ARTICLE
21 January 2026

Winter AI Wrap: A Snapshot Of Key Updates And Developments

WG
Weil, Gotshal & Manges LLP

Contributor

Weil, Gotshal & Manges LLP logo

Founded in 1931, Weil has provided legal services to the largest public companies, private equity firms and financial institutions for more than 90 years. Widely recognized by those covering the legal profession, Weil’s lawyers regularly advise clients globally on their most complex Litigation, Corporate, Restructuring, and Tax, Executive Compensation & Benefits matters. Weil has been a pioneer in establishing a geographic footprint that has allowed the Firm to partner with clients wherever they do business.

Explore Firm Details
Below is a brief round-up of key AI regulatory and policy developments. As AI regulation continues to evolve rapidly...
United Kingdom Technology
Barry Fishley and Chloe Kite
Barry Fishley’s articles from Weil, Gotshal & Manges LLP are most popular:
  • within Technology topic(s)
  • with Senior Company Executives, HR and Finance and Tax Executives
  • with readers working within the Telecomms and Utilities industries

Below is a brief round-up of key AI regulatory and policy developments. As AI regulation continues to evolve rapidly, we will be publishing these updates on a quarterly basis going forward to track key developments.

EU AI ACT IMPLEMENTATION DELAY, INCLUDING FOR HIGH-RISK AI SYSTEMS

Amidst increasing pressure from business and lobby groups to pause the implementation of the EU AI Act, the European Commission proposed to pause certain obligations under the Act, including:

  • pausing the Annex III high-risk AI system-related compliance deadline until 2 December 2027 (an extension of 16 months), e.g. AI systems used for credit scoring, life and health insurance pricing, AI systems used for recruitment or employment-related decisions, remote biometric identification systems;
  • pausing the Annex I (product-based) high-risk AI system compliance deadline until 2 August 2028 (an extension of 12 months); and
  • pausing the Article 50(2) provider transparency labelling requirements for generative AI systems until 2 February 2027 (an extension of 6 months).

Crucially, the entire wider digital omnibus must be approved before these new deadlines can come into effect and so (for Annex III high risk AI systems) it must be approved before the current compliance deadline of 2 August 2026. If not, a technical enforcement window could apply. Related to this, it was also reported that the Commission is considering an alternative mechanism - a standalone, fast-track proposal - to ensure the proposed postponement can be enacted in time, should the digital omnibus not complete the legislative process before this 2 August 2026 date. If so, this would allow the timing issue to be addressed separately and reduce pressure on the broader omnibus package. However, a standalone approach will only assist if progressed rapidly in 2026. In summary, those subject to the high-risk obligations under the Act are going into 2026 without certainty on whether they have some welcome breathing room to refine their implementation plans.

More broadly, this attempt at any extra runway reflects a push to keep the EU competitive in the global AI landscape (particularly with the US, see further below) By moving to ease immediate pressure on compliance deadlines, the EU is signalling that it wants innovation and regulation to move in step, not in conflict.

TRUMP EXECUTIVE ORDER: NEW STATE-LEVEL AI LEGISLATION 'BANNED'

On 11 December 2025, President Trump signed a new Executive Order on establishing a national policy framework for artificial intelligence, which seeks to limit the enforcement of state-level AI laws. The Order addresses the growing body of state-level AI legislation, framing regulatory fragmentation as a risk to US competitiveness in the global AI race and emphasising the need for US AI developers to innovate without cumbersome regulation. It also raises concerns about state laws that require AI systems to embed particular value judgments or restrict model outputs, explicitly referencing Colorado's AI law and its focus on algorithmic discrimination.

Key points of the Executive Order include:

  • directing the Attorney General to establish an AI Litigation Task Force to challenge state AI laws that are considered unconstitutional, pre-empted, or otherwise unlawful and harmful to innovation;
  • directing the Secretary of Commerce to publish an evaluation of existing state AI laws that conflict with national AI policy priorities, and linking eligibility for certain federal funding and grant eligibility to alignment with federal AI policy; and
  • calling for the development of a national AI legislative framework, that would pre-empt state AI laws viewed as stifling innovation. Certain categories of state AI laws would however remain outside any future pre-emption, including child safety protections, state government procurement and use of AI, and AI compute and data centre infrastructure.

