D

Hello, David

Friday 10 April 2026 — 23 new updates across your tracked jurisdictions

PrinciplesAI Customize

Your home
United Kingdom
Europe 847 records
Legislation moving
AI governance
14 bills in progress across 9 jurisdictions
Next deadline
EU AI Act: Prohibited Systems
12 days

337

Jurisdictions tracked

1,602

Regulatory bodies

174

Laws & regulations

+109 in progress

23

Records this week

NEW

PAI Briefing: EU AI Act Enforcement Begins

Dr. Sarah Chen · 18 min

▶ Watch Now

While you were away

23 new records in the last 7 days

3 Alert17 Guidance3 Enforcement

Your inbox

56 stories today · 11 in your watchlist · 42 unreadLive · checker updated 4 min ago

TODAY'S LEAD

10 April 2026 · Italy · Data Protection

Italy: Garante fines Intesa Sanpaolo €31.8m for failing to detect employee's unauthorised client data access

Italy's data protection authority has imposed its largest-ever fine on a financial institution after a bank employee accessed personal records of over 3,500 clients, including high-profile political figures, without authorisation over a period of more than two years. The decision raises critical questions about internal monitoring obligations and the adequacy of technical safeguards under GDPR Article 32.

Read full story →

ASK THE DESK2 day SLA

For you 11

VIEW All

TYPE Any

REGION All

TOPIC All

TIME Today

10 Apr🇮🇹

Italy: Garante fines Intesa Sanpaolo €31.8m for unauthorised data access

Banking sector GDPR enforcement · Internal monitoring obligations

Alert★★★★★Editor's Lead

10 Apr🇺🇸

NIST releases updated AI Risk Management Framework v2.1

Foundation model evaluation · Red-teaming guidance

Lead★★★★☆

10 Apr🇬🇧

UK: FCA issues guidance on AI use in financial services

Consumer protection · Algorithmic trading safeguards

Guidance★★★☆☆

10 Apr🇪🇺

EU AI Office publishes first harmonised standards request

Technical standards · Conformity assessment

Lead★★★★☆

9 Apr🇯🇵

Japan: Cabinet approves AI Basic Act draft

Comprehensive AI law · Risk-based classification

Bill★★★★★

9 Apr🇦🇺

Australia: ACCC launches inquiry into AI in digital platforms

Competition law · Market power in AI

Inquiry★★★☆☆

9 Apr🇰🇷

South Korea: PIPC updates AI privacy guidelines

Personal data in AI training · Consent mechanisms

Guidance★★★☆☆

Italy: Garante fines Intesa Sanpaolo €31.8m for failing to detect employee's unauthorised client data access

Italy's Garante per la protezione dei dati personali imposed a €31.8 million fine on Intesa Sanpaolo after an employee accessed the personal records of over 3,500 clients without authorisation. The investigation revealed that the bank's monitoring systems failed to flag the repeated access over a period exceeding two years.

The regulator found violations of GDPR Articles 5(1)(f), 25, and 32, concluding that the bank's technical and organisational measures were insufficient to ensure appropriate security of personal data processing.

TypeEnforcement Action

JurisdictionItaly

Date10 April 2026

AuthorityGarante per la protezione dei dati personali

SourceGarante official decision

AI & Copyright: Cross-Jurisdictional Matrix

Comparing copyright and intellectual property requirements across jurisdictions

Key:

Yes = Binding legal requirement

Partial = Guidance / emerging

No = No specific requirement

Limited = Sector-specific only

Why this matters now

The intersection of AI and copyright law is the fastest-moving area of tech regulation in 2026. Major jurisdictions are taking divergent approaches to whether AI-generated works qualify for copyright protection, whether training on copyrighted data constitutes fair use, and what disclosure obligations apply to AI developers. These differences create significant compliance complexity for organisations operating across borders.

Jurisdiction	AI Works Copyrightable?	TDM Exception?	Training on Copyrighted Data	Disclosure Required?	Liability Framework
🇪🇺 European Union	NoHuman authorship required	YesDSM Arts 3-4	PartialOpt-out mechanism	YesAI Act Art. 52	Emerging
🇺🇸 United States	NoThaler v. Vidal (2023)	YesFair use doctrine	PartialPending litigation	No	Emerging
🇬🇧 United Kingdom	YesCDPA s.9(3)	PartialUnder review	ImpliedCode of Practice	PartialVoluntary code	Emerging
🇯🇵 Japan	NoHuman creativity needed	YesArt. 30-4 Copyright Act	YesBroad non-enjoyment exception	No	Emerging
🇨🇳 China	PartialBeijing Internet Court (2023)	No	PartialConsent required	YesAIGC Measures Art. 12	YesProvider liable
🇰🇷 South Korea	No	PartialUnder consultation	Partial	Emerging	Emerging
🇨🇦 Canada	NoHuman author required	PartialFair dealing	Partial	No	Emerging

Key tension

Japan's expansive text and data mining exception stands in sharp contrast to the EU's opt-out mechanism. Organisations training models on data sourced from multiple jurisdictions must navigate fundamentally different legal frameworks simultaneously, with no international harmonisation in sight.

