The EU Artificial Intelligence Act has never been closer to the desks of privacy and AI governance professionals than this week. Lo and behold, the Council of the European Union and European Parliament reached a political agreement on the proposal initially released in April 2021.

This agreement follows two years of intense negotiations at technical and political levels. Pressure had been mounting around 6 Dec. when ministers in charge of the AI Act were set to meet. One of the leading reasons was the European electoral calendar — this week was one of the last, if not the last, window of opportunity to close the file at political level before the June elections.

The political agreement is, therefore, a big deal, but the AI Act is not quite done yet. Much of what was agreed in the final throws needs to be drafted in legal text. There are also a few procedural steps remaining, including a legal scrubbing and translation into the 23 official EU languages expected to happen in February, and of course a formal adoption by the Council and Parliament before publication in the EU Official Journal. At the latest, those steps should be completed late April unless a political breakdown happens.

The IAPP reported extensively on the recent developments so make sure you peruse the newsletter and website for more intel.

With fewer bells and whistles, this week also marked the inauguration of the European Data Innovation Board. The EDIB is an expert group set up under the Data Governance Act, as the main tool to further coordination of national practices and policies to support data spaces.

Among others, the EDIB will:

• Issue guidelines on how to facilitate the development of data spaces, and identify and prioritize standards and interoperability requirements for cross-sectoral data sharing, with support from the Data Spaces Support Centre, set up in October 2022.
• Assist the Commission in developing guidelines on protecting commercially sensitive or IP-protected nonpersonal data from IP theft or industrial espionage; guidelines for cybersecurity requirements for the exchange and storage of data; and a European data altruism consent form.
• Provide recommendations to member states to develop rules on penalties for noncompliance of key DGA provisions on transfers of nonpersonal data to third countries, notification obligation of data intermediation services providers, and conditions for providing data intermediation services.

One noteworthy element is the EDIB will also provide input to the Commission for it to determine whether a third country "provides a level of (IP and trade secrets) protection essentially equivalent to that provided in the EU" under the DGA. In essence, adequacy decisions for nonpersonal data.

Elsewhere:

• AI Governance Global 2024 is coming to Brussels! The IAPP will host the second annual AIGG in the European capital 4-5 June 2024. The call for proposals opened yesterday to attract insights on the implications of the AI Act, building AI governance programs, the intersection of AI technology and tools with data protection, AI legal, policy and regulatory updates around the world and many more. We will also run an in-person AI Governance Professional Training on 6-7 June.

This newsletter will go on hiatus next week for the holidays and will return to your mailbox on Friday, 5 Jan. Enjoy whatever celebrations, holidays or business-as-usual you have going on in the coming weeks and see you in 2024.