The Fine Print Brief: what actually matters this week (14 July 2026)
Here is what happened, what it costs you, and what I would do about it. Five minutes, seven items, one verdict each.
1. The AI Act deadline that didn't move lands in three weeks
The Digital Omnibus got final EU approval in late June. Headlines say the AI Act was delayed. Half true. High-risk rules moved to December 2027. But the Article 50 transparency rules for chatbots did not move and apply from 2 August 2026. (If you generate synthetic content like images or text, you have until 2 December 2026 to watermark existing tools, but new ones must comply immediately). If your EU users are talking to an AI, they must be told. Fines run to €15 million or 3% of global turnover.
The Commission has now published its Code of Practice on the transparency of AI-generated content, along with standard EU labelling icons. Signing up to the Code is voluntary, but it works as a structured safe harbour: follow it and you have a ready-made answer when a regulator asks how you comply (link).
Verdict: the only genuinely urgent item on this list.
Do this: ask your product lead one question today. Is our "you are talking to an AI" disclosure shipping before 2 August? If the answer is a pause, that pause is your problem.
2. Brussels calls Amazon and Microsoft gatekeepers. London blinked.
The Commission's preliminary view is that AWS and Azure should be designated as gatekeepers under the Digital Markets Act, bringing binding duties on data portability, interoperability and self-preferencing. The CMA looked at the same two companies and settled for voluntary commitments instead.
Verdict: EU cloud customers are getting enforceable exit rights. UK customers get whatever their contract says. That gap is now a negotiation point.
Do this: next cloud renewal, ask for the same portability and egress terms the DMA would force in Europe. The providers have already conceded the principle. Make them concede it to you.
3. Google will let publishers opt out of feeding its AI. Careful what you wish for.
The CMA's new conduct requirement lets UK publishers pull their content from AI Overviews and AI Mode, and from fine-tuning Google's models, without losing ordinary search ranking. Sounds like a win. It is also a fork in the road: opt out and you disappear from the answers your customers now read instead of clicking.
Verdict: a strategic decision dressed up as a rights issue. There is no obviously right answer, only a deliberate one.
Do this: if content drives your pipeline, put this on the next leadership agenda as a commercial call, not a legal one.
4. A judge shredded a lawyer for trusting a chatbot. Your vendor terms have the same hole.
A High Court judge publicly criticised a lawyer for relying on AI-generated material. Everyone enjoyed the story. The uncomfortable part: nearly every AI tool your team uses carries terms that push hallucination risk entirely onto you, the customer, while your own client contracts quietly promise accuracy.
Verdict: you are probably warranting outputs your supplier refuses to stand behind. That mismatch is where claims live.
Do this: pull your most important AI vendor agreement and your most important customer agreement. Read the liability clauses side by side. In the vendor terms, look for the phrases "as is", "no warranty as to accuracy", "outputs may contain errors" and "customer is responsible for verifying". Then look at your own customer contract for anything promising accurate, reliable or professional-standard outputs. If you found the first set and the second set in the same afternoon, you've found this quarter's contract job.
5. Since 19 June, every business needs a data complaints process. Most SMEs missed it.
The Data (Use and Access) Act now requires all organisations to run a data protection complaints procedure: acknowledge within 30 days, investigate without undue delay. The ICO has said SMEs are the least prepared. This is already in force. It is not coming, it has arrived.
Verdict: boring, cheap to fix, embarrassing to be caught without.
Do this: a complaints email address, a one-page internal procedure, a line in your privacy notice. An afternoon of work.
6. AI chatbot child-safety rules drop this month
The government has confirmed that measures targeting AI chatbots, platform design and age-verification workarounds will be set out later in July (watch this space), following June's under-16 social media ban. Under-18s will be blocked from AI romantic companions, and chatbots generally will need to restrict intimate functionality for minors.
Verdict: if you build conversational AI and have never thought about the age of your users, that position expires this month.
Do this: assign an owner now and have them answer two questions before the rules land. Do we actually know the age distribution of our user base, or are we guessing? And is our age check real assurance or a tick-box a twelve-year-old defeats in four seconds? If the honest answers are "guessing" and "tick-box", you'll be doing this work in August under a deadline. Do it in July without one. I'll cover the detail here when it drops.
7. The ICO's £300,000 lesson in growth marketing
The ICO fined a debt advice firm £300,000 for sending 5.5 million unlawful marketing texts, some containing fake bailiff threats, generating over 60,000 complaints. An extreme case. But the legal basis it fell on, consent and accuracy of the contact list, is the same one your outbound campaigns stand on.
Verdict: enforcement is aiming at exactly the corner-cutting that aggressive growth targets encourage.
Do this: ask whoever runs your outbound where the list came from and what consent attaches to it. If the answer includes the word "purchased", keep asking.
That's the week. One deadline that bites in August, one negotiation lever, one strategic fork, two contract jobs, one afternoon of housekeeping and one story to scare your growth team with.
FAQ
-
Article 50 transparency obligations. Users in the EU must be told when they are interacting with an AI system and AI-generated content must be identifiable. High-risk obligations were deferred to December 2027 by the Digital Omnibus, but the transparency rules were not delayed.cription text goes here
-
Not yet. In June 2026 the European Commission reached the preliminary position that both should be designated as gatekeepers for their cloud services. If confirmed, they would face binding obligations on data portability, interoperability and self-preferencing within six months.
-
Yes. Under a CMA conduct requirement imposed in June 2026, UK publishers can opt out of their content powering Google's AI features and being used to fine-tune Google's models, while keeping their ordinary search ranking.
-
From 19 June 2026, under the Data (Use and Access) Act 2025, all organisations must operate a clear data protection complaints process, acknowledging complaints within 30 days and investigating without undue delay.

