Sourcing Speak

The EU Data Act: Scope, Obligations and Enforcement

Posted September 17, 2025

By Steven Farmer, Lee Rubin, Scott Morton, Mark Booth and Johanna Lipponen

Regulation (EU) 2023/2854 (the Data Act) entered into force on January 11, 2024, and applied from September 12, 2025, with certain provisions phased in through 2026 and 2027. The Data Act is intended to create a harmonized framework for fair access to and use of data across the EU, supplementing the GDPR and sector-specific rules. The Data Act also includes specific requirements on providers of a “data processing service” to enable customers to switch to another provider (or to an on-premise solution)—this is likely to have a significant impact on the global cloud market.

Sustaining and Modernizing Mainframe Systems in the Global Economy

Posted September 15, 2025

By Pillsbury's Global Sourcing Team

Pillsbury's Global Sourcing Team

Mainframe computers are the backbone of many global industries, and integral to industry sectors such as finance, health care, transportation and government. However, the personnel trained to manage these systems are aging out of the workforce while mainframes are not—they continue to provide unmatched reliability, resiliency and security. In Sustaining and Modernizing Mainframe Systems in the Global Economy, colleagues Aaron M. Oser, Philip T. Evans, Roger C. Roy Jr. and Brittney D. Sandler break down the resulting and growing challenge of ensuring continuity of expertise while managing escalating software licensing costs due to vendor practices.

Read the white paper here.

EU AI Act at the Crossroads: GPAI Rules, AI Literacy Guidance and Potential Delays

Posted July 7, 2025

By Steven Farmer, Scott Morton and Mark Booth

Steven Farmer

Scott Morton

Mark Booth

The EU AI Act (AI Act), effective since February 2025, introduces a risk-based regulatory framework for AI systems and a parallel regime for general-purpose AI (GPAI) models. It imposes obligations on various actors, including providers, deployers, importers and manufacturers, and requires that organizations ensure an appropriate level of AI literacy among staff. The AI Act also prohibits “unacceptable risk” AI use cases and imposes rigorous requirements on “high-risk” systems. For a comprehensive overview of the AI Act, see our earlier client alert.

New Changes to GDPR Proposed: An Indication of Shifting Policy Priorities?

Posted May 28, 2025

By Steven Farmer and Mark Booth

Steven Farmer

Mark Booth

The European Commission’s proposed amendments to the General Data Protection Regulation (GDPR) mark the first substantive reworking of the regulation since its enactment, signaling a material shift toward economic pragmatism. These changes warrant close attention not only for what they include, but also for what they omit.

Legal Definitions of AI: Considerations and Common Threads

Posted May 14, 2025

By Mia Rendar and Gabby Regard

Mia Rendar

Gabby Regard

By now, we all know what AI is. Some of us use ChatGPT as our search engine, confidant, secretary, travel agent, and much more. Others, at least, are acutely aware that AI exists, because everyone else is talking about it, possibly making money from it, or losing their jobs to it.

An Update on Cloud Computing in the Financial Sector

Posted April 29, 2025

By Mia Rendar

Mia Rendar

In 2023, we summarized the U.S. Department of Treasury report that raised concerns about the growing reliance of financial institutions (FIs) on cloud computing. Treasury highlighted structural imbalances and regulatory blind spots in the relationship between FIs and cloud service providers (CSPs).

Why Your Organization Should Be Thinking About Quantum Computing and the Future of Encryption

Posted March 31, 2025

By Andrew L. Caplan, Mia Rendar, Scott Morton and Sam Reno

Quantum computing (QC) is poised to disrupt cybersecurity in ways that business leaders and legal professionals cannot afford to ignore. But what exactly is quantum computing, why does it pose such a significant threat to encryption, and what should businesses be doing about it today?

Apple’s $500B U.S. Manufacturing Push and New AI Server Facility in Houston: What It Means for Data Centers

Posted February 26, 2025

By Robert A. James, Brittany D. Sandler and Samuel C. Markel

Robert A. James

Brittany D. Sandler

Samuel C. Markel

As we covered previously, President Trump has made clear that the U.S. is focused on increasing investments into building, scaling and speeding the development of AI infrastructure and data centers in the U.S., and Big Tech is responding in kind.

AI Action Paris Summit 2025: Key Takeaways on Global AI Governance

Posted February 14, 2025

By Scott Morton, Mia Rendar, Johanna Lipponen and Steven Farmer

The AI Action Summit brought together a wide-ranging assembly of influential figures to discuss the future of artificial intelligence (AI) governance, risk mitigation and international cooperation. The attendees included government leaders and executives from multinational and emerging companies. The event was held on February 10 – 12, 2025, in Paris.

EU AI Act: First Set of Requirements Go into Effect February 2, 2025

Posted February 3, 2025

By Steven Farmer, Scott Morton and Mark Booth

Steven Farmer

Scott Morton

Mark Booth

The first binding obligations of the European Union’s landmark AI legislation, the EU AI Act (the Act), came into effect on February 2, 2025. Essentially, from this date, AI practices which present an unacceptable level of risk are prohibited and organizations are required to ensure an appropriate level of AI literacy among staff. For a comprehensive overview of the Act, see our earlier client alert here.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: