Here are key highlights from June 2025 detailing global news and regulatory updates.
US & Canada
- California releases a report that derives policy principles to inform the use, assessment, and governance of frontier AI.
- Canada and the EU will begin negotiating a new digital trade agreement and will seek to align on standards to develop trustworthy AI systems (also in EMEA).
- Connecticut governor amends the state’s comprehensive privacy law, expanding its scope significantly and adding new impact assessment requirements.
- New York senate passes the Responsible AI Safety and Education Act, which would require covered entities to enact safety and security protocols prior to model release.
- Texas governor signs the Responsible AI Governance Act, including disclosure requirements for state agencies, bans on the capture of biometric identifiers without consent, and prohibitions on systems for manipulating people.
- US senate gives up proposed moratorium on state laws regulating AI after a near unanimous vote to abandon the provision.
- US International Trade Administration (ITA) launches international privacy certification programs, enabling organizations to demonstrate compliance with data protection and privacy standards during cross-border data transfers.
EMEA
- EU’s European Commission officially adopts a six-month extension to two adequacy decisions with the UK, allowing for the free flow of data until December 27, 2025.
- EU and Canada will begin negotiating a new digital trade agreement and will seek to align on standards to develop trustworthy AI systems (also in US & Canada).
- France’s data protection authority publishes recommendations for the development of AI systems and discusses the conditions under which legitimate interest may serve as a legal basis (in French).
- German court removes fine against Volkswagen, stating that pseudonymised data was “quasi-anonymous” and that the recipient had no means or interest to re-identify the data.
- UAE and Kazakhstan financial centers sign a memorandum of understanding to promote collaboration in data protection and privacy law enforcement (also in APAC).
- UK Data (Use and Access) Act 2025 (DUAA) takes effect and includes clarification of use of personal information for research, a data protection complaints procedure, and a new lawful basis of legitimate interests.
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
APAC
- Australia implements statutory tort for invasions of privacy, granting individuals the right to take legal action.
- China introduces a national standard detailing security measures for sensitive information, aligning closely with the Personal Information Protection Law (PIPL) and supplying operational guidance.
- India releases consent management rules under the Digital Personal Data Protection Act (DPDPA), delivering advice on the technical and functional aspects of consent management implementation.
- Kazakhstan and UAE financial centers sign a memorandum of understanding to promote collaboration in data protection and privacy law enforcement (also in EMEA).
- Vietnam’s Personal Data Protection Law (PDPL) passes the national assembly and will take effect on January 1, 2026, introducing new concepts, exemptions, and obligations compared to the existing law.
LATAM
- Brazil’s data protection authority makes a regulatory sandbox available for developing and testing AI systems (in Portuguese).
Global
- G7 leaders publish a statement on AI, emphasizing a human-centered approach committed to public good, transparency, and accountability.
- OECD (Organisation for Economic Co-operation and Development) produces a report detailing two types of use case for privacy-enhancing technologies (PETs) in AI models.