Germany Moves to Use AI in Fight Against Organised Crime
On 25 February 2026, the German government announced a new plan to strengthen its response to organised crime, making it clear that technology, including AI, will play a bigger role in investigations going forward. The plan, presented by the finance, interior and justice ministries, focuses on “following the money”, making it easier to seize suspicious assets such as cash, luxury vehicles and property, while improving cooperation between customs investigators and the Federal Criminal Police Office (“BKA”). Alongside tougher asset-seizure measures, the initiative is designed to help authorities better trace criminal assets and financial flows. While framed as a crackdown on money laundering and serious crime, the announcement also reflects a broader shift toward using AI tools to support complex investigations.
AI Impact Summit in India Results in Voluntary Global Declaration
India hosted the AI Impact Summit (“The Summit”) in New Delhi, bringing together representatives from more than 100 countries to discuss the governance and societal impact of artificial intelligence. The Summit resulted in a multilateral declaration, endorsed by over 90 countries and international organisations, setting out shared, voluntary principles on secure, inclusive and human-centric AI. A number of non-binding initiatives were announced alongside the declaration, including platforms aimed at trusted AI development, workforce upskilling, multilingual evaluation, and AI applications for social empowerment. While the Summit highlighted a general consensus that AI should be developed and deployed in a responsible way, the commitments made are voluntary, do not create binding obligations and will only have a practical effect to the extent they are reflected in future national laws and regulatory measures.
UK Opens Formal Investigation into Grok AI
The UK Information Commissioner’s Office (“ICO”) has opened a formal investigation into X’s AI chatbot, Grok, focusing on how personal data is processed and whether sufficient safeguards were built into the system from the outset. The investigation follows reports that Grok may have been used to generate harmful and sexualised AI-generated images, including non-consensual content, raising concerns under UK data protection law. The ICO said it will examine whether personal data was handled lawfully, fairly and transparently, and whether appropriate technical and organisational measures were in place to reduce risks to individuals. The UK probe comes shortly after the European Commission opened its own investigation under the Digital Services Act into Grok’s risk management practices in the EU, signalling a broader pattern of regulatory scrutiny around the deployment of generative AI systems.
California Steps Up Enforcement Against Data Brokers
California regulators have stepped up enforcement against data brokers, fining companies that failed to register under the state’s Delete Act. This Act is aimed at businesses that collect and sell personal data and requires them to register annually and honour requests from consumers to delete their information. In recent cases, regulators imposed fines totalling just over $100,000 and required the companies involved to fix their compliance failures. Alongside these actions, California has launched the Delete Requests and Opt-Out Platform (“DROP”), a state-run tool that allows residents to submit a single request to have their personal data deleted by all registered data brokers, rather than contacting each company individually. Although brokers will only be required to begin processing requests later in 2026, the launch of DROP gives consumers a more practical way to exercise their rights and signals a more assertive enforcement approach by state authorities.
NIS2 Moves from Policy to Practice as Member States Begin Implementation
The EU’s NIS2 Directive (“NIS2”), which significantly expands cybersecurity obligations for operators of essential and digital services, began to move from policy to practice in February 2026 as Member States started to formally implement the new rules. While NIS2 was adopted earlier in the year, many countries missed the original transposition deadline, leaving organisations in a prolonged state of uncertainty. That began to change on 19 February 2026, when Poland completed the transposition of NIS2 into national law, triggering concrete compliance obligations for in-scope entities. Poland’s transposition reflects a wider EU shift, as Member States move to implement NIS2 amid growing pressure from the European Commission, which has already launched infringement proceedings against several Member States. With national laws now coming into force, organisations are expected to move beyond preparation and demonstrate compliance in practice, particularly around risk management and incident reporting.
Commission Misses AI Act Guidance Deadline
On 2 February 2026, the European Commission missed a deadline to publish guidance explaining how organisations should identify and comply with the AI Act’s rules on “high-risk” AI systems. The guidance was expected to give companies clearer direction on whether their AI systems fall within the high-risk category and what compliance steps are required. Its absence has added uncertainty for businesses preparing for the next phase of the AI Act’s rollout later in 2026.
FBI Launches Operation Winter SHIELD
The FBI launched Operation “Winter SHIELD”, a nationwide cybersecurity initiative designed to help organisations reduce everyday cyber risks before incidents occur. The initiative was announced publicly on 25 February 2026 and is led by the FBI’s Cyber Division, drawing directly on patterns the agency has seen in ransomware cases and other investigations. Rather than introducing new rules, Winter SHIELD focuses on practical steps organisations can take to lower risk, such as tightening access controls, patching known weaknesses and making sure backups are properly secured. The FBI has described the campaign as a shared-responsibility effort between government and industry, and it has received public support from several large technology companies, including Microsoft, as authorities continue to push for a more preventive approach to cybersecurity.
Commission Adopts EU Action Plan Against Cyberbullying
On 10 February 2026, the European Commission adopted a new EU Action Plan Against Cyberbullying, aimed at strengthening the way online harassment is addressed across the EU, particularly where children and young people are affected. The plan does not introduce new legislation but instead focuses on making better use of existing EU rules, including the Digital Services Act and the AI Act, to address harmful online content, improve reporting mechanisms and strengthen protections for minors. It also points to further work under existing laws, such as updated guidance and reviews linked to platform obligations and AI transparency requirements. While largely strategic, the plan reflects a move toward more coordinated use of current digital laws to tackle online harms.
