As anticipated in our 2024 privacy round up, 2025 has proven to be a defining year for data privacy and the broader digital landscape. Significant developments in AI regulation and cybersecurity have emerged, with legislative updates and regulatory activity accelerating as expected. Geopolitical dynamics continue to influence the adoption of new technologies, and questions remain over whether the EU will advance its tech regulation agenda, particularly following steps to delay certain implementation phases (most notably in AI) through its Digital Omnibus. With global data protection developments continuing at pace and further changes expected in 2026, now is an opportune moment to reflect on what 2025 delivered for businesses and to consider what 2026 may hold for the EMEA region.

The European Commission has now published its Draft Recommendation on non-binding Model Contractual Terms (“MCTs”) and Standard Contractual Clauses (“SCCs”) under Article 41 of the EU Data Act (Regulation (EU) 2023/2854). These templates are particularly aimed at SMEs and provide ready-to-use frameworks for data sharing and cloud computing contracts.

In the age of online information and the rise of artificial intelligence, web scraping has become a widespread method for feeding and training AI systems. However, this proliferation presents major legal risks, particularly concerning data protection and intellectual property, including potential privacy violations and infringement of copyright and neighbouring rights. The existing French regulatory framework lacks specific rules directly applicable to web scraping. We anticipate that more express, sector-specific regulation will emerge to govern web scraping practices, particularly for AI model training purposes, striking a balance between technological innovation and respect for the fundamental rights of content creators whose materials are ingested by AI models. With the EU AI Act's transparency requirements for generative AI models which mandate detailed summaries of data sources used for model training and EU copyright law compliance policies, we expect increased tensions between rights-holders and AI model developers. For those operating in France, useful guidance can be gleaned from regulatory recommendations[1].

The digital world is becoming more inclusive, and that's great news for everyone. But for online retailers, accessibility laws in both the EU and US create compliance challenges that can't be ignored. Whether you're selling to customers in Brussels or Boston, your website now needs to meet specific accessibility standards that ensure everyone —including people with disabilities—can browse, shop, and complete purchases of goods and services with ease. The question isn't whether you need to comply, but how to do it effectively across different regulatory frameworks. In this article, we'll break down the essential requirements for consumer-facing retail websites and provide practical guidance on demonstrating compliance with both EU and US accessibility standards.