An AI risk assessment is the process of mapping where risks emerge during the lifecycle of an AI system, classifying them by severity and probability, and prioritizing which ones to mitigate first, all within the compliance framework imposed by the EU AI Act.
On 17 September 2025, the Italian Senate approved a landmark law on artificial intelligence (AI), making Italy the first EU country to enact a national law specifically regulating AI while aligning with the EU AI Act.
The Italian gambling licence tender has reached a decisive moment on 17 September 2025 when the Italian gambling authority, the Customs and Monopolies Agency (ADM) officially admitted 46 operators to Stage 2 of the online gambling licence application process.
Creating an AI committee within a company’s governance framework on the usage of artificial intelligence is no longer a luxury, it is a necessity.
The Spanish gambling regulator, the General Directorate on Gambling Affairs (DGOJ), has released a draft resolution — now under public consultation — introducing a standardized system for monitoring risk gambling behaviors.
AI governance is no longer an abstract concept—it has become a core business necessity. In the latest episode of our podcast Legal Leaders Insights, I had the privilege of speaking with Emerald De Leeuw-Goggin, Global Head of AI Governance & Privacy at Logitech, about how companies can balance innovation with compliance in one of the fastest-evolving areas of law and technology.
The Advocate General of the European Court of Justice (CJEU) issued its opinion on claims for gambling losses in Case C-440/23, FB v. European Lotto and Betting Ltd and Deutsche Lotto Und Sportwetten Ltd, holding that consumers may bring actions to recover gambling losses under national law.
The EU–U.S. Data Privacy Transfer Framework (DPF) has survived its first legal attack, as the EU General Court dismissed a French MEP’s challenge seeking annulment of the adequacy decision enabling transatlantic personal data transfers.
The upcoming "Schrems III case" on 3 September 2025 could invalidate the EU–US Data Privacy Framework (DPF), once again disrupting data transfers between the European Union and the United States and forcing businesses to fall back on alternative solutions such as the Standard Contractual Clauses and Transfer Impact Assessments creating a potential panic moment for many businesses.
