AI Act: Obligations Effective as of 2 August 2025
As of 2 August 2025, a new set of provisions under the Artificial Intelligence Act has entered into force. Providers of general-purpose artificial intelligence models are now required to maintain up-to-date technical documentation, share relevant information with downstream providers, implement policies to ensure compliance with European Union copyright law, publish a summary of the training data used, and designate a legal representative in the European Union if established outside the European Union. Additional duties apply to general-purpose artificial intelligence models presenting “systemic risks,” including risk assessments, incident reporting, and enhanced cybersecurity measures. Alongside these obligations, new rules also cover the role of notified bodies, confidentiality undertakings for supervisory authorities to protect intellectual property and trade secrets, as well as the implementation of governance and penalty frameworks. Member States, in turn, were expected to designate their competent authorities and notified bodies by this date and put in place enforcement mechanisms to ensure consistent application of the Artificial Intelligence Act.
Italy Expands Mandatory Cyber Incident Reporting
On 1 August 2025, Italy enacted DPCM No. 111, expanding the list of reportable incidents under the National Cybersecurity Perimeter. Critical infrastructure operators—such as in energy, finance, healthcare, and telecom— must now notify not only direct breaches but also disruptions affecting service continuity. The decree aligns Italy more closely with the EU's NIS2 Directive, strengthening Europe's collective resilience against ransomware, state-sponsored cyberattacks, and supply-chain threats.
India Passes Online Gaming Regulation Act
Between 20–21 August 2025, the Indian Parliament passed the Promotion and Regulation of Online Gaming Act, 2025. The law bans real-money gambling games, introduces strict advertising restrictions, and recognizes e-sports as a legitimate industry. Operators must comply with responsible gaming obligations, including tools to prevent addiction and safeguard minors. Supporters hail it as a major step for consumer protection, while some gaming companies argue it could stifle innovation and investment in India's fastgrowing gaming sector.
Philippines Enact Open Access in Data Transmission Act
On 24 August 2025, the Open Access in Data Transmission Act, also known as the Konektadong Pinoy Act, automatically became law after the President chose not to exercise a veto. The legislation is designed to liberalize the Philippine telecommunications sector by lowering entry barriers for new players and promoting wider access to affordable and reliable internet services across the country. The reform is expected to play a key role in advancing digital inclusion, while also serving as a potential regulatory model for other Southeast Asian nations seeking to modernize their connectivity frameworks.
Russia: New Legislative Proposals on Online Content and Cybercrime
In August 2025, the Russian State Duma introduced draft legislation aimed at imposing stricter rules on offensive and obscene online content. In parallel, the Ministry of Digital Development opened consultations on a proposed law addressing cybercrime and IT-related offenses. According to officials, these initiatives are intended to strengthen the country's digital governance framework. Observers note, however, that the measures could have significant implications for online expression and the regulation of internet activities in Russia.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
