AI View: November 2025

Welcome to AI View, Simmons & Simmons’ fortnightly round-up of key AI legislative, regulatory, and policy updates from around the world.

Digital Omnibus Update

On 19 November 2025, the European Commission presented its simplification proposals aimed at the EU’s digital regulatory landscape (the Digital Omnibus).

The Digital Omnibus comprises two parts: one on digital regulation including the EU Data Act and GDPR, and another on the EU AI Act.

Read our article here for a combined summary of the key proposals. We have also included a summary of the AI Act-focused proposals at item 1 below.

This edition brings you:

1. European Commission proposes amendments to EU AI Act

2. Cyberspace Administration of China releases filing information for generative AI services

3. EDPS publishes guidance for risk management of AI systems

4. South Korea unveils draft enforcement decree for basic law on AI

5. Turkey introduces proposed bill to establish AI legal framework

6. European Parliament’s Committee on Economic and Monetary Affairs publishes report on impact of AI on financial sector

7. UK HM Treasury commissions Financial Services Skills Commission to produce report on AI skills needs

8. UK FCA announces partnership with Monetary Authority of Singapore to drive growth and AI innovation

1. European Commission proposes amendments to EU AI Act

On 19 November 2025, the European Commission proposed a new Digital Package aimed at simplifying EU technology and data rules and boosting business efficiency across Member States.

The proposed AI Act-focused amendments include:

• Timeline adjustment for high-risk AI rules: The application of high-risk AI system requirements is delayed:
  • For Annex III systems: 6 months after a Commission decision confirming adequate compliance measures are available, or by 2 December 2027 at the latest.
  • For Annex I systems: 12 months after such a decision, or by 2 August 2028 at the latest.
• Reduced registration burden: Removal of the obligation for providers to register high-risk AI systems under Annex III where they meet the exemption under Article 6(3) (e.g., systems used solely for narrow procedural tasks).
• Legal basis for bias-related processing: Introduction of a new legal basis allowing providers and deployers exceptionally to process special categories of personal data for bias detection and correction, subject to safeguards and in compliance with data protection rules.
• Market Surveillance and Enforcement: The AI Office (AIO) is confirmed to have exclusive authority for AI systems based on GPAI models (where the same provider develops both model and system), except for systems covered by Annex I. The AIO also oversees AI systems integrated into very large online platforms and search engines (VLOPs and VLOSEs) under the Digital Services Act.
• Shift in AI literacy obligations: Replacing the obligation on providers and deployers to ensure AI literacy under Article 4 with a requirement on the Commission and Member States instead to foster AI literacy (for clarity, this does not impact the obligation on deployers of high-risk systems to ensure necessary training for those with human oversight over the AI system (Art 26(2)).

In late 2025, the European Commission will send the Digital Omnibus proposals to the European Parliament, where the Committees on the Internal Market (IMCO), Industry, Research and Energy (ITRE) and Civil Liberties, Justice and Home Affairs (LIBE) will lead the review. From January 2026, MEPs will debate and propose amendments, aiming to finalise a report by Q1. After adoption in committee(s) and the full Parliament votes in plenary, trilogue negotiations between the Commission, Parliament, and Council are expected in spring 2026, with final approval likely by mid-2026. An urgent procedure could fast-track adoption as early as Q1 2026, though this would limit amendments and shorten consultation periods.

Read the Digital Omnibus in full here. Read our article for a combined summary of the key proposals set out in the Digital Omnibus here.

2. Cyberspace Administration of China releases filing information for generative AI services

On 11 November 2025, the Cyberspace Administration of China (CAC) released information on the number of generative AI services registered in China under the Measures for the Management of Generative Artificial Intelligence Services instrument.

As of 1 November 2025, a total of 611 generative AI services had been registered with the CAC, up from 538 as of 31 August 2025, reflecting an additional 73 generative AI services registered during this period.

For generative AI applications or functions that directly use registered models through an Application Programming Interface (API) or other means, registration is managed by local cyberspace administrations. Between 1 September 2025 and 30 October 2025, 35 such applications or functions were registered at the local level. As of 1 November 2025, 306 generative AI applications or functions had been registered with local cyberspace administrations.

Read the announcement in full here (only available in Chinese).

