TechSonar 2025–2026: Key AI Trends and Fundamental Rights
The European Data Protection Supervisor (“EDPS“) has published its TechSonar 2025–2026 report, an initiative examining forward-looking developments tracking new technologies expected to gain prominence in the coming years. It explores how the growing use of AI-powered automation may impact fundamental rights, particularly privacy, data protection, and human autonomy.
This year’s TechSonar identifies six major tech trends shaping the digital landscape: Agentic AI, AI companions, automated proctoring, AI-driven personalized learning, coding assistants, and confidential computing. These trends collectively demonstrate how AI systems are becoming increasingly autonomous and deeply integrated into human environments. In turn, humans’ hands would play the role of “shepherds of AI agents”, moving from executing tasks themselves to becoming supervisors of AI systems and guiding their effects in such a way that they align with human values. The EDPS underlines that technological advances must remain compatible with fundamental rights, and increased AI autonomy shall not compromise human agency, accountability, or individual decision-making.
European Commission Publishes Draft AI Code of Practice on Transparency
The European Commission has published a first draft of a voluntary Code of Practice on AI transparency, designed to guide companies on how to label AI-generated content under the EU AI Act. The draft code outlines how companies should disclose when content that appears to feature real people or events, such as images, videos, or audio, has been generated or manipulated using AI, also known as deepfakes. Additionally, it would introduce a single EU-wide icon that enables users to identify this type of content easily. For other types of AI-generated material that do not look like real people or events, such as AI-generated artwork or text, the code proposes lighter disclosure methods, including the use of metadata or invisible watermarks. Although the code is voluntary, it aims to help companies prepare for the incoming transparency obligations under the AI Act.
U.S. Cybersecurity Professionals Plead Guilty to Ransomware Conspiracy
U.S. officials on 30 December 2025 announced that two former cybersecurity experts had pleaded guilty to charges in a ransomware extortion scheme connected to the ransomware gang known as ALPHV/BlackCat. According to U.S. officials, the two former cybersecurity experts collaborated with the ransomware gang to attack several U.S. firms by encrypting their data.
This case has gained significant attention, especially since the accused have been involved in the cybersecurity sector, thereby underscoring the risks posed by the misuse of expert knowledge. These accused will be sentenced in March 2026 and may be imprisoned for up to 20 years, according to the U.S. Department of Justice.
Australian Privacy Regulator Issues Guidance on Generative AI Use in the Workplace
The Australian Office of the Australian Information Commissioner (“OAIC“) has released guidelines for a balance between the protection of personal data and the productivity gains from generative AI (“GenAI”) in the workplace. The guidelines emphasize that although GenAI can simplify standard workplace procedures, it also makes it more challenging to keep control over the use of personal data, increasing privacy risks. The guidance refers to a case in which an employee of the auto insurance company CarCover violated the company’s privacy policy by sharing a customer’s health and family information with ChatGPT to create a report for a financial hardship application. Businesses can more effectively utilize GenAI tools to strike a balance between workplace productivity and privacy protection, as demonstrated by CarCover’s response to the incident. The OAIC emphasised the importance of developing a comprehensive and holistic compliance and risk management approach within organisations, noting that caution should be exercised regarding the risks that publicly available generative AI tools may pose and the harm they may cause to individuals.
UNESCO Releases Its First Guidance on the Use of Artificial Intelligence in Judicial Systems
UNESCO has just published its first global ethical and operational framework for the use of artificial intelligence in judicial systems: Guidelines for the use of AI systems in Courts and Tribunals. The Guidelines are designed to support Courts in harnessing AI for enhancing access to justice, efficiency, and case management, while protecting the rule of Law and fundamental rights.
The Guidelines are predicated on 15 universal principles, including transparency, accountability, human oversight, and the protection of human rights. These principles underpin the position that AI should serve as an assistive tool rather than a substitute for judicial decision-making. The framework under discussion has been developed through consultations with experts and judicial actors from over 160 countries. The resulting document highlights the need for meaningful human supervision as AI becomes more embedded in court processes. The purpose of this supervision is to reinforce trust, fairness, and accountability in the administration of justice.
