The use of AI systems such as ChatGPT is increasingly contentious within the legal world. Several litigants and their lawyers have been discovered to have made use of the technology in preparing cases, only to fall victim to the technology’s tendency to invent fictitious authorities with judges in some cases reporting lawyers to their professional bodies to face disciplinary sanctions. For perhaps the first time, we now have a case, Peggie v. Fife Heath Board and Dr B Upton in the United Kingdom where the suggestion is that a judge has relied upon AI to produce substantial parts of a judgment without acknowledging the fact. This note assesses the potential significance of such action.

The article analyses whether and how two core concepts of the GDPR require re-evaluation in the aftermath of the decision by the Court of Justice (CJEU) in EDPS v. SRB (C-413/23 P). Therefore, CJEU’s case law (i) on the controller’s transparency obligations and (ii) on the threshold for the qualification as personal data are examined. The examination culmi-nates in two main aspects: (i) Are procedural violations treated differently from substantial violations? (ii) Which elements prove relevant for the qualification as “personal data”, eventually triggering the controller’s transparency obligations.

The article examines the obligation to prepare technical documentation under the GDPR, the CRA, and the AI Act, conducts a comparative analysis to explore synergies, overlaps, and divergences between the technical documentation obligations under the three frameworks, and assesses the feasibility of developing joint technical documentation.

While parties – with justification – tend to focus on those “big ticket” terms with which we are all very familiar (e.g. indemnities, liability caps, and termination rights), the success or failure of a project frequently hinges on lower profile provisions: that is, on provisions that dictate how the contract operates to address day-to-day issues, not the bet-the-company litigation. Drawing from experience over the past decade, this article explores practical strategies to address common key issues which are critical to operations but which have traditionally had a lower profile: namely, that (1.) align with the project methodology (e.g. waterfall vs. agile); (2.) emerge operational problems early; (3.) escalate problems in a timely manner; (4.) incentivize the vendor to achieve positive dispute outcomes; (5.) ensure customer has reasonable time to dispute issues; (6.) start the contractual limitation period only after sufficient dispute details have been provided; (7.) require automatic escalation for repeating problems; (8.) prevent incentives from disrupting the resource allocation of the vendor; and (9.) incorporate a structured penalty mechanism, so to avoid the problem of penalties that, in practice, are too big to use.

The inaugural major revision of the Cybersecurity Law of the People’s Republic of China (CSL, ????????????), enacted in 2016 and effective since 2017, was formalized with the adoption of the 2025 Amendment by the Standing Committee of the National People’s Congress (NPCSC, ?????????????) on October 28, 2025, entering into force on January 1, 2026. This Amendment represents a significant intensification of the regulatory framework, substantially enhancing enforcement powers, codifying stricter legal liabilities for enterprises and responsible personnel, delineating the gradations of regulatory violations, and imposing more rigorous compliance mandates on operators of Critical Information Infrastructure (CII, ????????). The revisions underscore the government’s strategic objective to foster the development of the artificial intelligence (AI) sector while concurrently fortifying national cybersecurity postures.