Questioning the Independence of Ireland’s Data Protection Watchdog: Over 40 civil society groups have urged the European Commission to investigate the independence of Ireland’s Data Protection Commission after the appointment of a new commissioner with close industry ties. They argue this raises doubts about impartial enforcement of EU privacy rules, given Ireland’s central role in overseeing major tech companies. The groups call on the Commission to determine whether the regulator still meets EU standards of independence and to act if it does not.  

Grindr Appeal Rejected by Norwegian Authorities: Grindr lost its appeal against a 65 million NOK fine for unlawfully sharing sensitive user data with advertisers. The court confirmed that the company had violated the General Data Protection Regulation by lacking valid consent for such data sharing. Norwegian authorities emphasized that this ruling strengthens privacy protections for users of dating and social apps. 

CJEU Examines Use of Illegally Stored Data in Court Proceedings: The case concerns whether national courts can rely on personal data that was originally collected or stored in violation of the GDPR when used as evidence in legal proceedings. It also examines if the exception allowing processing for legal claims can justify such use despite the original breach. The Court will clarify how necessity and proportionality principles apply when courts process unlawfully obtained data. 

France Nears Major Telecom Industry Shake-Up: France is considering a large-scale consolidation in its telecoms sector after a €17 billion proposal by Altice France was tabled for purchase of its assets by Bouygues Telecom, Free‑Iliad and Orange. While the deal was initially rejected, the move reflects mounting pressure for French telcos to merge in order to better fund fixed and mobile infrastructure and to stay competitive. Analysts say a three-player market (rather than four) is increasingly seen as the sustainable model in Europe. 

Salt Typhoon Targets European Telecom Networks: A China-linked cyber espionage group called Salt Typhoon has breached a European telecom provider’s network by exploiting a vulnerability in a Citrix NetScaler Gateway appliance. The attackers used advanced techniques including side-loading of malicious DLLs through legitimate antivirus software and stealthy pivoting to internal virtual desktop hosts. The incident underscores a broader campaign by the group against telecommunications and other critical infrastructure worldwide.  

New Undersea Cable in the Black Sea to Bypass Russia: A major submarine cable project has been announced to link Bulgaria, Georgia, Turkey and Ukraine across the Black Sea, deliberately routing around Russian-controlled areas. The system, backed by a large European telecom operator, will cost over €100 million and aims to bolster internet capacity and network resilience in the region. Construction is set to begin around 2027, with particular care taken for the Ukrainian landing to remain in internationally recognised safe zones. 

A new Product Liability Act: The proposal introduces a new Swedish product liability law to implement EU Directive 2024/2853, aiming to strengthen consumer protection and adapt to digitalization, AI, and global supply chains. It expands the definition of “product” to include software and digital services, and broadens liability to include online platforms and those who make significant product modifications. Key changes include the removal of deductibles for property damage, presumptions to ease the burden of proof for victims, and extended limitation periods for latent injuries. This new law will come into force on 9 December 2026.  

World Economic Forum – Shaping AI Sandboxes for Responsible Innovation: The World Economic Forum’s white paper “Shaping the AI Sandbox Ecosystem for the Intelligent Age” presents a two-part strategic and operational framework designed to help governments, industry, academia, and civil society create AI sandboxes that balance innovation with responsibility, inclusivity, and accountability. These sandboxes provide controlled environments offering access to data, infrastructure, and validation tools, enabling startups and regulators to collaboratively test AI solutions while informing policy and research. Developed for India’s AI for India 2030 initiative, the model is modular and scalable, aiming to foster safer, smarter AI systems that serve public interest and support long-term technological growth.  

AI Sweden Launches National Labour Market Council on AI’s Impact: AI Sweden has established the “Labour Market AI Council,” bringing together trade unions, employer organizations, and transition bodies to assess AI’s influence on Sweden’s labour market, with its inaugural roundtable held on 6 October 2025 in Stockholm. The council aims to create a shared situational awareness of AI transformations in job roles, skills, and employment conditions, and to develop actionable recommendations for industry stakeholders and policymakers. Meetings will occur quarterly, generating insight reports per session and culminating in an annual report presented at a public event, thus supporting clients in understanding workforce impacts and preparing for AI-driven change. 

Sweden’s New Cybersecurity Law: Implementing the NIS 2 Directive: Sweden’s proposed cybersecurity law (Prop. 2025/26:28) implements the EU’s NIS 2 Directive to strengthen national and EU-wide cyber resilience, replacing the previous NIS framework. It mandates comprehensive security measures, incident reporting, and oversight for both public and private entities in critical sectors, with strict penalties for non-compliance. The law also introduces new rules on data protection, transparency, and coordination among authorities, and updates several related Swedish laws to align with the directive. The new Swedish cybersecurity law (Prop. 2025/26:28) is set to enter into force on January 15, 2026.  

