A Tidy Privacy Reform That Might Not Be So Tidy: The Digital Omnibus proposal promises a cleaner and more modern European privacy rulebook, but its fine print hints at a quiet reshaping of how personal data is defined and handled. By narrowing what counts as personal data and expanding the room for companies to use information without consent, the proposal risks giving powerful players a smoother path to train AI systems and run data driven services. Critics warn that individuals could see familiar rights shrink or become harder to exercise, even as the reform claims to lighten the regulatory load. The package arrives dressed as simplification, yet it may leave citizens with a lighter sense of privacy rather than a clearer one. 

Cookie Monsters Get Caught: Condé Nast Faces €750 000 Blow: The French digital watchdog has slapped Condé Nast with a €750 000 fine after finding that its French site of Vanity Fair placed tracking cookies on users’ devices before consent was granted. Even when visitors clicked “reject all,” cookies were still dropped. The investigation by CNIL followed a complaint filed in 2019 by noyb and revealed that Condé Nast had ignored earlier orders to change its cookie setup. The decision sends a loud signal to publishers and advertisers that cookie consent rules must be respected. 

When “Clearer GDPR” Sounds Like a Radical Rewrite: The Swedish privacy authority Integritetsskyddsmyndigheten (IMY) warns that proposed changes to GDPR under the Digital Omnibus look far more sweeping than expected. The plan would recast how we define personal data and loosen rules so that companies might more easily use data for purposes such as AI training without explicit consent. IMY stresses that if the reform proceeds it must rest on a risk-based framework and not erode core rights. What is being sold as clearer regulation may end up reshaping privacy expectations in a fundamentally different way.  

Europe’s is upgrading networks for Defense: A recent Politico article argues that modern European defense can no longer rely solely on tanks and troops but must begin with resilient digital networks and critical infrastructure. With growing threats ranging from cyberattacks to hybrid warfare and a more volatile geopolitical landscape, stable and interoperable communications, energy, and data systems are becoming the frontline defense across the EU. As old-school weaponry meets new-age threats, the clock is ticking: digital resilience may soon matter more than military muscle. 

Ukraine Lights Up Europe’s First Satellite to Phone Connection: Kyivstar has introduced the first direct to cell satellite service in Europe by teaming up with Starlink to bring basic mobile connectivity to ordinary smartphones without relying on ground based towers. The service allows users to send and receive text messages even in remote or damaged areas which creates a valuable lifeline during emergencies or disruptions. While the current version only supports messaging the partners plan to expand the service to include calls and mobile data in the coming year which would push Europe into a new era of resilient communication. The launch shows how satellite technology is moving from a backup option to a core part of everyday connectivity especially in regions where reliability matters most. 

EU Opens Investigation into Big Cloud Giants as Gatekeepers: The European Commission has launched new investigations to decide if Amazon Web Services (AWS) and Microsoft Azure qualify as “gatekeepers” under the Digital Markets Act (DMA). The probe will examine whether their dominance in cloud infrastructure gives them too much control over a critical digital backbone for businesses and consumers. If they are classified as gatekeepers they will need to follow stricter rules that enforce openness, data portability, interoperability and fair competition. This could reshape the European cloud market by forcing large providers to offer customers easier ways to switch providers and to avoid bundling services in ways that lock out rivals. 

AI-Based Real-Time Facial Recognition in Swedish Law and EU Regulation: Sweden plans to implement a new law on May 1, 2026, allowing police to use AI-driven facial recognition in real time under strict conditions, such as locating victims or preventing serious crimes, with strong safeguards for proportionality, time limits, and judicial oversight. The law mandates transparency, data protection, and oversight by the Swedish Data Protection Authority, while aligning with EU requirements for high-risk AI systems, including risk management, bias control, and logging. Despite EU’s general ban on real-time biometric identification in public spaces from February 2025, exceptions for law enforcement remain for severe cases like terrorism or locating missing persons, provided compliance with strict procedural and technical standards. 

EU Launches Whistleblower Tool for AI Act: The European Commission has introduced a secure whistleblower tool to report suspected breaches of the AI Act directly to the EU AI Office. This platform ensures confidentiality through certified encryption, allowing individuals to submit information in any EU language and receive updates without compromising anonymity. The initiative supports early detection of violations, promoting safe and transparent AI development while safeguarding fundamental rights, health, and public trust. 

New Knowledge Initiative Supports AI Sweden Partners in Procurement Processes: AI Sweden has launched a “Knowledge Boost” to help its partners navigate the unique challenges of procuring AI systems, which differ significantly from traditional IT procurement. The initiative is based on insights from 15 organizations across public and private sectors and provides practical guidance, including seven key challenges, six foundational principles, and checklists to improve collaboration between suppliers and buyers. By promoting transparency, iterative development, and strong technical and domain expertise, the material aims to increase the success rate of AI procurements and strengthen Sweden’s ability to implement responsible and effective AI solutions. 

ENISA Sectorial Threat Landscape for Public Administration: ENISA’s latest report highlights that public administrations face increasing cyber threats, driven by geopolitical tensions, ransomware campaigns, and supply chain compromises. The study identifies phishing, credential theft, and exploitation of unpatched systems as the most common attack vectors, with threat actors targeting sensitive citizen data and critical services. ENISA recommends strengthening incident response capabilities, adopting zero-trust architectures, and enhancing cross-border cooperation to mitigate risks and ensure resilience in the public sector. 

