Connected - September 2025

The September 2025 edition has been edited Feyo Sickinghe with contributions from the Regulatory & Public Affairs team and Bird & Bird colleagues across our Bird & Bird One Firm network. 

In this edition, we explore key regulatory developments across the EU and UK. In the EU, we examine the latest court guidance on net neutrality and zero-rating, alongside MEPs' ongoing efforts to strike a balance between AI innovation and copyright protection. We also delve into the liability risks faced by healthcare AI providers, offering insights into navigating an increasingly dynamic regulatory landscape. Additionally, we analyse the impact of the finalised GPAI Guidelines and the GPAI Code of Practice, including the introduction of a new training data summary template designed to enhance compliance. 

On the UK side, we review the government’s draft strategic priorities for telecommunications and digital infrastructure, which aim to drive growth and innovation in the sector. We also summarise the ongoing consultation on updates to the UK Telecommunications Security Framework, reflecting the country’s focus on bolstering digital security.  

SIGN-UP TO RECEIVE THIS MONTHLY NEWSLETTER BY CLICKING HERE 

EU Court issues further guidance on net neutrality and zero-rating

On 10 July, the Court of Justice of the European Union (CJEU) published its latest judgment on net neutrality in Case C-367/24.  

The judgment reinforces the CJEU’s stance that “zero-rated” or reduced-tariff applications must still comply with the Net Neutrality Regulation (Regulation (EU) 2015/2120), which bars discriminatory treatment of online content and services. This new judgment mostly provides more guidance for determining when such packages comply with the Regulation. 

READ THE FULL STORY

For more information, please contact Raoul Grifoni Waterman.

MEPs attempt to strike a new balance between AI and copyright 

One of the touchstone issues in the international debate about how to regulate AI is the relationship between AI technologies and copyright law. A recent study commissioned by the European Parliament’s Legal Affairs Committee examines how generative AI challenges core principles of EU copyright law. It points to a legal mismatch between AI training practices and current text and data mining exceptions, and the uncertain status of AI-generated content. 

READ THE FULL STORY

For more information, please contact Francine Cunningham.

Liability of Healthcare AI Providers in the EU: How to Navigate Risks in a Shifting Regulatory Ecosystem

Healthcare AI has the potential to revolutionise patient care, from early disease detection and personalised treatment plans to breakthroughs in drug discovery and streamlined hospital workflows. Yet, despite its promise, adoption of AI across the healthcare sector in Europe remains slow. A recent European Commission study identified legal uncertainty around liability as one of the key barriers hindering the development and deployment of AI-based tools. This lack of clarity not only creates hesitation among developers, device manufacturers, and digital health companies but also risks stifling innovation, ultimately delaying the societal benefits of healthcare AI.

READ THE FULL STORY

For more information, please contact Dr. Nils Lölfing and Niranjan Nair Reghuvaran.

Taking the EU AI Act to Practice: How the Final GPAI Guidelines Shape the AI Regulatory Landscape

The AI Act establishes a comprehensive legal framework for AI regulation in the EU, with the rules for General-Purpose AI (“GPAI”) models forming a central pillar. As these specific GPAI provisions become applicable in early August 2025, the European Commission has published the “Guidelines on the scope of the obligations for general-purpose AI models” (“Guidelines”) to provide much-needed clarity for the industry. Prior to this final publication, there was no actual draft, but in its consultation call from April 2025, the Commission formulated a so-called “Preliminary Approach”, which provided an indication of the potential content of the guideline.

READ THE FULL STORY

For more information, please contact Nora Santalu and Oliver Belitz.

Taking the EU AI Act to Practice: Decoding the GPAI Code of Practice and the Training Data Summary Template

The EU’s Artificial Intelligence Act (EU AI Act), which entered into force in August 2024, is being implemented in stages. As of August 2025, one of the most significant chapters of the EU AI Act has just become applicable: the rules governing General-Purpose AI (GPAI) models. For companies operating in this space, the time for preparation is over.

READ THE FULL STORY

For more information, please contact Oliver Belitz and Dr. Simon Hembt.

UK - Government sets out draft strategic priorities for UK telecommunications and digital infrastructure 

The UK Government’s Department for Science, Innovation & Technology (“DSIT”) has outlined its proposed Statement of Strategic Priorities that it will issue to Ofcom, the UK’s communications regulator, addressing telecommunications, the management of radio spectrum, and postal services. The DSIT consultation on its proposals is open until 18 September 2025.  

READ THE FULL STORY

For more information, please contact Rory Coutts.

UK - Consultation on updates to the UK Telecommunications Security Framework 

Three years since its entry into force, the UK  Government has launched a consultation on updates to the Telecommunications Security Code of Practice 2022 (“Code”). The consultation is open until 22 October 2025.  

READ THE FULL STORY

For more information, please contact Rory Coutts.