What are the opening hours?

Monday 8:30am - 6pm Tuesday 8:30am - 6pm Wednesday 8:30am - 6pm Thursday 8:30am - 6pm Friday 8:30am - 6pm

The Transatlantic Lawyer

Home
United States
New York, NY
The Transatlantic Lawyer

International law practice assisting companies in their operations in Europe, the U.S., and Canada

NY-based law practice assisting U.S.-based entrepreneurs, start ups and small to mid-size companies from the technology sector in their operations in Europe and Canada

11/05/2025

France’s AI Act enforcement: a network of regulators — not a single “super-regulator”

France has revealed how it will enforce the EU AI Act — and it’s not a one-stop shop.

Instead, oversight will be shared among several existing authorities, with the DGCCRF coordinating market surveillance and acting as France’s single point of contact. The industry ministry (DGE) will steer national strategy and represent France at the European AI Board.

What does “shared” mean in practice?

- DGCCRF & Arcom: banned practices + transparency for generative AI and deepfakes
- CNIL: biometric and social-scoring prohibitions
- ACPR: financial/credit scoring
- HFDS: critical infrastructure
- ANSSI & PEReN: technical backbone and AI tooling

For U.S. companies operating in France, this means multi-front compliance:

- Customer-facing AI → DGCCRF / Arcom scrutiny
- HR or hiring AI → CNIL oversight
- Fintech / insurtech models → ACPR review
- Critical-infrastructure tools → HFDS coordination

👉 Now’s the time to map your AI use cases to the relevant authority, align documentation with expected standards, and prepare evidence for risk management and transparency.

France is betting on a decentralized model — anchored in sectoral expertise, not a new AI “super-regulator.”

💬 How will this model shape your compliance planning in France? Which use cases will you map first?

11/03/2025

European Patent Office finalises 2026 guidelines on AI patentability

The EPO has finalized its 2026 Guidelines for Examination, which include important updates on AI-related inventions.

These new rules — coming into effect in April 2026 — reflect the EPO’s evolving approach to how artificial intelligence and machine learning innovations are treated in the patent process.

A preview and public consultation are expected in early 2026, offering companies and inventors a chance to provide input before the guidelines officially take effect.

🔍 Why it matters:

1. Clarifies how AI inventions are assessed for patentability

2. Provides more predictability for innovators in the AI sector

3. Signals continued adaptation of patent frameworks to emerging technologies

10/29/2025

🔍 Spotlight on Responsible AI: New Guidance from the European Data Protection Supervisor (EDPS)

The EDPS has just published revised orientations (Version 2) on how EU institutions and bodies should use generative AI systems while upholding data protection under Regulation (EU) 2018/1725.

Key updates include:

- A refined definition of “generative AI” to reflect rapid technological change.

- A new compliance checklist to guide organisations through risk-management, transparency, and accountability.

- Clearer delineation of roles: who is a controller, processor or joint-controller when generative AI is used.

- Renewed emphasis on legal bases for processing personal data, purpose-limitation, data minimisation and continuous monitoring throughout the AI lifecycle.

💡 Why this matters
In an era where generative AI is permeating more business functions, regulatory expectations are no longer “nice to have” — they’re rapidly becoming a baseline for trust. Even though the guidance is formally directed at EU institutions, the implications for private-sector organisations (especially those operating in/with the EU) are real.

✅ My take-aways for practitioners

1. Embed data protection at the outset of any generative AI initiative — from design through deployment and monitoring.

2. Conduct or update Data Protection Impact Assessments (DPIAs) that cover the full lifecycle of generative-AI systems (training, use, reuse).

3. Be transparent about how personal data (including pseudonymized or aggregated) may be involved in training or outputs of models.

4. Maintain proper record-keeping and governance structures: know your role (controller/processor), have the right stakeholders engaged (legal, IT, DPO), and use a checklist approach so you don’t miss evolving risks.

5. Use the new EDPS checklist as a practical tool — it could also act as an internal benchmark for broader AI governance frameworks.

🌍 Final thoughts
The message is clear: generative AI brings enormous opportunity — but also new layers of complexity when it comes to personal data protection and fundamental rights.

The revised EDPS guidance is a timely reminder that strong stewardship, governance and ongoing scrutiny will be the difference between innovation that builds trust, and innovation that raises red flags.

10/11/2025

🇪🇺 EU Data Act: what changes now for US SaaS selling in Europe

From 12 September 2025, the Data Act’s cloud-switching regime applies to data processing services (SaaS, PaaS, IaaS). The aim: remove contractual, technical and commercial lock-in.

