This briefing summarizes recent regulatory and guidance developments on AI, data protection, post‑quantum cryptography, and lawful access across the EU, member states, Canada, Finland, and the United States. Key items include the EU Council’s Digital Omnibus position to ease AI Act compliance, EDPB/EDPS input on the European Biotech Act, national guidance from France and the Netherlands on healthcare and hiring AI, Finland’s PQC transition, Canada’s Bill C‑22, NIST’s post‑deployment AI monitoring report, and New York’s GenAI accuracy‑warning bill #AIAct #BillC22
Keypoints
- The EU Council adopted a negotiating position in the Digital Omnibus to delay some high‑risk AI obligations and extend relief to small mid‑cap firms.
- The EDPB and EDPS urged stronger safeguards and clearer controller responsibilities for personal and genetic data in the proposed European Biotech Act.
- HAS and CNIL opened a public consultation on practical, lifecycle guidance for AI in clinical care, including governance and generative AI measures.
- The Dutch DPA clarified that online and game‑based recruitment assessments can trigger Article 22 GDPR and require substantive human oversight and DPIAs.
- Finland set PQC requirements for evaluated cryptographic products from 2026, while Canada’s Bill C‑22 updates lawful access rules and NIST highlighted challenges in post‑deployment AI monitoring as New York advances a GenAI accuracy‑warning law.
Read More: https://keplernewsletter.substack.com/p/privacy-and-cybersecurity-62