Two-Minute Recap – IT Law Matters – Around The Globe – 2026 May

European Commission Seeks Feedback on High-Risk AI Classification Guidelines

On 19 May 2026, the European Commission published draft guidelines clarifying the classification of high-risk artificial intelligence systems under the Artificial Intelligence Act (“AI Act”) and invited stakeholder feedback on practical examples.

The guidelines are intended to help AI providers and deployers assess whether their systems fall within the AI Act’s high-risk categories. Stakeholders, including businesses, public authorities, academia and citizens, may submit comments by 23 June 2026. The initiative is part of the Commission’s broader effort to facilitate legal certainty and phased compliance with the AI Act.

European Commission Fines Temu EUR 200 Million for DSA Breach

On 28 May 2026, the European Commission issued a EUR 200 million fine against Temu under the Digital Services Act (‘DSA’). The Commission found that Temu failed to diligently identify, analyse and assess systemic risks linked to illegal products offered through its platform and the resulting harm to EU consumers.

According to the Commission, Temu’s 2024 risk assessment relied on general information about the e-commerce sector instead of evidence specific to its own service, underestimated the likelihood that EU users would encounter illegal products, and failed to properly assess how its recommender systems and influencer-based promotion programmes could amplify such risks.

European Commission Launches Call for Evidence on Copyright and Generative AI

On 13 May 2026, the European Commission launched a call for evidence seeking stakeholder feedback on the interaction between copyright law and generative artificial intelligence systems. The initiative focuses on issues such as transparency regarding training data, licensing mechanisms, fair remuneration for rightsholders, protection against AI-generated imitations and enforcement against online piracy. The consultation forms part of the Commission’s broader assessment of whether the current EU copyright framework remains fit for purpose in the age of generative AI and may inform future legislative proposals.

Germany’s BaFin to Conduct Targeted AI Cyber Risk Inspections

Germany’s financial regulator, BaFin, announced that it will launch targeted “IT spotlight inspections” focusing on artificial intelligence-related cyber risks within financial institutions. According to BaFin President Mark Branson, increasingly sophisticated AI models are capable of identifying and exploiting vulnerabilities in both legacy and modern IT systems at a much faster pace than before.

BaFin stressed that financial institutions should strengthen their cybersecurity frameworks and invest in technological resilience to address emerging threats associated with AI. The announcement highlights growing regulatory concerns regarding the cybersecurity and operational resilience implications of increasingly sophisticated AI technologies within the financial sector.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.