CJEU Overturns Ruling in OC v Commission Over OLAF Press Release: In case T-384/20 (OC v Commission), the EU’s highest court annulled part of the General Court’s judgment, finding that a press release from OLAF potentially disclosed personal data because recipients might reasonably identify the subject using external means. The court held that the mere fact that additional information is needed for identification does not exempt data from protection, and that the earlier ruling wrongly ignored identification through outside sources. The case is sent back to the General Court to reassess noncontractual liability, considering the presumption of innocence and right to good administration.  

Stuttgart Court Rules “Free” Apps Can Use Data Without Calling It “Price”: The Higher Regional Court of Stuttgart (OLG) held that apps such as Lidl Plus may lawfully be called “free” even if users pay by providing personal data, because the handover of data does not legally count as a “price” for the service. The court rejected arguments that labeling the app as “free” is misleading in light of underlying data processing obligations. This decision may offer firms more leeway in how they present services with data-based value exchange. 

Belgian DPA Warns Controller After Exposing Hundreds of Emails in Survey Message: In February 2025, a controller sent a satisfaction survey email showing around 450 recipients’ addresses in the CC field, exposing their data. The controller argued the breach was a one-off employee mistake that went against internal procedures, while its own risk assessment concluded no need for formal notification. The Belgian DPA found insufficient technical and organizational measures, issued a warning for violations of Articles 5(1)(f), 25, and 32 GDPR, and gave the controller a chance to correct compliance before a final decision. 

Sateliot Achieves First Orbital 5G IoT Transmission: Sateliot successfully sent a 5G signal from its low-Earth orbit (LEO) satellite directly to a standard commercial IoT device, marking a first in seamless satellite-to-device connectivity. The test used Nordic’s nRF9151 module without requiring any hardware changes, demonstrating full interoperability between terrestrial cellular networks and spaceborne infrastructure. The achievement is seen as a major milestone in expanding global IoT coverage into remote and previously unreachable areas. 

Most Telcos Now Under Siege from Salt Typhoon-Style Attacks: According to a Nokia cybersecurity report, about 63 % of telecom operators were targeted last year with “living off the land” attacks, where malicious actors infiltrate using existing tools and evade detection over long periods. Nearly one third of telcos faced at least four such attacks in the same timeframe. While Salt Typhoon is the most notorious example of this class of advanced persistent threat, traditional DDoS attacks also continue to grow in scale and frequency.  

Ericsson and Telstra Join Forces to Push Autonomous Networks: Ericsson and Telstra have launched a collaboration to accelerate the adoption of autonomous networks, focusing on bridging business intent and network execution. Their joint efforts will include developing a “knowledge plane” driven by AI, creating intent translation frameworks, and promoting trustworthy, transparent AI decision-making. They plan to validate ideas via a Technology Lab and real-world proof points, with the aim of shaping industry standards and demonstrating operational autonomy in telecom networks. 

Sweden Proposes National Adjustments to EU AI Act to Ensure Safe Use and Innovation: The Swedish Government’s inquiry SOU 2025:101 outlines national legislative adaptations to the EU AI Act, aiming to ensure safe AI usage, effective oversight, and support for innovation ahead of the regulation’s full application in August 2026. The proposal includes a new law and ordinance, a system of eleven market surveillance authorities led by the Post and Telecom Authority (PTS), and the establishment of a regulatory sandbox for AI development. It also introduces rules on sanctions, confidentiality, and data-sharing, with specific provisions for high-risk AI systems and Sweden’s active participation in EU-level AI governance. 

AI Sweden Develops Privacy-Preserving AI to Tackle Financial Crime and Data Leaks: AI Sweden has launched innovative research projects like LeakPro and Federated Machine Learning in Banking to help banks detect money laundering while preserving customer privacy. These methods, including FedLap+, enable secure collaboration across institutions without violating data protection laws. The work has earned recognition at top AI conferences and supports the EU’s AI Act by offering practical tools for responsible AI deployment. 

Global Data Protection Authorities Unite to Promote Privacy-Friendly AI Development: Twenty data protection authorities, including Sweden’s IMY, have issued a joint statement supporting the development of AI technologies that respect privacy and fundamental rights, signed during the Global Privacy Assembly in Seoul. The statement emphasizes legal clarity for personal data processing in AI, encourages innovation through regulatory sandboxes, and calls for cross-sector collaboration with consumer protection, competition, and copyright authorities. Originally initiated by authorities in the UK, Ireland, France, South Korea, and Australia, the declaration reflects a shared commitment to guiding AI innovation in a way that safeguards individual privacy. 

Swedish Financial Supervisory Authority Adds 40 New Entities to Warning List for Fraudulent Financial Activity: Finansinspektionen (FI) has issued a warning against 40 new entities that lack authorization to offer financial services in Sweden, many of which deceive consumers with fake loans and investment schemes. These actors often approach individuals via social media or offer loans without credit checks, and once payments are made, the funds are unrecoverable; FI also highlights the rise of “recovery rooms” — scams that target previous fraud victims with false promises of restitution. FI urges consumers to verify companies through its official register and avoid offers that seem too good to be true, as the warning list is continuously updated and shared internationally via IOSCO’s database. 

