AI oversight delays. Potential cookie shake-up. Fines for cyberattacks
by Sypher | Published in News - September 29, 2025
Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.
Three months before deadline, EU countries not ready for AI oversight
๐ค The EU’s AI Act is facing growing pressure from delays, with key deadlines at risk of being missed. Businesses are left in a state of uncertainty as member states are moving at different speeds to set up oversight and enforcement, while industry lobbying is pushing for more time to adapt.
Meanwhile, civil society groups are warning that postponements could weaken protections and damage the EU’s credibility as a regulatory leader at a time when global competition in AI is intensifying… read more
๐กRelated news > AI Act: Commission issues draft guidance and reporting template on serious AI incidents, and seeks stakeholders' feedback by 07 November 2025.
Italy moves on AI – above and beyond the EU AI Act?
technologyquotient.freshfields.com • 7 min read
๐ Italy has become the first EU country to pass a national AI Framework Law, complementing the EU AI Act.
The law sets out guiding principles, assigns oversight roles, and adds sector-specific rules in healthcare, labour, justice, IP, and criminal law.
It also introduces new safeguards for minors, tougher penalties for misuse of AI, and a strong push for national AI investment and strategy… read more
Europe’s cookie law messed up the internet. Brussels wants to fix it
๐ช The EU wants to scrap the cookie-consent rule in its 2009 e-Privacy Directive and replace it with simpler rules.
Proposed ideas include allowing users to set their cookie preferences once, for example in their browser settings, or exempting harmless cookies used for basic functions or statistics.
While industry groups favour incorporating cookie rules into the GDPR's more flexible system, privacy advocates warn that this could weaken protections and expand ad tracking… read more
Romanian online retailer under GDPR after cyberattack drained customer bank cards
๐ถ A major Romanian e-commerce company that sells tobacco and vaping products was fined €20,000 under the GDPR after a cyberattack exposed its customers' bank card details.
This led to unauthorised transactions and financial losses. The investigation found that the company had failed to implement adequate security measures and was running its website on outdated software.… read more (article in Romanian).
GDPR to DPDP: A practical mapping for EU controllers using Indian vendors
ahlawatassociates.com • 6 min read
๐ EU companies increasingly rely on Indian vendors, but India’s new DPDP law differs from the GDPR in scope, rights, and cross-border rules.
To stay compliant, controllers must use strong contracts, align consent standards, and closely monitor evolving regulations… read more
--
Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.
Photo by Luke Jones on Unsplash