What this means:

Customer exit rights: buyers can switch on ≤ 2 months’ notice; providers must complete the move without undue delay and return exportable data/digital assets in a structured, machine-readable format.

Fees: switching/egress charges are being phased out. Time to revisit pricing and renewals.

Interoperability: expose open, well-documented interfaces and prepare for EU specs so migrations aren’t just data dumps.

What to do now:

Treat switching as a core product journey (APIs, exports, runbooks, named owners).

Map what’s truly exportable vs protected (e.g., trade secrets).

Update contracts to reflect notice, transition and termination rights; train CSM/ops/legal on an executable playbook.

Join the conversation. How are you adapting contracts, tooling and pricing to the Data Act’s switching rules? What’s worked (and what hasn’t) in real migrations? Share your approach so peers can benchmark.

10/03/2025

🍁 Canada & Quebec: One Country, Two Rulebooks
10 provinces, 3 territories, bilingual laws. 29+ privacy statutes dance with Federal law. (dlapiperdataprotection.com) Our Canada & Quebec Mini-Guides outline the corporate forms, provincial privacy nuances (PIPEDA vs. Law 25), and tax credits that make Montreal a smart first North-American HQ.

📥 Download both Mini-Guides : https://www.transatlantic-lawyer.com/canada-mini-guide/ | https://www.transatlantic-lawyer.com/quebec-mini-guide/

10/02/2025

📣 Marketing Across Borders Without Fines
Email blasts, cookie banners, TikTok ads—EU and U.S. regulators read them differently. We align your growth team with CAN-SPAM, ePrivacy, and FTC rules before launch day, so creative ideas don’t become legal headaches.

⚖️ Book a Marketing-Compliance Audit

10/01/2025

🇬🇧 Landing in the UK After Brexit
Same language, new rules. Employer compliance, VAT registration, data-transfer bridges—all changed. Our UK Mini-Guide gives you the cliff notes plus practical tips (like when a local director is legally required). Read it before your first London pitch.

📥 Download the UK Mini-Guide : https://www.transatlantic-lawyer.com/publications/uk-mini-guide/

09/30/2025

✅ September Recap: Your Transatlantic Checklist
Missed a post? Here’s your one-slide summary:
1️⃣ Market Mini-Guides (France, USA, UK, Canada/Quebec)
2️⃣ DPO & Privacy Checklist
3️⃣ Fractional GC services
4️⃣ Contract Localization tips

💬 DM us to book a free 30-min strategy call. Let’s map your next border crossing together.

🌐✈️

09/24/2025

🛠️ Open-Source ≠ Free Pass
VCs love speed, but an unchecked GPL license can kill an exit. We create clean OSS policies, secure IP ownership, and align U.S.–EU clauses so diligence runs smooth and buyers stay eager.

📥 Request our Open-Source Checklist

09/22/2025

🏗 Outside General Counsel = Elastic Legal Team
No lawyer on payroll? We plug into your Slack like an in-house GC draft board minutes Monday, review privacy policy Wednesday, negotiate a cloud contract Friday. Pay only for sprint time, not bench time. Perfect for startups crossing the €5-10 M revenue line.

📅 Schedule a fractional-GC intro chat

09/18/2025

🇺🇸 Dreaming of the U.S. Market?
The U.S. is huge—and ruthless. EIN filings, state taxes, employment-at-will… mistakes cost $$ fast. Our USA Mini-Guide tells you what every founder wishes they knew before incorporating: where to register, how to protect IP, and why a Delaware C-Corp is not always the magic answer.

📥 Download the USA Mini-Guide : https://www.transatlantic-lawyer.com/publications/usa-mini-guide/

$🕵️ Need an External DPO?Hiring a full-time Data Protection Officer at Series A burns cash. We act as your fractional DPO...$

09/16/2025

🕵️ Need an External DPO?
Hiring a full-time Data Protection Officer at Series A burns cash. We act as your fractional DPO: mapping data flows, running DPIAs, training staff, and answering regulators across EU and U.S. for a flat monthly fee. Focus on shipping code; we’ll guard the data.

📞 See our DPO Service Sheet & pricing : https://www.transatlantic-lawyer.com/dpo-services/

Address

135 Madison Avenue
New York, NY
10016

Opening Hours

Monday	8:30am - 6pm
Tuesday	8:30am - 6pm
Wednesday	8:30am - 6pm
Thursday	8:30am - 6pm
Friday	8:30am - 6pm

Website

https://www.transatlantic-lawyer.com/

Alerts

Be the first to know and let us send you an email when The Transatlantic Lawyer posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Featured

The Law Office of Richard M. Kenny
363 7th Avenue 16th Floor

Want your practice to be the top-listed Law Practice in New York?