The Imperative of Legal Scrutiny

Since October 7, 2023, the conflict has resulted in a humanitarian catastrophe defined by a staggering loss of civilian life, the widespread destruction of critical infrastructure, and mass displacement. Thousands of civilians, including numerous women and children, have been killed. These devastating realities compel immediate legal action. Independent international bodies, including the International Commission of Inquiry, have initiated comprehensive investigations into alleged violations of IHL and IHRL and potential international crimes committed by all actors. Our legal position demands a strictly impartial application of the law, confirming breaches where the evidence is clear and explaining the specific legal duties violated.

The Dual Framework: IHL, IHRL, and Universal Accountability

The unfolding events are legally characterized by the overlap of two distinct frameworks: an intensification of a Non-International Armed Conflict (NIAC) between Israel and Hamas/other armed groups, overlaid by the International Armed Conflict (IAC) framework due to Israel’s ongoing status as the occupying power in Gaza. This duality means both IHL (jus in bello), which governs the conduct of hostilities, and IHRL, particularly its non-derogable obligations, apply concurrently.

This dual applicability mandates that prohibitions against war crimes, crimes against humanity, and genocide are universal. They apply equally to state and non-state actors. Consequently, the actions of Hamas-led groups and the Israeli Security Forces (IDF) must be subject to the same rigorous legal examination, with impartiality being the foundation of any credible scrutiny.

Flagrant Breaches by Non-State Armed Groups

The actions undertaken by Hamas and associated Palestinian armed groups on and since October 7, 2023, constitute explicit and severe breaches of IHL, forming the basis for multiple international crimes now under investigation by the International Criminal Court (ICC).

Deliberate Targeting and Indiscriminate Attacks

The Principle of Distinction, a foundational rule of IHL obliges all parties to differentiate between combatants and civilians at all times. Available evidence indicates that Hamas-led groups carried out attacks on Israeli civilian areas, resulting in the killing, abduction, and reported summary execution of civilians, including children and entire families. Allegations suggest that these acts were intended to spread terror among the civilian population, conduct which, if substantiated, would constitute war crimes and crimes against humanity such as murder and unlawful imprisonment.

The large-scale firing of unguided rockets into populated areas further raises concerns of indiscriminate attacks, as such weapons are inherently incapable of distinguishing between military objectives and civilian objects. This conduct, if proven, would violate the principles of distinction and military necessity.

Hostage Taking and Human Shielding

The abduction and continued detention of civilian hostages is prohibited in all circumstances under IHL and constitutes a grave breach of the Geneva Conventions. Public threats to execute hostages, if confirmed, would further compound these violations. Reports also indicate the use of human shielding practices, including embedding military assets within civilian infrastructure such as schools and mosques, and the failure of fighters to distinguish themselves from civilians. Such conduct, where established, would amount to a distinct war crime.

While investigations remain ongoing, the cumulative weight of available evidence points to serious violations by non-state armed groups. The nature of these alleged acts including direct attacks on civilians, hostage-taking, and the use of human shields places them among the most serious breaches of the laws of armed conflict.

The State’s Conduct of Hostilities and the Question of Proportionality

While the State of Israel invokes its inherent right to self-defence, that right cannot and does not eclipse the binding force of international humanitarian law. It does not confer licence to disregard the foundational duties to distinguish civilian life from military targets, to exercise constant precaution in attack, and to weigh every use of force against the proportionality of its human cost. These principles are not suspended in war they are the very limits that define whether the conduct of war remains lawful.

The Excessiveness of Civilian Harm

The Principle of Proportionality prohibits attacks expected to cause incidental civilian harm or damage that would be excessive in relation to the concrete and anticipated military advantage. This requires a difficult, subjective balancing test by military decision-makers.

However, the sheer scale of destruction in Gaza which has rendered large parts of the Strip uninhabitable and led to the desperate displacement of over 90 percent (1.9 million) of the population raises profound legal questions regarding sustained adherence to the proportionality standard. International bodies have documented findings that Israeli forces have carried out indiscriminate and disproportionate attacks. When strategic objectives result in the cumulative destruction of essential life support systems over a prolonged period, the operational methods themselves, and not merely isolated attacks, violates IHL.

Cumulative Civilian Harm and Systemic Failure

IHL's traditional focus on assessing the legality of individual tactical strikes is insufficient to judge modern asymmetric urban conflicts. The thousands of strikes, which may individually satisfy the proportionality test, have an aggregate effect termed Cumulative Civilian Harm that results in the collapse of health, education, and sanitation systems.