U.S. Senate Reintroduces Healthcare Cybersecurity Bill
U.S. lawmakers are again trying to improve the healthcare industry’s cybersecurity in the wake of growing cyberattacks. The “Health Care Cybersecurity and Resiliency Act of 2025” seeks to address preparedness by enhancing collaboration between the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency, while improving the management of cyber incidents in the healthcare industry. The legislation would facilitate greater information-sharing on cyber threats, training, and grant funding, especially for smaller healthcare providers in rural areas, while urging greater HIPAA-compliant cybersecurity and reporting of breaches, since existing laws are no longer adequate for the current threat environment.
European Parliament Flags New Risks for Information Access
The European Parliament Research Service (“EPRS”) has published an analytical briefing examining how artificial intelligence is reshaping online search and information access. The paper highlights the growing shift from traditional search engines toward AI-generated answers that keep users within platforms rather than directing them to external sources. The briefing highlights an increasing number of legal concerns relating to the way AI-driven search tools provide answers directly to users. It draws particular attention to the reuse of personal data in AI training and response generation processes, which may raise GDPR compliance issues; the use of third-party content without clear legal grounds; and the broader risk that AI-mediated access to information could affect media pluralism and users’ cognitive autonomy.
FRA Publishes Report on High-Risk AI and Fundamental Rights
The EU Fundamental Rights Agency (“FRA”) released a new report analysing how “high-risk” AI systems are assessed under the EU AI Act, as well as where risks for fundamental rights could emerge in practice. The report, based on interviews with AI-systems developers, providers, and users in sensitive sectors such as asylum, education, and work, finds that the current EU AI Act definition requirements for self-evaluation could create a gap in the protection of fundamental rights in practice. The FRA finds a low awareness level regarding fundamental rights risks outside the realm of data protection, emphasizes the need for more guidance on assessing high-risk AI systems, and underlines that effective oversight is essential in ensuring that AI innovation under the AI Act does not compromise fundamental rights.
India Orders Cybersecurity App Pre-Installed on New Smartphones
The Indian government has introduced new regulations which make it mandatory for all newly made or imported smartphones to come pre-loaded with the government-run cybersecurity application named ‘Sanchar Saathi’. As per an order issued by the Department of Telecommunications, smartphone vendors are given 90 days to make it ensure that the application is pre-loaded and accessible to users at the time of setting up their smartphone, with the essential features of the application not being limited or restricted. This initiative by the Indian government has received criticism from digital rights organizations and tech experts alike over concerns related to privacy issues and the application’s permissions to access users’ smartphone features. In light of public criticism over the application, India’s communications minister revealed that users will be able to uninstall the application should they not require it.
UNICEF Updates Guidance on AI and Children
UNICEF has released updated guidance on AI and children, elaborating a child-centred framework for the design, use, and governance of AI systems. The guidance prioritizes children’s safety, privacy, non-discrimination, transparency, and accountability, while advancing their best interests, cognitive development, well-being, and inclusion. Overall, it calls for an enabling AI innovation ecosystem that complies with human rights standards, putting the best interests of the child at the centre of AI system design and regulation.
Vietnam Adopts Its First Comprehensive AI Law
Vietnam’s first Law on artificial intelligence was approved by the National Assembly, establishing a comprehensive legal framework for the development, application, and management of AI systems. The Law, which has 35 provisions and goes into effect on March 1, 2026, adopts a “management for development” strategy that aims to strike a balance between risk management and innovation. Along with addressing issues such as AI-generated content, algorithmic ethics, and cross-border AI services, the legislation also supports AI innovation through state-backed infrastructure, funding mechanisms, and regulatory sandboxes, positioning Vietnam to comply with international AI standards while preserving its digital sovereignty.