Fake FI Messages Target Swedish Consumers in Scam Attempt: Finansinspektionen (FI) warns that scammers are impersonating the authority by sending fraudulent SMS messages to consumers, falsely claiming to be from FI. These messages aim to deceive recipients into sharing personal information or making payments, often under the guise of financial services or recovery assistance. FI urges the public to remain vigilant, verify company credentials via its official register, and avoid engaging with unsolicited offers that seem too good to be true. 

AI-Driven Ransomware Defense in Google Drive: Google’s Threat & Identity team has introduced a new AI-powered security layer within the Google Drive for desktop app (Windows and macOS) designed to disrupt ransomware by identifying early threat signals before they can encrypt files. While Workspace-native files remain inherently protected, this enhancement extends protection to third-party file formats like Office documents and PDFs commonly targeted by ransomware. For law firm clients handling sensitive documents, the capability offers a critical safety.  

EU General Court Invalidates “ICELAND” Trademark – Decision Dated 16 July 2025: The EU General Court affirmed EUIPO’s invalidation of the “ICELAND” word and figurative trademarks, ruling on 16 July 2025 in Case T‑105/23 that the term is geographically descriptive and thus non-distinctive under Article 7(1)(c) EUTMR. The Court reaffirmed that geographical and characteristic terms like “Iceland” cannot be monopolized when they indicate origin or invoke consumer association with the place. This decision underlines that geographic names must remain publicly available, posing branding challenges for clients seeking exclusivity over such terms. 

Italy Adopts the First National AI Law with Enhanced Copyright Rules: Italy has enacted Law No. 132 of 23 September 2025, the first national AI-specific legislation among EU Member States, which came into force on 10 October 2025 and aligns domestic law with the forthcoming EU AI Act. The law amends the Italian Copyright Act to grant copyright protection only to works created with AI when there is sufficient human intellectual contribution, while leaving the determination of that threshold to the courts. It also introduces Article 70‑septies, explicitly permitting legally accessible text and data mining (TDM) by AI models under existing exceptions, thus clarifying rules for AI training. 

Ferrari Triumphs in “TESTAROSSA” Trademark Appeal – Ruling Issued 2 July 2025: On 2 July 2025, the EU General Court (T‑1103/23) overturned EUIPO’s decision and confirmed genuine use of the “TESTAROSSA” trademark, finding that sales of second-hand vehicles and certification services by Ferrari-authorized dealers constituted genuine use with implied consent. The Court emphasized that implied consent and active dealer involvement are sufficient to maintain trademark rights under Article 58(1)(a) EUTMR. This precedent offers reassurance to automotive and luxury-brand clients that model names can retain protection through authorized resale and certification channels. 

EU Digital Sovereignty Doesn’t Equal Protectionism: Europe must build its own digital infrastructure and shift from being merely customers to becoming active players in technology and innovation, says German Minister Karsten Wildberger. He emphasizes that this ambition does not mean shutting off the EU market from US companies but rather enabling choice and diversification in data storage and infrastructure operations. Wildberger adds that true digital sovereignty also involves rethinking the full supply chain of technology, from chip design to servers and cables. 

China’s Next 5-Year Plan Focuses on High Tech and Consumers: China’s upcoming five-year plan places strong emphasis on technological self-reliance and expanding domestic consumer demand. It signals a shift away from export-driven growth towards higher value sectors and internal consumption. The blueprint also highlights the role of innovation and investment in high-tech industries as key to future economic stability. 

U.S. Halts Trade Talks With Canada Over Digital Tax: The U.S. announced it is terminating all trade negotiations with Canada in response to Canada’s planned digital services tax targeting U.S. tech firms. The move underscores how tax policy has become a direct trade-issue between the two neighbours. This escalation raises concerns about broader impacts on bilateral trade relations and market stability. 

• Digital conference: Joint AI capabilities in municipalities and civil society 

Date:  November 20, 2025

Time: 13:00–16:00 CEST 

Location: Online (Zoom)

Registration: Link 

• AI Sweden: Digital conference: Joint AI capabilities in municipalities and civil society

Date:  November 20, 2025

Time: 1:00 pm – 4:00 pm (CEST)

Location: Online

Registration: Link 

• 5th ENISA-ERA Conference on Cybersecurity in Railways 

Date:  December 1 – 2, 2025

Time: 9:00 am – 2:00 pm

Location: Tallin, Estonia

Registration: Link