Regulatory Authorities

1,602 regulatory bodies across 337 jurisdictions

All

Data Protection

AI-Specific

Cybersecurity

Financial

Competition

Sector Regulators

Authority	Type	Jurisdiction	AI Mandate	Status	Last Activity
European AI Office	AI-Specific	🇪🇺 European Union	Primary	● Active	10 Apr 2026
CNIL	Data Protection	🇫🇷 France	Extended	● Active	9 Apr 2026
ICO	Data Protection	🇬🇧 United Kingdom	Extended	● Active	9 Apr 2026
NIST	Standards Body	🇺🇸 United States	Standards	● Active	10 Apr 2026
FTC	Consumer Protection	🇺🇸 United States	Extended	● Active	7 Apr 2026
Garante	Data Protection	🇮🇹 Italy	Extended	● Active	10 Apr 2026
CAC	AI-Specific	🇨🇳 China	Primary	● Active	5 Apr 2026
PIPC	Data Protection	🇰🇷 South Korea	Extended	● Active	9 Apr 2026
BaFin	Financial Regulator	🇩🇪 Germany	Sector	● Limited	3 Apr 2026
ACCC	Competition	🇦🇺 Australia	Inquiry	● Active	9 Apr 2026

Your Lists

Curated collections of jurisdictions, topics, and regulatory intelligence

All Lists

Jurisdictions

Topics

Authorities

Shared with me

Priority Jurisdictions

12 jurisdictions · Updated 2h ago

EUUKUSChina+8

AI Act Compliance

34 items · Updated 1d ago

High-Risk AIGPAIDeadlines

Enforcement Watch

8 items · Updated 4h ago

FinesSanctionsOrders

Copyright & IP Tracker

19 items · Updated 3d ago

TDMFair UseAI Output

Team Shared: APAC Watch

26 items · 3 collaborators

JapanKoreaSingaporeAustralia

+

Create new list

The Community

Connect with regulatory intelligence professionals worldwide

2,847

Members

156

Organisations

34

Discussion threads

+7 this week

12

Upcoming events

Recent Discussions

SC

How are organisations preparing for the EU AI Act prohibited systems deadline?

Sarah Chen · 3h ago · 24 replies

Hot

MR

Japan's AI Basic Act: What should non-Japanese companies prepare for?

Marco Rossi · 8h ago · 11 replies

KP

Best practices for AI copyright compliance across APAC jurisdictions

Kim Park · 1d ago · 7 replies

AL

Garante fine impact: What changes should financial institutions make now?

Anna Lindqvist · 1d ago · 18 replies

Upcoming Events

APR

18

Webinar: EU AI Act Enforcement Readiness

15:00 CET · Live · 234 registered

APR

24

Roundtable: AI Copyright Law in Practice

10:00 GMT · Virtual · 56 registered

MAY

7

Conference: Global AI Regulation Summit 2026

Brussels · In-person · 420 registered

Active Members

SC

Dr. Sarah Chen

Head of AI Policy · TechCorp

MR

Marco Rossi

Senior Counsel · Linklaters

KP

Kim Park

Regulatory Affairs · Samsung

AL

Anna Lindqvist

DPO · Nordea Bank

JW

James Wright

Policy Director · Ada Lovelace Inst.

D

David Mitchell

Head of Regulatory Intelligence · PrinciplesAI

Profile

Full NameDavid Mitchell

Emaild.mitchell@principlesai.com

OrganisationPrinciplesAI

RoleHead of Regulatory Intelligence

Home Jurisdiction🇬🇧 United Kingdom

TimezoneEurope/London (GMT+1)

Notification Preferences

Email DigestDaily at 08:00

Critical AlertsInstant

Weekly SummaryMonday 09:00

Community RepliesOff

Subscription

PlanEnterprise

Seats12 / 20 used

Renewal1 September 2026

API AccessEnabled

API Calls (MTD)14,302 / 50,000

Tracked Jurisdictions

🇪🇺 EU🇬🇧 UK🇺🇸 US🇨🇳 China🇯🇵 Japan🇰🇷 South Korea🇨🇦 Canada🇦🇺 Australia🇸🇬 Singapore🇮🇳 India🇧🇷 Brazil🇨🇿 Czech Republic

Security

Two-FactorEnabled (TOTP)

Last Login10 Apr 2026, 08:14

Sessions2 active

Hello, David

PAI Briefing: EU AI Act Enforcement Begins

While you were away

Trending topics

Your inbox

Italy: Garante fines Intesa Sanpaolo €31.8m for failing to detect employee's unauthorised client data access

Italy: Garante fines Intesa Sanpaolo €31.8m for failing to detect employee's unauthorised client data access

AI & Copyright: Cross-Jurisdictional Matrix

Why this matters now

Key tension

Regulatory Authorities

Your Lists

Priority Jurisdictions

AI Act Compliance

Enforcement Watch

Copyright & IP Tracker

Team Shared: APAC Watch

The Community

Recent Discussions

Upcoming Events

Active Members

David Mitchell

Profile

Notification Preferences

Subscription

Tracked Jurisdictions

Security