We contend that the systemic destruction of essential services necessary for survival under the guise of technical compliance demonstrates a functional failure of the law to achieve its objective of minimizing suffering. This necessitates legal evolution to require proportionality to be assessed strategically over the duration of a conflict, not just tactically, thereby preventing catastrophic IHRL breaches at a systemic level.

Grave Breaches and the Plausibility of Genocide

The systematic deprivation of the civilian population's means of survival transitions IHL breaches into acts that may qualify as Crimes Against Humanity (CAH) or specific war crimes under the Rome Statute.

Collective Punishment and Starvation as a Weapon

The continued imposition of the restrictive blockade on the Gaza Strip, including the disruption of essential services like fuel and electricity, has been determined by international organizations to constitute illegal collective punishment against the entire civilian population a grave violation of the Fourth Geneva Convention.

A particularly severe allegation centers on the deprivation of necessities. Evidence suggests authorities have deprived the civilian population of objects indispensable to its survival and have employed the starvation of civilians as a method of warfare. This is explicitly defined as a war crime under the Rome Statute. The International Court of Justice (ICJ) recognized the imminent, life-threatening crisis by issuing binding provisional measures, requiring Israel to ensure the provision of basic food supplies without delay.

Forced Displacement and Link to Genocide

The military operations have resulted in the displacement of approximately 1.9 million Palestinians. Allegations that Israeli forces have carried out deliberate, controlled demolitions to create permanent "buffer zones" raise the possibility of the crime against humanity of forcible transfer should these systematic actions lead to the permanent removal and refusal of return for the local population.

The widespread and systematic IHRL violations especially the calculated destruction of healthcare and shelter, and the use of starvation directly correlates with the actus reus (prohibited acts) required under the Genocide Convention ("deliberately inflicting on the group conditions of life calculated to bring about its physical destruction"). The ICJ’s focus on enforcing aid and preventing famine reinforces the specific legal link between massive IHRL deprivation and the plausibility of genocide-related acts.

Accountability: The Twin Tracks of International Justice

The legal fallout of the conflict is being processed via two parallel and distinct accountability tracks: State responsibilityat the ICJ, and individual criminal responsibility at the ICC.

The ICC investigation has jurisdiction over war crimes, crimes against humanity, and genocide and has taken the unprecedented step of seeking arrest warrants for senior leaders on both sides including Israeli leadership (Benjamin Netanyahu and Yoav Gallant) and Hamas leadership. This confirms the court’s determination to address allegations of the highest level crimes committed by all parties, including extermination, torture, hostage-taking, and the use of starvation as a method of warfare.

Concurrently, the ICJ case (South Africa v. Israel) addresses state responsibility under the 1948 Genocide Convention. The Court's finding that South Africa’s claim was plausible enough to proceed, specifically concerning the right of Palestinians in Gaza to be protected from acts of genocide, resulted in legally binding provisional measures mandating the immediate provision of aid. While the actus reus for mass crimes is established, the ultimate determination of genocide hinges entirely on the high legal bar of proving specific, destructive genocidal intent (mens rea) on the part of state leadership.

The current legal landscape is thus defined by widespread evidence of war crimes and crimes against humanity, coupled with a robust, binding international determination to pursue justice. The ICJ's enforcement of measures to prevent starvation underscores the critical linkage between massive IHRL breaches and the potential for the crime of genocide.

The profound functional limitations of the current IHL framework, revealed by the systemic devastation caused by cumulative destruction in hyper-dense urban settings, point to the necessity of legal evolution. Incorporating analytical approaches such as the Cumulative Civilian Harm doctrine has become increasingly important to ensure that international law reflects the realities of modern conflict. Only by moving beyond the narrow, tactical assessment of individual strikes and evaluating the broader legality of sustained military strategies can the law meaningfully address the scale of civilian suffering and infrastructural collapse characteristic of protracted warfare, while remaining true to its fundamental purpose: the protection of human life.

The CJEU’s Definitive Stance on Platform Abuse

The judgment delivered by the Court of Justice of the European Union (CJEU) on September 10, 2024 (Case C-48/22 P), represents the definitive legal conclusion to the decade-long Google Shopping antitrust dispute. This final ruling definitively upheld the European Commission's original finding of abuse of dominance and confirmed the landmark fine of €2.42 billion.  