Any such pre-emption would require new federal legislation; the Executive Order itself cannot and does not achieve this. Previous attempts to pre-empt state AI laws through legislation have been rejected by the US Senate (Republicans earlier this year failed to pass a similar 10 year moratorium on state laws that regulate AI as part of Trump's One Big Beautiful Bill Act).

Overall, the Executive Order underscores the administration's already well-known policy direction on AI, and its emphasis on maintaining US leadership in the global AI race. However, whether this approach translates into enforceable federal law will be an important space to watch in 2026.

COMMISSION PUBLISHED GPAI MODEL PROVIDER GUIDELINES AND A VOLUNTARY GPAI CODE OF PRACTICE

The Commission issued guidelines to clarify the scope of the obligations for providers of general-purpose AI models under the EU AI Act. The guidelines specify when an organisation is considered to be a 'provider' of a GPAI model and when obligations under the EU AI Act relating to such model are triggered, especially when it is integrated into an AI system. Read more about the content of the guidelines and how these practically may apply to you in an article we have authored here.

GPAI providers who sign up to, and comply with, the voluntary GPAI Code of Practice will be deemed to comply with the GPAI related obligations under the AI Act.

COMMISSION PUBLISHED DRAFT CODE OF PRACTICE ON TRANSPARENCY OF AI-GENERATED CONTENT

On 17 December 2025, the European Commission published a draft Code of Practice on Transparency of AI-Generated Content (the "Code"). The Code seeks to translate the transparency obligations under Article 50 of the EU AI Act into concrete technical and organisational measures that providers and deployers may adopt. However, following the Code does not, in itself, guarantee compliance with Article 50. Equally, organisations remain free to comply with Article 50 obligations through alternative measures, without adhering to the Code at all. The Code is in draft form. A further draft will be published around March 2026, before a final Code is published in May or June 2026. This timing raises questions as to whether organisations will have sufficient time to implement the Code ahead of the current Article 50 transparency obligations on 2 August 2026. As a result, despite being a first draft, the Code is of practical relevance for organisations in scope. Read more about the Code at our Latest Thinking page.

COMMISSION LAUNCHED A CONSULTATION ON SERIOUS INCIDENT REPORTING UNDER THE EU AI ACT

The Commission launched a public consultation on 26 September 2025 with draft guidance and a reporting template for serious AI incidents under the EU AI Act. The guidance is designed to help providers of "high-risk AI systems" comply with mandatory reporting requirements under Article 73 of the EU AI Act.

Reportable incidents include incidents that cause serious health impacts, serious or irreversible disruption to critical infrastructure, large-scale or systemic infringements of fundamental rights, and significant damage to property or the environment. An AI output can also still trigger reporting if it contributes to the harm via a human decision or a downstream process, provided the system was used for its intended purpose or in a reasonably foreseeable way. Providers of high-risk AI systems are expected to notify the relevant market surveillance authority within tight deadlines, investigate immediately, and preserve the system and evidence to enable regulatory scrutiny, while deployers have parallel escalation obligations if they identify an incident first. Overall, the guidance highlights the need for organisations to have internal escalation, investigation and evidence-preservation processes in place well ahead of enforcement.

IRELAND ADOPTS DISTRIBUTED MODEL FOR AI OVERSIGHT

On 16 September 2025, Ireland's Department of Enterprise, Tourism and Employment announced the designation of fifteen national competent authorities under the EU AI Act, and the creation of a National AI Office to act as the single central coordinating authority by 2 August 2026 to ensure consistent and effective implementation of the EU AI Act.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Barry Fishley
Barry Fishley
Photo of Chloe Kite
Chloe Kite
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More