Here are key highlights from February 2025 detailing global news and regulatory updates.

US & Canada

• US Department of Justice will no longer defend the independent status of the Federal Trade Commission (FTC), according to a letter from a member of Congress
• US health care groups call for proposed HIPAA Security Rule amendments to be “rescinded immediately,” arguing that it would impose significant burdens without improving cybersecurity
• US online health platform to face a class action suit for violating federal video privacy law after allegedly disclosing subscribers’ video-viewing information to Meta Platforms
• Virginia legislature passes a bill regulating how AI can be used, but the state’s governor has not yet expressed support for the bill and may not sign it by the March 24 deadline
  

EMEA

• EU reportedly seeking to cut back on tech regulation and limit AI reporting requirements to remain competitive in the AI development space
• EU and Brazil data protection authorities meet to strengthen cooperation on AI and to continue dialog over a bilateral data flow agreement between Brazil and the EU (in Portuguese; also in LATAM)
• EU Data Boundary for the Microsoft Cloud is announced and will allow public sector and commercial customer data to be stored and processed in the EU and European Free Trade Association (EFTA)
• EU’s European Commission releases non-binding guidelines to help relevant parties determine whether software constitutes an AI system
• EU’s European Commission working on a European Data Union Strategy to simplify data regulations and to allow for more seamless data sharing at scale while maintaining high privacy standards
• EU advocate general from the Court of Justice of the European Union (CJEU) asserts that pseudonymized data shared with a third party may not be automatically considered personal data if the risk of re-identification is deemed “non-existent or insignificant”
• France’s data protection authority releases two new recommendations to promote responsible innovation in AI, urging AI developers to anonymize their models when doing so does not compromise the model’s intended purpose
• Saudi Arabia’s data protection authority issues guidelines for transferring personal data outside of the country
• Switzerland’s information commissioner publishes guidelines for reporting data security breaches
• UK government produces its AI Cyber Security Code of Practice, which details baseline principles to protect AI systems and the organizations that create and use them
  

APAC

• Japanese government ministry releases an updated checklist for AI use aimed at Japanese businesses (in Japanese)
• Japan’s data protection authority may remove a prior consent requirement for sensitive personal information used in AI development, aiming to facilitate the use of personal information by AI-related businesses
  

LATAM

• Brazil and EU data protection authorities meet to strengthen cooperation on AI and to continue dialog over a bilateral data flow agreement between Brazil and the EU (in Portuguese; also in EMEA)

Global

• 100 nations + convene in Paris seeking to align on AI and shifting towards a more innovation-friendly and deregulated approach to support AI growth
• OECD releases a draft framework for reporting AI incidents across a range of jurisdictions and sectors