Crucially, the ruling established a fundamental new legal standard for platform behavior. It firmly characterized active discriminatory leveraging (self-preferencing) as an independent category of abuse under Article 102 of the Treaty on the Functioning of the European Union (TFEU), fundamentally differentiating it from the stringent “refusal to supply” test.

This landmark victory provides the critical judicial underpinning necessary for the  ex-ante enforcement of the Digital Markets Act (DMA), validating the core anti-competitive theories currently applied against designated dominant "gatekeepers". Furthermore, the judicial finality immediately transforms the corporate risk landscape, clearing the path for substantial follow-on damages claims across the EU, already estimated to exceed €12 billion.  

Conclusion of the Saga: History and the New Legal Precedent

The saga began with the European Commission's June 2017 decision, which found that Google had breached EU antitrust rules (AT.39740) by abusing its dominant position in the online general search market. The abuse centered on illegal leveraging: Google was found to have actively promoted its own comparison shopping service (CSS) through prominent placement in its search results, while simultaneously demoting rivals via algorithmic adjustments . The long appeal process—culminating in the CJEU's September 2024 verdict after the EU General Court largely upheld the finding in November 2021—demonstrates the inherent inertia of  ex-post antitrust enforcement against sophisticated digital behavior, serving as the central operational justification for the EU's subsequent shift to pre-emptive regulation via the DMA. The Court’s verdict was welcomed by consumer advocacy groups for confirming that the harm focused on denying consumers access to unbiased online information and competitive pricing.  

Defining Self-Preferencing as an Independent Abuse

The most critical shift was the CJEU's explicit rejection of Google's defense, which argued the case should have been assessed against the strict Bronner refusal-to-supply test. The Court determined the Bronner conditions were inapplicable because the case did not involve a refusal of access to the search results page. Instead, it involved access being granted but subjected to discriminatory conditions.  

By making this distinction, the Court established Active Discriminatory Leveraging—the active favoring of a firm's own products or services to the detriment of rivals—as an independent form of abuse. This principle requires only a finding that the dominant undertaking provided access to its infrastructure but subjected that access to "unfair conditions," such as algorithmic demotion or unfavorable display. Crucially, the CJEU confirmed that the Commission discharged its duty by demonstrating the conduct's   capability of foreclosing rivals, rather than being required to prove the actual elimination of competition.  

The Collision of Law: Antitrust Meets Ex-Ante Regulation

The final CJEU ruling arrived at a critical juncture for EU policy, providing robust judicial confirmation that the anti-competitive practices targeted by the DMA are indeed harmful and abusive under established TFEU competition law. This precedent drastically simplifies the Commission’s task under the DMA, especially concerning self-preferencing practices covered by DMA Article 6(5).  

This regulatory drive is converging significantly with the framework for Artificial Intelligence. The AI Act entered into force in August 2024, with governance rules and specific obligations for General-Purpose AI (GPAI) models becoming applicable in August 2025. The nexus between the competition ruling (requiring equal algorithmic treatment ), the DMA (requiring non-discrimination), and the AI Act (requiring transparency for GPAI systems ) creates a single, integrated EU mandate. This effectively requires that all critical algorithms used by gatekeepers must be auditable, explainable, and provably neutral.  

The ruling also solidifies the financial consequences. Google was mandated to cease its illegal conduct and apply the "same processes and methods" to the positioning and display of rival CSS results as it provided to its own service. The judicial finality triggers massive liability exposure, with follow-on damage claims from price-comparison websites across at least seven European countries currently estimated to total a minimum of  €12 billion. This decisive European outcome provides a sharp contrast to the parallel, "light touch" US Department of Justice (DOJ) antitrust case against Google, which in September 2025 avoided imposing the harshest penalties and ordered only limited remedies.  

The Broader Belgian/EU Regulatory Environment

The context of the Google Shopping decision must be viewed alongside equally stringent and dynamic regulatory enforcement occurring at the national and sectoral levels.

In Belgium, the Data Protection Authority (DPA) demonstrated a heightened enforcement appetite. In December 2024, the Belgian DPA imposed a substantial fine of €200,000 on a hospital following a ransomware attack, explicitly ruling that the hospital had failed in its active duty to take preventive cybersecurity measures.  

Simultaneously, the CJEU recently refined data privacy standards under the GDPR, clarifying that the simple pseudonymisation of data does not automatically remove its status as "personal data" in all contexts. The identifiability of data subjects must be rigorously assessed from the  controller's perspective, meaning if a third party could reasonably re-identify individuals by cross-referencing auxiliary data, the original data remains personal. This significantly increases the burden on organizations, including gatekeepers utilizing vast internal datasets for AI model training, to conduct rigorous Data Protection Impact Assessments (DPIAs) that comprehensively consider re-identification risks.  