Losses from Payment Service Fraud Decline, but Cases Remain High: Finansinspektionen reports that the total amount stolen through payment service fraud has decreased, likely due to stronger preventive measures and increased awareness among businesses and consumers. Despite this positive trend, the number of fraud cases remains historically high, with nearly 143,000 incidents recorded in the first half of 2025 and losses totaling approximately 575 million SEK. FI urges banks and payment service providers to continue prioritizing fraud prevention, as criminals constantly adapt their methods, and supports upcoming EU legislation aimed at tightening requirements for transaction monitoring and improving consumer protection. 

Cloud CISO Perspectives: Recent Advances in How Threat Actors Use AI Tools: Sandra Joyce of Google Threat Intelligence reports a significant shift in threat actor behavior: state-backed and cybercriminal groups are now deploying AI-enabled malware in active operations rather than solely for productivity gains. The team observed new malware families, such as “PROMPTSTEAL” used by APT28, leveraging large language models to dynamically generate and obfuscate malicious commands, while attackers also manipulate AI safeguards through social engineering methods. Additionally, the underground market for AI-powered cybercrime tools is rapidly maturing, lowering the barrier for sophisticated attacks across the entire lifecycle—from reconnaissance to data exfiltration. 

German Court Rules OpenAI Must Pay for Using Song Lyrics: A Munich court has ruled that OpenAI must pay licensing fees for using copyrighted song lyrics in its AI models, including ChatGPT, in a landmark case brought by Germany’s largest music rights organization, GEMA. The court found OpenAI liable for reproducing large portions of lyrics from nine German songwriters and rejected the company’s argument that outputs were solely user-driven, stating that the language models significantly influence generated content. This decision, which could cost OpenAI hundreds of thousands of euros, sets a precedent for generative AI regulation in the EU and underscores growing legal scrutiny over AI’s use of copyrighted material.  

Updated Guide to Intellectual Property in Europe Released: The European IP Helpdesk has published an updated version of its comprehensive guide to intellectual property (IP) in Europe, aimed at supporting small and medium-sized enterprises (SMEs) in managing IP effectively. This resource addresses common challenges such as protection, enforcement, and strategic use of IP rights, offering practical tips and FAQs collected from real user inquiries. By improving IP awareness and management, the guide helps businesses enhance competitiveness and safeguard their innovations in the European market. 

EUIPO Launches Copyright Knowledge Centre for Digital Age Challenges: The European Union Intellectual Property Office (EUIPO) has introduced the Copyright Knowledge Centre as a single gateway for copyright information in the EU, launched during its first Conference on Copyright. This initiative aims to help creators and businesses navigate fragmented copyright laws and address emerging challenges posed by generative AI, offering resources such as interactive maps, case law, and training materials. The Centre’s mission is to inform, engage, and develop new services that enhance copyright transparency and accessibility across the Single Market. 

Tariffs Steal the Cheer From the Holiday Shopping Season: New tariffs introduced under the current trade approach by the US are raising the cost of many popular holiday goods and pushing pressure onto small retailers who cannot absorb the sudden jump in import prices. Shops that rely on affordable inventory for toys, decorations, and seasonal gifts are finding it harder to stock shelves which limits choice for customers and squeezes already thin margins. The result is a shopping season where higher prices and fewer deals collide with tight consumer budgets creating a less festive atmosphere. 

Drugs for Zero Tariff for US and UK: The United States and the United Kingdom have struck a deal to eliminate tariffs on UK-made medicines and medical equipment for at least three years. In exchange the UK promises to boost spending on new drugs and change how it judges which treatments are cost-effective under its health system. The agreement may make it easier for British drugmakers to export to the US and spur investment in new pharmaceuticals while giving patients in the UK faster access to innovative treatments. The move marks a major shift in transatlantic trade and healthcare policy and could reshape how medicines are traded and priced internationally. 

Costco Demands Its Tariff Money Back: Costco has taken the US government to court in an effort to recover the import duties it paid under emergency tariffs that it argues were imposed without proper legal authority. The company claims that such tariffs require approval from Congress and that the executive branch overstepped by enforcing them without that consent. By filing this case Costco joins a growing list of firms seeking to protect their right to a refund should the courts eventually rule that the tariff program was unlawful. The outcome could reshape trade policy and may return large sums to affected companies while pressuring lawmakers to clarify who truly controls tariff power in the United States. 

• AI Sweden How can generative AI create real value in the creative process?

Date:  December 5, 2025

Time:  09:00 – 12:00 or 13:00 – 16:00 (CEST) (please note that the workshop is available at two different time slots)

Location: Location: AI Sweden Gothenburg, Lindholmspiren 11, 417 56 Gothenburg 

Registration: Link 

• EU – Webinar: AI Act 

Date: December 10, 2025

Time: 10:30 – 12:00 (CET)

Location: Live streaming available

Registration: Link 

• 10th Cybersecurity Standardisation Conference 

Date: Mar 12, 2026 

Time: 9:00am to 5:00pm (CEST) 

Location: Brussels Marriott Hotel Grand Place, Brussels, Belgium 

Registration: Link