GOOGLE THREATENED BY EUROPEAN JUSTICE
Two European rulings are targeting the AI-generated summaries from Google. In the UK, publishers will now be able to refuse having their content feed into “AI overviews” without losing visibility. In Germany, a court ruled that the American company could be held responsible for incorrect information produced by its generated summaries.
The UK CMA (fair competition Authority) has thus imposed an opt-out right on the company for publishers, especially media outlets, allowing them to refuse to have their content used to feed Google Search’s AI features, like AI Overviews, while still appearing in the search engine’s regular results. The regulator also required that publishers be able to object to the use of their content for fine-tuning Google’s AI models.
In Germany, the decision is a legal reclassification. Until now, German law protected search engines. Indeed, because they only made third-party content findable, they were only indirectly responsible. The court felt that this reasoning didn’t hold up for AI Overviews. They don’t just point to third-party sites anymore; they generate autonomous answers by synthesizing, reorganizing, and interpreting information from multiple sources. The judges also point out that AI Overviews aren’t an essential feature for accessing online information, unlike the search engine itself. So, they believe that this extra AI-generated layer of synthesis can’t automatically get the protections that search engines have historically received.
FRANCE : THE LAW DEFINES WHAT IS A “SENSITIVE DATA” AND HOW IT SHOULD BE PROTECTED
The decree identifies two categories of sensitive data: those protected by a legally mandated secret, and those needed to carry out essential state missions, such as safeguarding national security, maintaining public order, and protecting people’s health and lives. This purpose-based definition, rather than a strict list, gives the text a scope that goes beyond the inventory of administrative files. The obligation only applies to data that is both particularly sensitive and carries a clear risk of being compromised. This double criterion introduces a risk analysis approach, whereas the previous doctrine worked by categories.The decree targets public administrations and a few other organizations, but its reach goes beyond the public sphere. By defining sensitive data and naming SecNumCloud (equivalent of the upper layer of security in the recent EU tables) as the marker of immunity to non-European rights, the state sets a de facto standard that private companies can adopt for themselves.
FRANCE AGAIN: CHAPSVISION WILL REPLACE PALANTIR FOR INTELLIGENCE AND STRATEGIC DATA ANALYSIS
Announced on June16 by the Prime Minister, this move will take some time, due to legal constraints and transition necessities. France joins Germany which made the same choice one month ago.
EU REGULATION: THE AI ACT AMENDED
On June 16, MEPs voted, by a huge majority, in favour of amending the EU AI Act.
The regulation to amend the EU AI Act is now overwhelmingly likely to be formally passed into law and enter into force. This is due to happen in the coming weeks. There is now some breathing room for the EU to get this over the line before the 2 August 2026 cut-off date.
Delay of enforcement date for high-risk AI systems: from 2 August 2026 (in law today) to 2 December 2027 (for AI systems listed in Annex III) and 2 August 2028 (for AI systems covered by Annex I). These dates will be fixed, irrespective of the availability of standards and guidelines.
AI systems capable of generating non-consensual sexual and intimate content or CSAM added to the list of prohibited AI practices.
Registration in the EU’s public database continues to be mandated for providers of “exempted” AI systems that are deemed to not be high-risk (due to a derogation) but less information needs to be registered.
Postponement of enforcement date for generative AI output detection and watermarking obligation (stipulated in Article 50(2)) to 2 December 2026.
Broader scope for when organisations can lawfully process sensitive personal data for bias detection and correction but it must still be “strictly necessary” and only to address specific types of biases.
Although the timeline changes are headline grabbing, the core structure and logic of the AI Act remains broadly intact. Organisations should not use the delays as a reason to deprioritise.
