sanctions. Background The new Cybersecurity Act, which transposes the NIS2 Directive into Czech law, came into effect
Europe’s AI rulebook is taking shape, but the technology is not waiting
Artificial intelligence is entering a decisive phase in Europe. Despite the EU’s ambitious AI Act framework, key guidance remains pending while enforcement scrutiny intensifies and AI adoption accelerates. 1. EU AI Act: a strict framework struggling to keep pace While Europe’s ambition to regulate AI is unquestioned, recent developments signal that the legal framework is struggling to keep pace with both the rapid evolution of the technology and its own aspirations. 1.1. Missed Guidance and Growing Uncertainty The European Commission missed a key deadline on 2 February, when it failed to publish a comprehensive list of use cases to help businesses distinguish between high-risk and non-high-risk
Bulgaria’s long road to NIS2 is over
Across most of the European Union, the NIS2 Directive has already become operational reality. Bulgaria’s path to transposition, however, has been materially delayed. The Cybersecurity Act amendments intended to implement the NIS2 Directive were first submitted to the Parliament in September 2024, passed at first reading in February 2025 and reached final adoption in February 2026, with the new framework entering into force on 17 February 2026. This delay has consequences that go beyond the mere legal uncertainty. While Bulgaria was still preparing its implementation framework, in January 2026 the European Commission proposed a new EU cybersecurity package, including amendments to the NIS2 Directive and a draft Regulation
The year of digitalisation and AI in Kazakhstan: New regulations
On 6 January 2026, the President of the Republic of Kazakhstan signed a Decree declaring 2026 the Year of Digitalization and Artificial Intelligence. At present, the legislative framework in this area is actively being developed. For instance, a unified conceptual document on the development of digitalisation and artificial intelligence, Digital Qazaqstan, in which all initiatives and projects will be combined into a nationwide strategy is currently being developed. The Law on Artificial Intelligence No. 230-VIII entered into force on 18 January 2025 (the "Law"), and the Digital Code of the Republic of Kazakhstan will take effect on 11 July 2026. There is also ongoing work to align existing legislative acts with the Digital
Protecting children in the digital space
The protection of children in the digital environment has become one of the most important regulatory topics worldwide. While this area is currently addressed primarily through broad regulatory frameworks (e.g., the GDPR and DSA), combined with parental oversight and voluntary platform policies, governments are now reassessing how digital services, platforms, and technologies affect minors. Importantly, the digital protection of minors is no longer confined to social networks. It now extends to gaming platforms, online monetisation models, algorithmic design, and AI-driven services, reflecting the reality of how children interact with today’s digital ecosystem. Global regulatory developments We see a growth
Kinstellar advises Entez on the acquisition of Superpont, a leading Romanian iGaming affiliate
Kinstellar has recently provided legal assistance to Entez, a prominent iGaming affiliate company based in Riga, Latvia, on the acquisition of Superpont CT, a Romanian sports and casino affiliate. Entez is a highly regarded entity within the iGaming sector, renowned for its strategic role in connecting some of the world's leading gambling operators. Established in 2018 and headquartered in Riga, Latvia, Entez has experienced sustained growth and expanded its operations across multiple European markets. Notably, Entez has cultivated a robust presence in the Baltic region, where it has gained significant market traction. As part of its ongoing expansion strategy, Entez remains committed to exploring further growth opportunities
New pressure, new delays: the EU’s double move on AI
Europe has just introduced two significant developments that will directly affect how companies build, deploy, and oversee AI in 2026. One strengthens reporting. The other reshapes key compliance deadlines. 1. The AI act whistleblower tool is live—and it changes the game The EU’s new AI Act Whistleblower Tool is officially online, allowing any individual professionally connected to an AI model provider to flag risky or unlawful practices linked to general-purpose AI models and certain regulated AI systems. Reports can be submitted anonymously, in any EU language together with supporting documents via a secure inbox that also supports follow-up questions. While the AI Office will maintain strict
ISS & Glass Lewis – The end of standardised proxy voting recommendations?
For years, proxy advisors Institutional Shareholder Services (“ISS”) and Glass Lewis & Co. (“Glass Lewis”) have shaped voting behaviour at annual general meetings (“AGMs”) of publicly listed companies, including in Austria, through their uniform “benchmark” voting recommendations. This approach, it appears, will soon be history. What’s new Beginning in 2027, Glass Lewis will discontinue its long-standing practice of issuing single, default “benchmark” voting recommendations and instead collaborate with institutional clients to create fully customised voting policies supported by company-specific research reports ahead of AGMs. Glass Lewis aims to have all clients transitioned
NIS2 and the New Serbian Law on Information Security
The Republic of Serbia has adopted a new Law on Information Security (Zakon o informacionoj bezbednosti) (“Serbian NIS2”), marking a significant reform of the national cybersecurity framework and alignment with the EU NIS2 Directive. The Serbian NIS2 broadens the range of regulated entities, strengthens institutional coordination, and introduces clearer obligations for organisations operating ICT systems of special importance. Secondary legislation is expected in 2025–2026, and the previous law remains partially applicable until the end of 2025 to secure continuity during the transition period. This article provides an overview of the key novelties introduced by the Serbian NIS2, together with an outline of the
Bulgaria completes Digital Services Act implementation
Nearly two years after the Digital Services Act (“DSA”) became applicable across the EU and amidst discussions on the “Digital Omnibus” simplification package announced by the European Commission, Bulgaria has finally aligned its national framework with DSA provisions. On 6 November 2025, the Bulgarian parliament adopted amendments to the Electronic Communications Act (“ECA”), confirming the designation of the Communications Regulation Commission (“CRC”) as the Digital Services Coordinator, vesting it with supervisory powers and the authority to certify out-of-court dispute settlement bodies and award trusted flagger and vetted researcher status, while also introducing comprehensive enforcement architecture.
GDPR x AI: When privacy meets machine intelligence
As Europe moves ahead with the AI Act, the European Commission has made clear that there will be “no stop the clock, no grace period, and no pause”, despite calls from major tech players such as Google, Meta, Mistral, and ASML to delay implementation. The timeline remains firm: core provisions apply from February 2025, general-purpose model rules from August 2025, and high-risk AI obligations from August 2026. The message is clear: the Commission intends to keep its ambitious AI timeline on track, while it looks to streamline other digital obligations for companies. Against this backdrop, the GDPR may also be entering a new chapter. Nearly seven years after its adoption, a leaked draft of the Digital Omnibus package