Activity Tracker

The DPA Activity Tracker provides our latest information on developments in legislatures, judiciaries and the executive branches of G20, EU member states and Switzerland.

16446 events advancing 9109 policy or regulatory changes:

Most active jurisdictions Number of policy changes

Graph

Table

Excel

CSV

Targeted economic activity Number of policy changes

Excel

CSV

cross-cutting

2920

platform intermediary: user-generated content

1391

ML and AI development

1069

digital payment provider (incl. cryptocurrencies)

976

other service provider

829

platform intermediary: other

759

platform intermediary: e-commerce

693

infrastructure provider: internet and telecom services

552

software provider: other software

475

online advertising provider

378

infrastructure provider: cloud computing, storage and databases

304

search service provider

294

technological consumer goods

277

streaming service provider

235

software provider: app stores

218

messaging service provider

218

infrastructure provider: network hardware and equipment

138

infrastructure provider: other

118

DLT development

94

semiconductors

78

unspecified

9

16446 events advancing 9109 policy or regulatory changes:
concluded

Public Accounts Committee inquiry into use of AI in government

Latest event Date: 2025-03-26 inquiry closure

Public Accounts Committee issued report on use of AI in government including public procurement access

On 26 March 2025, the Public Accounts Committee (PAC) in the House of Commons issued a report titled Government’s Use of Artificial Intelligence, which examined the ability of public sector procurement systems to support a competitive and innovative…

Implementer
United Kingdom
Policy area Public procurement
Policy or regulatory element Public procurement access
Economic activity ML and AI development, other service provider
processing consultation

Act on protection of minors against access to harmful content on the Internet

Latest event Date: 2025-03-26 law consultation closed

Ministry of Digitalisation closes consultation on draft Act on protection of minors against access to harmful content on the Internet

On 26 March 2025, the Ministry of Digitalisation closes its public consultation on the draft Act on the protection of minors against access to harmful content on the Internet. The draft Act aims to limit minors' access to pornographic content and in…

Implementer
Poland
Policy area Consumer protection
Policy or regulatory element Age verification requirement
Economic activity infrastructure provider: internet and telecom services, platform intermediary: user-generated content
in consultation

National Commission on Informatics and Liberty recommendation on use of location data from connected vehicles

Latest event Date: 2025-03-25 outline consultation opened

National Commission on Informatics and Liberty opened consultation on draft recommendation on use of location data from connected vehicles

On 25 March 2025, the National Commission on Informatics and Liberty (CNIL) initiated a public consultation, set to close on 20 May 2025, on a draft recommendation focused on location data usage by connected vehicles in the technological consumer go…

Implementer
France
Policy area Data governance
Policy or regulatory element Data protection regulation
Economic activity technological consumer goods, software provider: other software, infrastructure provider: cloud computing, storage and databases
in grace period

Regulation (EU) 2025/327 establishing a European Health Data Space (EHDS) including rules for portability and sharing of health data

Latest event Date: 2025-03-25 law in force with grace period

European Health Data Space (EHDS) Regulation (2025/327) enters into force with grace period

On 25 March 2025, the European Health Data Space (EHDS) Regulation (2025/327) entered into force with a grace period. The Regulation facilitates access to electronic health data for primary use in healthcare and secondary use for research, policy ma…

Implementer
European Union
Policy area Data governance
Policy or regulatory element Data protection regulation
Economic activity cross-cutting
processing consultation

Privacy Protection Authority statement on implementation of consent principle

Latest event Date: 2025-03-24 outline consultation closed

Privacy Protection Authority closes consultation on statement on implementation of consent principle

On 24 March 2025, the Privacy Protection Authority of Israel closes a public consultation on the statement clarifying the application of the consent principle under national data protection laws. The statement reflects the legal interpretation that …

Implementer
Israel
Policy area Data governance
Policy or regulatory element Data protection authority governance
Economic activity cross-cutting
rejected

Testing requirements in Act on the development, deployment and use of high-risk artificial intelligence (HB 2094)

Latest event Date: 2025-03-24 law veto

High-Risk Artificial Intelligence Developer and Deployer Act including testing requirements (HB 2094) was vetoed by Governor

On 24 March 2025, the Virginia Governor vetoed the Act on the development, deployment, and use of high-risk artificial intelligence (AI). The Act would have outlined the responsibilities of developers and deployers of AI. In particular, it would hav…

Implementer
United States of America
Policy area Design and testing standards
Policy or regulatory element Testing requirement
Economic activity ML and AI development
rejected

Design requirements in Act on development, deployment and use of high-risk artificial intelligence (HB 2094)

Latest event Date: 2025-03-24 law veto

Act on the development, deployment and use of high-risk artificial intelligence including design requirements (HB 2094) was vetoed by Governor

On 24 March 2025, the Virginia Governor vetoed the Act on the development, deployment, and use of high-risk artificial intelligence (AI). The Act would have applied to developers and deployers of high-risk AI systems in Virginia. It would have requi…

Implementer
United States of America
Policy area Design and testing standards
Policy or regulatory element Design requirement
Economic activity ML and AI development
processing consultation

Prudential Regulation Authority inquiry into firms' exposure to cryptoassets

Latest event Date: 2025-03-24 inquiry consultation closed

Closed consultation on Prudential Regulation Authority inquiry into firms' exposure to cryptoassets

On 24 March 2025, the Prudential Regulation Authority (PRA) closes its data request to gather information on firms' current expected future crypto-asset exposures and their application of the Basel framework for the prudential treatment of cryptoass…

Implementer
United Kingdom
Policy area Consumer protection
Policy or regulatory element Quality of Service requirement
Economic activity digital payment provider (incl. cryptocurrencies), DLT development
under investigation

Office of the Privacy Commissioner of Canada and UK Information Commissioner's Office joint investigation into 23andMe's compliance with cybersecurity regulations

Latest event Date: 2025-03-24 investigation interim ruling

UK Information Commissioner’s Office issued provisional findings and proposed fine to 23andMe following joint investigation with Office of the Privacy Commissioner of Canada regarding compliance with cybersecurity regulations

On 24 March 2025, the UK Information Commissioner’s Office (ICO) issued provisional findings, a notice of intent to impose a fine of £4.59 million, and a preliminary enforcement notice to 23andMe. This action followed a joint investigation with the …

Implementer
CanadaUnited Kingdom
Policy area Data governance
Policy or regulatory element Cybersecurity regulation
Economic activity other service provider
adopted

National Institute of Standards and Technology's Guidance on Adversarial Machine Learning Threats

Latest event Date: 2025-03-24 outline adoption

Published updated NIST Guidance on Adversarial Machine Learning Threats (NIST.AI.100-2 E2025)

On 24 March 2025, the National Institute of Standards and Technology (NIST) published an updated version of Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations (NIST.AI.100-2 E2025). This provides an update from the i…

Implementer
United States of America
Policy area Data governance
Policy or regulatory element Cybersecurity regulation
Economic activity ML and AI development
Showing 12 items per page
Page
1
2
...
911

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.