Category: Compliance
AI compliance practices, documentation requirements, risk classification, and audit readiness for organisations
US court ruling shakes EU-US data deal
•
AI Literacy: Lighter Rule, Higher Stakes
•
Digital Omnibus: the AI Act Delay That Makes 2026 Busier, Not Quieter
•
DMA: AWS and Azure face gatekeeper test
•
The Junior Talent Pipeline: What AI Saves Now and Costs Later
•
AI Act: retailers fight deepfake rule
•
Face-scan buses: KC yes, EU mostly no
•
AI Act: later duties, nudifier ban now
•
AI Act: only eight Member States ready
•
US court ruling shakes EU-US data deal
•
AI Literacy: Lighter Rule, Higher Stakes
•
Digital Omnibus: the AI Act Delay That Makes 2026 Busier, Not Quieter
•
DMA: AWS and Azure face gatekeeper test
•
The Junior Talent Pipeline: What AI Saves Now and Costs Later
•
AI Act: retailers fight deepfake rule
•
Face-scan buses: KC yes, EU mostly no
•
AI Act: later duties, nudifier ban now
•
AI Act: only eight Member States ready
•
Stay ahead of AI change. Get practical updates from Future Prep direct to your inbox.
By subscribing you agree to receive Future Prep news. Unsubscribe any time.
Brussels softened the AI literacy duty in the Digital Omnibus, from ensuring a sufficient level to supporting its development. But it was not delayed, it has applied since February 2025, enforcement begins this August, and the EU's skills agenda is turning literacy from a compliance checkbox into a competitiveness lever.
The Council adopted the Digital Omnibus on 29 June, pushing high-risk AI Act obligations to 2027 and 2028. But the transparency and literacy duties that bite in 2026 did not move, and two new bans arrive sooner than the relief.
A joint Five Eyes statement reframes AI cyber risk as an immediate leadership responsibility on a months-not-years horizon. The defence is unglamorous basic hygiene plus AI-aware threat modelling. We translate it into the EU frame of NIS2, DORA and the AI Act, and the questions a board should ask now.
Canada has tabled Bill C-36, a GDPR-style privacy overhaul. For organisations already under European rules it reads as convergence but works as divergence: a second regulator, second thresholds and a second set of rights to map across adequacy, automated decisions and transfers.
CADA defines four assurance levels for cloud and AI sovereignty, up to EU ownership at Level 3 and full supply-chain control at Level 4. The proposal is not law yet, but the levels already work as a scoring frame. Five procurement and due diligence changes to make this quarter.
In one week the US chose voluntary, standards-referenced AI oversight while the EU adopted CADA's graded sovereignty test. A deployer operating across both cannot run on a single mental model. Here is one control map, with two triggers per control, that answers the European and American regimes at once.