The CJEU's final judgment in the Google Shopping case has finalized the legal standard for digital self-preferencing, validating the entire philosophy underpinning the EU’s assertive approach to regulating digital gatekeepers and confirming massive financial liability exposure.

The Global AI Regulatory Crossroads

As artificial intelligence reshapes global commerce, two powerful regulatory philosophies are emerging: a comprehensive, human-centric framework from the European Union (EU) and a pro-innovation, top-down approach from the Gulf Cooperation Council (GCC). This divergence is more than a legal nuance; it’s a strategic challenge for any business with global ambitions.

The EU seeks to regulate AI to safeguard fundamental rights, while GCC nations, led by the UAE and Saudi Arabia, view AI as a central pillar of national competitiveness and economic diversification. Ambitious projects like Saudi Arabia's Vision 2030 and the UAE's Centennial 2071 aren't just roadmaps for technology adoption; they are comprehensive state-sponsored projects designed to redefine their economies. For a business, this means market entry is a form of participation in a national endeavor, and a smart compliance strategy is a key indicator of commitment.  

The EU's Precautionary Framework: A Look at the AI Act

The EU's Artificial Intelligence Act (AIA) is the world's first comprehensive regulatory framework for AI. It applies a use-case-dependent, risk-based approach, with obligations becoming more rigorous as the potential harm to health, safety, and fundamental rights increases. The Act broadly defines an AI system as a "machine-based system that can, with some level of autonomy, process inputs to infer how to generate outputs... that can influence physical or virtual environments".  

The AIA establishes four risk levels for AI systems :  

• Unacceptable Risk: These systems are a clear threat to EU values and are outright prohibited. Examples include social scoring and real-time remote biometric identification in public spaces.  

• High-Risk: These systems could cause significant harm. They are not banned, but are subject to strict regulations, including continuous risk management, rigorous data governance, and human oversight.  

• Limited Risk: These systems, such as chatbots or deepfakes, may cause confusion. They are subject to transparency obligations, requiring disclosure to the user that they are interacting with an AI.  

• Minimal/No Risk: This lowest tier, which includes most AI applications like spam filters, is generally unregulated. 

The Act’s broad extraterritorial scope is a significant consideration; it applies to providers outside the EU if their AI system's output is used within the EU.  

The GCC's Pro-Innovation Posture

In contrast to the EU's prescriptive approach, the GCC's AI regulatory landscape is a strategic effort to cultivate an innovation-first environment, driven by government-led initiatives to diversify the economy away from oil and gas.  

• Saudi Arabia: The regulatory framework is centralized under the Saudi Authority for Data and Artificial Intelligence (SDAIA). While there is no dedicated AI law, the foundational legal framework is the Personal Data Protection Law (PDPL), which applies to any processing of personal data involving individuals in the Kingdom, even by entities outside the country. The PDPL enshrines data protection principles familiar to those operating under GDPR-like regimes, such as lawfulness, purpose limitation, and data minimization. SDAIA also issues non-binding guidelines for AI ethics and generative AI, which promote responsible use and address risks like misinformation and bias.  

• United Arab Emirates: The UAE has adopted a "light-touch" approach that emphasizes self-regulation. The legal framework is a "patchwork of decrees," including the federal UAE PDPL and specific regulations within free zones like the Dubai International Financial Centre (DIFC) and the Abu Dhabi Global Market (ADGM). A key strategic differentiator is the use of regulatory sandboxes, or "RegLabs," designed to foster innovation and accelerate the development of future legislation. These sandboxes allow for live, time-bound testing of new technologies under regulatory supervision, offering a lower barrier to entry for innovation than the EU’s approach.  

A Head-to-Head Regulatory Comparison

While both the EU and the GCC are committed to leading in the global AI race, their regulatory approaches are driven by fundamentally different philosophies. Understanding this divergence is critical for businesses seeking to operate in both regions.

Strategic Takeaways for Business

Navigating these two divergent landscapes requires a deliberate and proactive strategy.

1. Build on a Strong Foundation: A global business can streamline its compliance efforts by building a single, harmonized data governance framework based on the core principles of GDPR. This approach allows legal and compliance teams to focus on regional-specific AI governance nuances rather than rebuilding core systems, as the KSA's PDPL and the UAE's free zone regulations have adopted similar data privacy principles.  

