Band 25, Heft 3

The article focusses on key provisions of the Cyber Resilience Act adopted by the European Parliament in March and after a brief introduction (I.) addresses the scope (II.), the categories of products with digital elements (III.) and the obligations of their economic operators (IV.) as well as the tasks and powers of market surveillance authorities (V.) and administrative fines (VI.) before concluding in view of the remaining timeline (VII.).

The paper provides a critical assessment of the EU’s AI Act, highlighting its deficiencies in addressing the complex challenges posed by AI technologies. The analysis underscores that while transparency and evaluation measures are essential components of AI governance, the Act’s over-reliance on these measures alone is insufficient to effectively regulate the rapid proliferation of AI applications. Criticizing the AI Act’s emphasis on innovation at the expense of genuinely beneficial technological development, Molavi Vasse’i argues for governance reforms that not only adapt to the evolving nature of AI, but also prioritize its impact on individuals and society. The paper calls for a rethinking of tech governance to create regulatory frameworks that are as adaptive as the technologies they aim to govern, with a primary focus on enhancing societal well-being, which should be the fundamental goal of all economic and technological progress.

The New Regulations introduce exemptions to the existing filing obligations for outbound data transfer, including (1) absolute exemptions, which are exemptions applicable to all regulatory procedures for outbound data transfer, and (2) exemptions from the obligation to file a security assessment, i.e., the New Regulations have modified the thresholds mandating the filing of a security assessment and if such thresholds are not met, the data processor still needs to conduct standard contract filing or PI (Personal Information) protection certification. The Regulation leaves space for special policies in Free Trade Zones.

In past articles we have reviewed critical lessons learned from various failed ERP implementations and outsourcing transactions. One of the common themes is the divergence between the representations made by technology vendor sales teams as to promised skills, expertise and delivery, and the actually provided skills, expertise and delivery. In turn, the analysis of the resulting lawsuits has emerged, in response to customer allegations of negligent misrepresentation and fraudulent misrepresentation, the vendor defences of puffery and opinion, statements of future intent, and contractual disclaimer. The article begins in this Part 1 by providing an overview of the law of misrepresentation, and then the common vendor defences of puffery and opinion, statements of future intent, and contractual disclaimers, in Canada (I) and in the United States (II). Part 2 will then complete the overview with a look at the European Union (III) and an assessment how these defences were raised by vendors in two recent ERP failure lawsuits (IV), before concluding with lessons learned for vendors and customers (V).