Weekly AI Governance Brief #12 — March 2026
European Parliament adopts first-reading amendments on “Digital Omnibus on AI”
On 26 March 2026, the European Parliament adopted first-reading amendments to the Commission’s proposal for a regulation on the simplification of harmonised rules on artificial intelligence. The proposal seeks to amend Regulation (EU) 2024/1689 and Regulation (EU) 2018/1139.
The adopted amendments introduce several targeted changes. These include extending certain support measures to “small mid-cap enterprises,” adding a recital encouraging coordination between the Commission, the AI Office, and national authorities to avoid overlapping supervision, and proposing adjustments to AI literacy obligations under Article 4. The text also introduces a recital addressing AI-enabled non-consensual generation of realistic sexual imagery, and proposes extending the legal basis for processing special category data for bias detection and correction beyond high-risk systems and models.
Why this matters
This constitutes a formal step in the ordinary legislative procedure that directly concerns the implementation of the AI Act. The amendments indicate areas where institutional coordination, scope of obligations, and permitted data processing may be further specified or adjusted.
For compliance functions, the proposed changes highlight potential expansion of support measures beyond SMEs, evolving expectations around AI literacy, and possible adjustments to the treatment of sensitive data in bias mitigation processes. The introduction of a recital addressing specific harmful use cases also signals how prohibited or restricted practices may be further clarified in legislative interpretation.
EDPB publishes case digest on “legitimate interest” legal basis
On 26 March 2026, the European Data Protection Board published a “One-Stop-Shop case digest” on the legal basis of legitimate interest. The document was produced through the Support Pool of Experts and compiles supervisory practice under the cooperation mechanism.
The digest presents selected cases illustrating how supervisory authorities assess the use of legitimate interest as a legal basis. It is provided as a standalone document with accompanying materials available through the EDPB website.
Why this matters
Although not AI-specific, the legitimate interest basis is frequently used in processing operations associated with AI systems, including analytics, monitoring, and certain lifecycle activities.
The consolidation of supervisory reasoning provides insight into how authorities interpret balancing tests and safeguards in practice. This can inform internal documentation, including data protection impact assessments and governance records, where organisations rely on legitimate interest for AI-related processing.
Disinformation Code of Conduct reporting published under the DSA framework
On 24 March 2026, the European Commission reported that signatories to the Code of Conduct on Disinformation had published their latest reports in the Code’s Transparency Centre. This reporting round covers the period from 1 July to 31 December 2025.
The Commission notes that these are the first reports following the Code’s recognition as a code of conduct under the Digital Services Act. The reports describe actions taken by signatories to address disinformation, including measures related to crisis response and election integrity, alongside data on implementation of policies, tools, and partnerships.
Why this matters
This development reflects the operationalisation of a co-regulatory framework linked to the Digital Services Act. The reporting structure and associated expectations function as a compliance reference point for participating platforms.
For governance functions, the reports illustrate how platforms document and report risk mitigation measures related to information integrity. This includes systems that may involve AI-enabled detection, ranking, or content moderation processes within broader platform governance frameworks.
Council of Europe adds AI section to migration and asylum soft law compilation
On 24 March 2026, the Council of Europe updated its reference document compiling non-binding legal instruments on migration and refugees. The update introduces a new section dedicated to the use of artificial intelligence and human rights protection.
The updated document brings together selected instruments from Council of Europe bodies and reflects the growing relevance of AI in migration governance contexts, including asylum procedures and border management.
Why this matters
This update situates AI explicitly within existing human rights-oriented governance materials in a sensitive administrative domain.
While non-binding, such compilations can influence how public authorities and oversight bodies frame the use of AI in migration-related decision-making. This is relevant for governance approaches that integrate human rights considerations into the design and deployment of AI-supported administrative systems.
Looking ahead
The developments in this period show continued legislative and institutional effort linked to the implementation and interpretation of the EU’s AI governance framework. Amendments under the ordinary legislative procedure and supervisory outputs indicate ongoing specification of obligations and expectations, as well as legal bases relevant to AI-related processing.
At the same time, governance signals continue to emerge through adjacent regulatory and institutional domains, including platform regulation and human rights frameworks. These developments illustrate how AI governance is being addressed across multiple instruments and institutional settings within and beyond the European Union.
Sources
European Parliament first-reading amendments on Digital Omnibus on AI: https://www.europarl.europa.eu/doceo/document/TA-10-2026-0098_EN.html
EDPB One-Stop-Shop case digest on legitimate interest: https://www.edpb.europa.eu/our-work-tools/our-documents/support-pool-experts/one-stop-shop-case-digest-legal-basis_en
European Commission Digibyte on Code of Conduct on Disinformation reporting: https://digital-strategy.ec.europa.eu/en/news/code-conduct-disinformation-signatories-publish-their-latest-reports-codes-transparency-0
Council of Europe update on migration and asylum soft law instruments: https://www.coe.int/en/web/migration-and-refugees/-/council-of-europe-updates-document-with-soft-law-instruments-on-migration-and-asylum