Extraterritoriality of EU AI & Data Legislations and Their Effects on US Businesses and Cross-Border Transactions

There is a general principle in international law that one state cannot take measures on the territory of another state by means of enforcement of national laws without the consent of the latter. With that being the case there is a growing number of laws that aim to produce a legislative effect in third countries. Extraterritorial regulations can have a significant effect on the valuations of companies and with that on M&A transactions.

As artificial intelligence reshapes industries worldwide, countries and regions are responding with distinct regulatory approaches to AI, data privacy, and digital competition. Europe is at the fore-front with a comprehensive regulatory stance, and its influence—often referred to as the “Brussels Effect”—extends beyond its borders.

Laws like the Digital Markets Act (DMA), Digital Services Act (DSA), Data Act (DA), Cyber Resilience Act (CRA), NIS2 Directive, AI Act, AI Liability Directive and the Product Liability Directive impose stringent compliance obligations, varying requirements for data handling and privacy, and risk of substantial penalties, making it essential for companies to navigate a multifaceted regulatory environment that significantly differs from their home market

Our panel will explore what US companies will need to consider when it comes to some of the key aspects of European Digital Law, namely the EU AI Act, the GDPR, and the EU Data Act, when operating in the European market?

Our panel will focus on the following themes:

I. EU AI Regulation
• EU AI Act
> Understanding Applicability and Scope of the EU AI Act
> Compliance with Requirements
> Establishing internal Accountability and Governance
• Impacts on Transatlantic businesses

II. AI & Data Privacy
• Ensuring an adequate legal basis for processing personal data with AI
• Reviewing / Updating data privacy notices
• Monitoring current regulatory decisions

III. EU Data Act
• Relevant IoT Products and Connected Devices; How to identify connected Products and Related Services in Scope
• Opportunities for U.S. Companies Through Expanded Data Access Rights
• Impact on M&A transactions, incl. Compliance Assessment, Data Intermediaries, Access vs. Ownership
• Cloud Computing Services, incl. what Providers of cloud services should be concerned with; incl. new negotiating powers and flexibility to Use Multiple Providers