Guaglio Intelligence
Friday, 10 July 2026
Daily Briefing
CJEU rulings reshape GDPR exemptions and copyright across Member States
The Court of Justice delivered judgments in Cases C-199/24 and C-788/24, closing the GDPR journalism exemption for paywall-gated criminal conviction data and requiring per-Member-State public domain assessments for online publishers. The EDPB published finalised guidelines on blockchain data processing, requiring organisations to align architectures and contracts with the new framework. The EBA released its final technical package for the 4.3 reporting framework, requiring EU-supervised Third-Country Branches and AMLA-subject institutions to update reporting systems ahead of submission.
For you: Dual UK-EU operators should immediately review GDPR journalism exemption reliance and blockchain processing contracts against the new CJEU ruling and EDPB finalised guidelines, while simultaneously updating EBA 4.3 reporting infrastructure for EU-side obligations.

How to read this digest
Enforcement
Fines, sanctions, rulings
Legislation
New laws, statutory instruments
Consultation
Calls for evidence
Guidance
Frameworks, codes of practice
↔ Divergence
UK-EU moving apart
Commentary
Background, no action needed
Click a domain tile to expand, then click a category tag to see individual items.
What matters today
Enforcement
CJEU ruling closes GDPR journalism exemption for paywall criminal conviction data
Operators publishing criminal conviction decisions behind paywalls must reassess their legal basis for processing, as the CJEU ruled in Case C-199/24 that the journalism exemption cannot be relied upon to justify such arrangements.
Data Protection
Guidance
EDPB finalised guidelines require blockchain architecture and contract alignment
Updated contractual and technical arrangements are required for any organisation using blockchain to process personal data, following the EDPB's publication of finalised guidelines on the subject.
Data Protection
Guidance
EBA releases final 4.3 reporting framework technical package for TCBs and AMLA
Mandatory reporting system updates are required for EU-supervised Third-Country Branches and institutions subject to AMLA oversight, following the EBA's release of the final technical package for the 4.3 reporting framework.
Financial Markets
Enforcement
CJEU ruling in C-788/24 mandates per-Member-State public domain assessment
Per-Member-State public domain status checks are now required before reproducing content online, following the CJEU's judgment in Case C-788/24 which prohibits application of the most restrictive single-jurisdiction standard across the EU.
Media & Copyright
Enforcement
CJEU ruling in C-234/25 limits withdrawal exclusion clauses for digital subscriptions
Withdrawal exclusion clauses in streaming and digital subscription contracts must be reviewed where personalisation or behavioural elements are present, following the CJEU's judgment in Case C-234/25.
Consumer & Redress
Consultations & Proposals
4 newly opened Β· 10 closing within 30 days
9 Closing feedback window
1 Open feedback window
2 Draft Guidance
1 Enforcement Milestone
Domains
Signals and context
Signals help explain where regulation, markets and technology may be moving. They are not obligation evidence.
Context signals
Data Protection, Privacy and Surveillance
Study on the interplay between the AMLD and the GDPR framework
Firms subject to AML obligations must reconcile conflicting GDPR and AMLD requirements on data retention, purpose limitation and access rights for obliged entities.
AI Governance
no items today
Accessibility
no items today
Chemicals
no items today
Cloud & Infra
1 item
1 guidance
Consumer & Redress
1 item
1 commentary
Cybersecurity
no items today
Data Protection
6 items
6 commentary
Data Sharing
no items today
Digital Identity
2 items
2 commentary
Digital Markets
no items today
Ecodesign & Energy
no items today
Financial Markets
4 items
1 consultation 1 guidance 2 commentary
Health & Life Sci
no items today
Media & Copyright
1 item
1 commentary
Online Safety
no items today
Payments
2 items
2 commentary
Product Safety
1 item
1 guidance
Telecoms
no items today
Vehicles & Mobility
no items today
Waste & EPR
no items today
Cloud Computing and Digital Infrastructure
The European Commission published a Cloud Sovereignty Framework referencing Gaia-X technical and governance standards, requiring organisations procuring or providing cloud services in the EU to assess their alignment with those standards.
1 Guidance
Guidance Gaia X RSS πŸ‡ͺπŸ‡Ί UK + EU
Organisations procuring or providing cloud services in the EU should assess alignment with Gaia-X technical and governance standards as they gain Commission backing.
Consumer Protection, Ecommerce and Redress
The CJEU issued its judgment in Case C-234/25, requiring streaming and digital subscription providers to review withdrawal exclusion clauses where personalisation or behavioural factors are present, narrowing the scope of permissible exclusions under EU consumer law.
1 Commentary
Commentary CJEU Press Releases Curia πŸ‡ͺπŸ‡Ί UK + EU
Streaming and digital subscription providers must review withdrawal exclusion clauses where personalisation or behavioural adaptation features are present in their services.
Data Protection, Privacy and Surveillance
The EDPB published finalised guidelines on blockchain data processing, and the CJEU ruled in Case C-199/24 that the GDPR journalism exemption does not apply to criminal conviction data published behind paywalls. Separately, civil society organisations applied parliamentary pressure on the ICO regarding Home Office eVisa data processing, and EU institutions signalled support for a more limited ePrivacy derogation for voluntary CSAM scanning.