3. EDPS publishes guidance for risk management of AI systems

On 11 November 2025, the European Data Protection Supervisor (EDPS) published new guidance on risk management for AI systems (the Guidance). The Guidance aims to help EU Institutions, Bodies, Offices, and Agencies acting as data controllers to identify and mitigate data protection risks associated with AI deployment under Regulation 2018/1725. It is also highly relevant for private companies, industry stakeholders, and public organisations seeking compliance with data protection rules.

The Guidance introduces a framework aligned with ISO 31000:2018, focusing on assessing and treating risks throughout the AI lifecycle. It highlights four core areas essential for transparent, auditable, and trustworthy AI decision-making:

• Fairness: Addressing algorithmic and training-data bias, including overfitting and interpretive bias.
• Accuracy: Ensuring statistical validity, preventing data drift, and reducing inaccurate personal data outputs.
• Data Minimisation: Avoiding indiscriminate collection and storage of personal data.
• Security: Mitigating risks such as AI output disclosure, data leakage, and API exposure.

Furthermore, the Guidance addresses crucial concepts in the AI lifecycle including:

• Interpretability: Understanding how an AI model operates in relation to its internal logic and linkages between input and output.
• Explainability: Exploring why an AI system produces particular results, enabling those outcomes to be communicated meaningfully to end users.

The Guidance provides practical recommendations and insights to help identify and mitigate common technical risks in AI systems, thereby supporting the protection of personal data, fostering accountability and promoting lawful AI deployment by EU controllers.

Read the Guidance in full here.

4. South Korea unveils draft enforcement decree for basic law on AI

On 12 November 2025, South Korea’s Ministry of Science and ICT released the draft enforcement decree of the AI Basic Act (the Act), its first comprehensive AI legislation, and opened a 40-day public consultation period ending on 22 December 2025.

The enforcement decree addresses matters delegated by the Act, including measures to support the AI industry and ensure the transparent and safe use of AI, thereby clarifying the standards and obligations mandated under the Act.

The draft decree sets out the following key measures:

• Establishing the standards for support projects aimed at fostering the AI industry;
• Designating institutions responsible for implementing national AI policy;
• Defining “high-performance AI model” as exceeding 10²⁶ FLOPS (based on cumulative computing power) and subjecting such models to additional safety regulations and oversight;
• Introducing disclosure and labelling requirements for “deepfakes” and other generative content to ensure users are properly informed;
• Confirming exemptions for AI used exclusively for national defence or security purposes; and
• Implementing a temporary suspension of fines for violations to balance industry growth with safety and trust.

The draft decree aims to clarify regulatory frameworks and establish a support system for AI development, from funding training projects to building computing infrastructure, underlining a commitment to balancing industrial growth with a trustworthy AI foundation. The decree is expected to be finalised before the AI Basic Act takes effect on 22 January 2026.

Read the full draft decree here (only available in Korean).

5. Turkey introduces proposed bill to establish AI legal framework

On 7 November 2025, Turkey submitted a proposed bill to the Grand National Assembly to establish an AI legal framework (the Bill). The Bill, which consists of 11 articles, seeks to address ethical, security, and rights-related challenges arising from the use of AI systems in content generation.

The Bill introduces amendments to several laws, including the Turkish Penal Code, Law No. 5651, Law No. 5809, the Personal Data Protection Act, and the Cybersecurity Law. These changes help to clarify the responsibilities of AI users and developers, introduce a legal definition of AI system, and set out rules on liability for crimes committed through AI.

Key proposed provisions under the Bill include the following:

• AI-generated content that infringes personal rights or poses a threat to public security must be removed within 6 hours, with the content provider and AI system developer being held jointly liable.
• All deepfake content must clearly display the statement “Generated by Artificial Intelligence”. Failure to do so may result in administrative fines ranging from TRY 500,000 to TRY 5 million (approximately US$12,000 to US$120,000) imposed by the Information and Communication Technologies Authority (BTK).
• Users who instruct an AI system to commit an offence are deemed the principal offenders, while developers incur increased liability where the design or training of the AI system facilitates the commission of the offence.
• The BTK is granted the emergency power to block AI-generated content that threatens public order or election security. Non-compliance with this obligation may result in administrative penalties of up to TRY 10 million (approximately US$250,000).
• Service Providers, which are entities that provide services or collect and process data through an information system (defined as the hardware, software, and all associated components used to deliver services, process transactions, and manage data through information and communication technologies), are subject to the following obligations:
  • ensuring transparency and auditability of training datasets;
  • implementing content verification mechanisms to prevent false or manipulative information;
  • applying controls to reduce the risk of AI hallucinations;
  • developing human review processes for high-risk applications; and
  • conducting regular cybersecurity vulnerability testing.