ENISA Releases 2025 Cyber Threat Landscape Report Highlighting Risks to EU Critical Infrastructure: The European Union Agency for Cybersecurity (ENISA) has published its 2025 Threat Landscape report, analyzing 4,875 incidents and revealing that DDoS attacks—primarily driven by hacktivism—accounted for 77% of all cases, while ransomware remains the most impactful threat to EU entities. The report identifies phishing and vulnerability exploitation as the leading intrusion methods, with growing convergence between threat actors and increased abuse of digital dependencies, especially in public administration, transport, and financial sectors. ENISA also warns of rising AI-enabled threats, including Phishing-as-a-Service and attacks on the AI supply chain, urging organizations to prioritize resilience and cross-sector collaboration to protect essential services under the NIS2 Directive. 

Google Uncovers BRICKSTORM Espionage Campaign Targeting Legal and Tech Sectors: Google’s Threat Intelligence Group has identified a stealthy cyber espionage campaign known as BRICKSTORM, attributed to China-nexus threat actor UNC5221, which has targeted legal services, SaaS providers, and tech firms in the U.S. since March 2025. The campaign uses modified backdoors on network appliances that evade traditional endpoint detection tools, enabling persistent access for an average of 393 days while collecting sensitive data and potentially aiding in the development of zero-day exploits. Google urges organizations—especially those in legal and tech sectors—to reassess their threat models and use newly released detection tools to hunt for BRICKSTORM activity and protect against long-term infiltration. 

Sweden Proposes Legal and Technical Reforms to Combat Illegal IPTV: The Swedish government has presented SOU 2025:100, a comprehensive proposal aimed at curbing the widespread use of illegal IPTV services. It proposes criminalizing private use, introducing harsher penalties, and designating the Patent and Market Court as the exclusive venue for related cases. The initiative also explores live blocking technologies, inspired by international models, and emphasizes cross-agency cooperation involving the police, tax authorities, and industry stakeholders. The final report is due by 28 February 2025, with proposed laws expected to take effect by 1 July 2026. 

Anthropic Faces Copyright Claims Over AI-Generated Song Lyrics: A U.S. federal judge has ruled that Anthropic must face claims from music publishers alleging its AI model, Claude, contributed to copyright infringement by allowing users to generate protected song lyrics. The court found plausible allegations that Anthropic knew about the infringing activity, profited from it, and removed copyright management information, supporting claims of contributory and vicarious infringement under the DMCA. This case, brought by Universal Music and Concord Music Group, highlights growing legal risks for AI developers whose tools may facilitate unauthorized use of copyrighted content, with implications for firms advising clients in media, tech, and IP law. 

EU Seizes €3.8 Billion Worth of Counterfeit Goods in 2024, Highlighting Risks to IP-Intensive Industries: In 2024, EU authorities seized over 112 million counterfeit items valued at €3.8 billion, marking the second-highest annual total and reflecting a shift toward higher-value fake goods such as cosmetics, software, and vaping devices. The joint report by DG TAXUD and EUIPO emphasizes the growing complexity of IP infringement across physical and digital marketplaces, with seven Member States responsible for 90% of the seizures. For clients in IP-intensive sectors like fashion, tech, and consumer goods, the findings underscore the importance of robust brand protection strategies and proactive enforcement to safeguard innovation and market share. 

Global Trade Realigns as Trump’s Tariffs Spur New Alliances: In response to the U.S. re-imposition of 15 % tariffs on EU goods, countries across the world are scrambling to reduce their dependency on the American market by forging fresh trade pacts with peers like Mercosur, Mexico, Indonesia, and India. While these new agreements may take time to bring full economic benefit, they carry important geopolitical weight in reshaping trade blocs that lean away from U.S. dominance. Experts caution that despite this pivot, the U.S. market’s sheer size still makes it hard for exporters to fully replace lost demand.  

Analysts Give 70-80 % Odds Supreme Court Will Reject Trump Tariffs: Trade and legal experts estimate a 70-80 % chance that the U.S. Supreme Court will rule against the Trump administration’s global tariffs, viewing them as legally vulnerable. The case hinges on challenges to the authority used to impose sweeping tariffs, with arguments that they exceed constitutional or statutory bounds. A ruling is expected to have major implications for U.S. trade policy and ongoing tariff enforcement. 

Europe Sees Robust Greenfield FDI Despite Economic Headwinds: According to the 2025 Europe FDI Trends Report, Europe continued to see strong growth in greenfield foreign direct investment projects even though GDP stagnated and tariff pressures mount. The report highlights that new investment projects are concentrated in sectors aligned with sustainability and innovation, showing resilience amid macroeconomic turbulence. Still, the overall growth masks uneven performance across regions, with some countries struggling to attract capital due to regulatory or economic barriers. 

• IMY Webinar: Think confidently when using AI 

Date:  October 14, 2025

Time: 09.00 – 10.00 am (CEST)

Location: Live webinar

Registration: Link 

• AI Sweden: Digital conference: Joint AI capabilities in municipalities and civil society

Date:  November 20, 2025

Time: 1:00 pm – 4:00 pm (CEST)

Location: Online

Registration: Link 

• 5th ENISA-ERA Conference on Cybersecurity in Railways 

Date:  December 1 – 2, 2025

Time: 9:00 am – 2:00 pm

Location: Tallin, Estonia

Registration: Link