6 Commentary
Commentary EDPB Publications πŸ‡ͺπŸ‡Ί UK + EU
Organisations using blockchain for data processing must now align architectures and contracts with the EDPB's finalised positions on roles, erasure and pseudonymisation.
Commentary EP Press Releases πŸ‡ͺπŸ‡Ί UK + EU
Platforms relying on the existing voluntary CSAM detection derogation must assess whether their current scanning practices remain lawful under the amended, more restricted scope.
Commentary CJEU Press Releases Curia πŸ‡ͺπŸ‡Ί
Operators publishing criminal conviction decisions behind paywalls cannot rely on the GDPR journalism exemption to justify processing special category data.
Commentary Open Rights Group RSS πŸ‡¬πŸ‡§
Signals direct parliamentary pressure on the ICO's enforcement posture toward Home Office data processing, with implications for supervisory accountability.
Commentary EC DG JUST πŸ‡ͺπŸ‡Ί UK + EU
The survey signals child-facing digital fairness obligations are a political priority for the DFA, giving compliance teams early sight of likely scope and child protection framing.
Commentary EDPB Publications πŸ‡ͺπŸ‡Ί UK + EU
Organisations subject to overlapping EU regulatory regimes should assess how EDPB cooperation frameworks with other regulators may affect coordinated enforcement exposure.
Digital Identity and Trust Services
The UK published a sectoral analysis benchmarking market maturity under the Digital Use and Access Act registration regime, and issued guidance requiring organisations using DVS-registered providers to ensure their systems can consume machine-readable checks from the digital verification services register.
2 Commentary
Commentary Digital Identity Blog RSS πŸ‡¬πŸ‡§ UK + EU
The analysis benchmarks UK market maturity under the DUA Act registration regime, giving compliance teams a baseline for assessing their own positioning against the registered provider landscape.
Commentary Digital Identity Blog RSS πŸ‡¬πŸ‡§ UK + EU
Organisations relying on DVS-registered providers for identity verification must ensure their systems can consume machine-readable register data to maintain compliant onboarding workflows.
Financial Markets, Conduct and Financial Crime
The EBA released its final 4.3 reporting framework technical package affecting Third-Country Branches and AMLA-subject institutions, and the AMLA Chair's hearing before the European Parliament's ECON Committee signalled the authority's supervisory priorities as it moves toward direct oversight. The FCA reported heightened scrutiny of financial promotions approval chains and influencer marketing in its first-year strategy review.
1 Consultation
1 Guidance
2 Commentary
Consultation EIOPA News RSS πŸ‡ͺπŸ‡Ί UK + EU
Insurers and reinsurers operating in the EU must review proposed valuation methodologies that will govern how they are assessed in a resolution scenario.
Guidance EBA News πŸ‡ͺπŸ‡Ί UK + EU
EU-supervised Third-Country Branches and institutions subject to AMLA oversight must update their reporting systems and data submissions to meet the new 4.3 framework specifications.
Commentary FCA News πŸ‡¬πŸ‡§
Firms and their social media partners face heightened FCA scrutiny of financial promotions approval chains and influencer relationships, with criminal enforcement now demonstrated.
Commentary EP ECON Committee πŸ‡ͺπŸ‡Ί UK + EU
The hearing provides a live signal on AMLA's supervisory priorities and readiness as it assumes direct oversight of high-risk obliged entities across the EU.
Media, Copyright and Audiovisual Services
The CJEU issued its judgment in Case C-788/24, ruling that online publishers and platforms must assess public domain status on a per-Member-State basis rather than applying a single, most-restrictive jurisdictional standard across the EU.
1 Commentary
Commentary CJEU Press Releases Curia πŸ‡ͺπŸ‡Ί UK + EU
Online publishers and platforms must now assess public domain status per Member State rather than applying the most restrictive EU jurisdiction across all territories.
Payments Regulation
The PSR reported that fraud victims recovered Β£243 million through reimbursement mechanisms, signalling continued scrutiny of payment firms' claim-handling and reporting processes. The European Parliament signalled readiness to begin negotiations on the digital euro, requiring firms in the payments chain to monitor developing obligations on acceptance, interoperability and privacy.
2 Commentary
Commentary PSR Latest News πŸ‡¬πŸ‡§ UK + EU
PSR-regulated payment firms must ensure reimbursement processes, claim handling and reporting obligations are fully embedded following the regime's first operational year.
Commentary EP Press Releases πŸ‡ͺπŸ‡Ί UK + EU
Firms in the payments chain must track how digital euro obligationsβ€”acceptance, interoperability and privacy requirementsβ€”will interact with existing PSP licensing and PSD frameworks.
Product Safety, Conformity and Standards
The UK published a product safety report for an electric motorbike model, requiring importers, distributors and retailers to assess whether the alert triggers recall, withdrawal or other market surveillance obligations.
1 Guidance
Guidance GOV.UK Product Safety Alerts πŸ‡¬πŸ‡§
Importers, distributors and retailers of electric motorbikes must assess whether this alert triggers a recall, withdrawal or corrective action obligation under UK product safety law.
Guaglio Intelligence
18 core items · 1 signals · 0 body-reviewed · 8 domains · 0 enforcement · 14 pipeline items