Read the Bill in full here (only available in Turkish).

6. European Parliament’s Committee on Economic and Monetary Affairs publishes report on impact of AI on financial sector

On 11 November 2025, the European Parliament’s Committee on Economic and Monetary Affairs (ECON) published a report on the impact of AI on the financial sector. The report explores the role of AI in the financial services sector and the wider regulatory landscape and offers policy recommendations to foster innovation while ensuring compliance, cybersecurity, and consumer protection. The report addresses multiple stakeholder groups, directing its recommendations primarily to EU policymakers, including the European Commission and Parliament, as well as supervisory authorities. It also calls on financial institutions and market participants to adopt governance, transparency, and risk management measures when deploying AI systems.

The report raises concerns about regulatory overlaps and legal uncertainties between the AI Act and sectoral financial services legislation, and the lack of guidance on the interpretation of these regulatory overlaps and interactions.

The report makes the following key recommendations:

• Boost AI innovation and investment in Europe’s venture capital market under the Savings and Investments Union.
• Provide clear guidance on applying existing financial legislation to AI.
• Simplify and harmonise regulations, avoiding duplication and a one-size-fits-all approach, and ensure continuous monitoring of AI deployment to identify gaps and deficiencies in current financial services legislation.
• Explore AI applications in financial markets, such as intermediation, portfolio management, and compliance automation, within a technology-neutral framework.
• Remove entry barriers for AI-driven firms through streamlined licensing, support cross-border scale-ups, and expand innovation hubs to guide and assist AI innovators.
• Develop AI-specific sandboxes and testing environments to enable controlled experimentation with AI-driven financial products.
• Promote AI literacy and digital skills across the financial workforce to ensure responsible use and effective oversight.
• Conduct research on the sustainability of AI deployment, increasing transparency on energy consumption and the environmental footprint of AI models.

Read the report in full here.

7. UK HM Treasury commissions Financial Services Skills Commission to produce report on AI skills needs

On 5 November 2025, HM Treasury published a letter to the Financial Services Skills Commission (FSSC) commissioning it to produce a comprehensive report on AI skills needs and the impact of AI and other disruptive technologies on the UK financial services sector.

The research, aligned with the Treasury’s July 2025 Financial Services Growth and Competitiveness Strategy, will examine the following components:

• An assessment of technologies that are expected to significantly impact financial services business practices, workforce and skills requirements over the next five to ten years.
• An assessment of how these technologies will affect the sector’s growth and productivity, and their impact on customers.
• An assessment of the skills needed to adopt and use these technologies successfully.
• A plan of how the required skills can be developed. This should include consideration of the broader economic and fiscal picture.
• A cost-benefit analysis of the proposed measures.

The FSSC, supported by the City of London Corporation, TheCityUK, Lloyds Banking Group, and PwC, will examine and recommend how the skills system can enhance growth and productivity in financial services by enabling the adoption and innovation of AI and other emerging technologies. The delivery of the research is scheduled for mid-2027 in the form of a final report.

Read the commission letter in full here.

8. UK FCA announces partnership with Monetary Authority of Singapore to drive growth and AI innovation

On 12 November 2025, the UK’s Financial Conduct Authority (FCA) announced a strategic partnership with the Monetary Authority of Singapore (MAS) to promote safe and responsible AI innovation in financial services. At this stage, there is limited information available regarding the specific details of the partnership from an AI perspective. However, the partnership is intended to enable firms in the UK and Singapore to scale and operate across markets more effectively through joint testing of AI solutions, regulatory knowledge exchange, and collaborative events.

For the first time, the FCA will establish a presence in Singapore by appointing a Financial Services Attaché at the British High Commission. This move is part of a broader plan to expand into priority markets in the US and Asia Pacific next year. The FCA views this initiative as a way to strengthen global regulatory relationships, support economic growth, and attract inward investment to the UK.

This initiative aligns with the FCA’s broader approach to AI, which prioritises the safe and responsible use of AI in financial markets and promotes secure and beneficial innovation.

Read the FCA announcement in full here.