EU: Apply AI and AI in Science strategies published to speed uptake across industry and research, backed by the AI Office’s implementation work. The package complements the April AI Continent action plan. Digital Strategy EU+1
US: BIS “Affiliates Rule” now in force. Subsidiaries 50% or more owned by listed entities are automatically caught by Entity List and MEU controls, with an interim Federal Register rule and BIS press release setting scope and timing. Federal Register+1
Regulation
EU AI Act serious‑incident reporting: Commission consultation on draft guidance and a reporting template is open until 7 November 2025. Link includes Article 73 context and submission route. Digital Strategy EU+1
California CPPA regulations finalised: risk assessments by 1 January 2026, ADMT obligations by 1 January 2027, and staged audit certifications through 2030. OAL approval posted, agency summary and firm alerts provide dates and duties. California Privacy Protection Agency+2California Privacy Protection Agency+2
BIS clarifications: law‑firm updates highlight FAQs and a narrow temporary general licence plus a 29 October 2025 comment deadline noted in the Federal Register and client memos. Federal Register+2Morrison Foerster+2
Events
EuroHPC AI Factories Update webinar, 17 October 2025. EuroHPC
ICO Data Protection Practitioners’ Conference, 14 October 2025. ICO
Business
EU adoption signal: the Apply AI strategy is a green light for sector programmes and public‑sector pilots, with the AI Office pointing to accompanying fact pages and alliances for delivery. Digital Strategy EU
US compliance workstreams: the Affiliates Rule triggers ownership‑mapping, red‑flag due diligence, and screening updates. Notes on a limited TGL and practical screening impacts are circulating in counsel alerts. Morrison Foerster+1
Adoption of AI
Expect procurement and legal to align on incident classification and 15‑day reporting under the AI Act, while privacy teams build ADMT notices, access responses and opt‑out flows for California. Export‑control functions must update ownership look‑through and license‑need determinations on high‑risk counterparties. Digital Strategy EU+2California Privacy Protection Agency+2
Takeaway
The centre of gravity shifted from principles to playbooks. Europe set the adoption agenda, California set dates, and BIS set boundaries. The winners will be the teams that wire reporting, ADMT controls and affiliate screening into everyday operations.
Sources: European Commission press release, European AI Office page, EC consultation on serious‑incident reporting, BIS press release, Federal Register IFR, MoFo client alert, White & Case summary, CPPA approval notice, CPPA announcement, ICO events, EuroHPC