Connected - April 2025
Written By
Partner
Denmark
I am a partner in our international Tech & Comms Group in Denmark, with extensive experience in IT, technology, telecommunications and assisting companies internationally.
The April 2025 edition has been edited by Julie Bak-Larsen with contributions from the Regulatory and Public Affairs team.
This feature explores key regulatory updates and industry insights, including with a focus on security with the CRA draft Implementing Regulation, updates on the UK Cybersecurity Bill, Cyber Security Act Public Consultation, and also with input on Italian specific AI regulation, a new CJEU decision on algorithm transparency and secrecy protection and news on an expansion of German mobile auctions.
SIGN-UP TO RECEIVE THIS MONTHLY NEWSLETTER BY CLICKING HERE
CRA – Draft Implementing regulation on important and critical products with digital elements
Draft Implementing Regulation and public consultation on the technical descriptions to be adopted for categories of products with digital elements which are considered important or critical under the CRA (see Annexes III and IV CRA).
For more information, please contact Julie Bak-Larsen.
UK cybersecurity reform – Planned changes for Cyber Security and Resilience Bill
The UK government has published greater detail on their ambitions for a forthcoming Cyber Security and Resilience Bill expected this year. The Bill is expected to update the UK’s core cybersecurity legislation set out in the NIS Regulations 2018.
The Bill and its updates to NIS are part of a broader strategy to update the UK’s cybersecurity regime in line with international standards, notably the EU's NIS2 Directive, and to raise cybersecurity preparedness in the UK economy.
For more information, please contact Rory Coutts and Matthew Buckwell.
EU Commission opens consultation on revising Cybersecurity Act
To strengthen the European Union’s cybersecurity framework, the European Commission has launched a public consultation to revise the EU Cybersecurity Act. This initiative, announced on April 11, 2025, aims to address the evolving cyber threats and streamline existing regulations to foster a more resilient and business-friendly environment.
For more information, please contact Paolo Sasdelli.
Italian Rules on AI as a supplement to the AI Act
On 20 March 2025, Italian Senate approved bill 1146/2024 ('AI Bill'), which delegates the Government to adopt, within 12 months, a legislative decree to adapt national legislation to Regulation (EU) 2024/1689 ('AI Act'). The AI Bill therefore passes to the Chamber of Deputies for examination. The AI Bill, recently approved by the Senate, is not intended to overlap with the AI Act - most of whose definitions it recalls - but to accompany its regulatory framework.
For more information, please contact Gian Marco Rinaldi and Marta Breschi.
CJEU decision on algorithmic transparency and secret protection (CJEU C-203/22)
On 27 February 2025, the Court of Justice of the European Union (“CJEU” or “Court”) issued a crucial judgment in Case C-203/22, addressing the delicate balance between the right of individuals to transparency in automated decision-making processes and secret protection (“D&B Decision”). The ruling is part of the debate raised by the decision of 7 December 2023, Case C-634/21 ("Schufa Decision") on the application of the General Data Protection Regulation 2016/679 ("GDPR") to algorithmic evaluations, particularly in the credit scoring sector.
For more information, please contact Edoardo Barbera and Adriano D'Ottavio.
German Bundesnetzagentur provides decision to extend mobile spectrum subject to conditions
On 24 March, 2025, the German Bundesnetzagentur announced its decision to extend the spectrum usage rights at 800 MHz, 1800 MHz, and 2600 MHz for an interim period of five years. This extension comes with specific conditions, including coverage obligations and other requirements.
For more information, please contact Valerian Jenny.