2. Use Sandboxes Strategically: The EU’s sandboxes are a tool for demonstrating compliance with a pre-defined set of rules. In contrast, the GCC’s sandboxes are a strategic lever for accelerated market entry and legislative development. A business can use a UAE RegLab to test a new AI product that might face significant time-to-market delays in the EU, then use the insights to inform a more robust, compliant product for an eventual EU launch. This dual-track strategy can create a significant competitive edge.  

3. A New Paradigm for Expansion: The EU and the GCC represent two fundamentally different visions for the future of AI. The EU’s approach is a fortress of regulation built on the precautionary principle, while the GCC’s is a high-speed launchpad for innovation. The most successful businesses will be those that embrace a dynamic and adaptable compliance strategy, transforming a complex challenge into a significant competitive advantage.

The Belgian Digital Transformation: A Phased Revolution

The Belgian government’s journey toward a fully digital invoicing ecosystem began with a phased, multi-year strategy, first targeting the public sector with a Business-to-Government (B2G) mandate. This deliberate approach served as a crucial testing ground for the national e-invoicing infrastructure before its expansion to the private sector. The B2G mandate was implemented through a series of federal laws and regional decrees that gradually enforced e-invoicing in public procurement based on contract value.  

This experience with B2G transactions was critical. The government utilized the Peppol interoperability model and developed the Mercurius platform, which functioned as a central "mailroom" for public sector entities. This strategic implementation allowed the government to refine its approach and establish network governance before extending the requirements to the entire private B2B sector. The B2B mandate is a clear example of a calculated, multi-year plan rather than a spontaneous regulatory change, with each phase building upon the success of the last.  

The legal foundation for the B2B mandate is the federal law modifying the VAT code, which was approved by the Belgian parliament on February 6, 2024, and officially gazetted on February 20, 2024. This law has been further elaborated by the Royal Decree of July 2025, which confirmed the standards, penalties, and the mandate's effective date of January 1, 2026.The mandate's development aligns with the European Union’s broader "VAT in the Digital Age" (ViDA) initiative, and Belgium has been granted a derogation from the EU VAT Directive to implement its domestic mandate ahead of the EU-wide timeline.

Core Requirements and Technical Specifications

The B2B e-invoicing mandate applies to transactions between Belgian VAT-registered entities, including foreign companies with a permanent establishment in Belgium. While there are exemptions for B2C transactions and certain VAT-exempt services, the mandate is compulsory for self-employed individuals and small businesses under the VAT exemption scheme (with an annual turnover below €25,000) as they are still considered VAT-liable entities.  

The Peppol network is the cornerstone of Belgium's e-invoicing framework, designated as the default channel for transmitting electronic invoices. A critical requirement is that all businesses must be technically capable of issuing and receiving e-invoices via Peppol, even if they agree to use alternative platforms, thereby standardizing the entire market onto a single, interoperable network.  

All in-scope transactions must use a structured electronic format, specifically the Peppol BIS 3.0 (UBL) standard, which is a fundamental departure from unstructured formats like PDF or paper invoices, which will no longer be legally accepted. The mandate also requires that a reliable audit trail is maintained, ensuring three key technical integrity rules:  

• Authenticity of Origin: Verifies the identity of the issuer, with both sender and recipient responsible.  

• Integrity of Content: Guarantees that the invoice information has not been altered after issuance.  

• Legibility of the Invoice: The document's content must remain clear and readable throughout its retention period.  

A new VAT rounding rule also takes effect, allowing rounding only on the total VAT amount per rate, not on individual line items.  

The Business Impact and a Gateway to Efficiency

The primary objective for the government is to modernize its tax system and combat a significant VAT gap, which is estimated to be as high as €11 billion annually due to tax fraud. For businesses, the mandate is a strategic gateway to operational efficiency. The use of structured e-invoices allows for end-to-end automation, drastically reducing manual data entry and errors.  

Research estimates this shift could result in total savings exceeding €3.6 billion for Belgian companies through reduced administrative costs and streamlined workflows. The automated process can also lead to faster payments, with some service providers reporting that their clients get paid up to 8 days sooner on average. For many businesses, particularly Small and Medium-sized Enterprises (SMEs), the mandate compels a necessary modernization of their back-office processes, leading to improved data accuracy and a more secure, verifiable audit trail.  

Strategic Recommendations for Compliance

To ensure a smooth transition, businesses should proactively:

1. Assess Your Current Workflow: Evaluate your existing systems and identify the necessary changes.

2. Select a Peppol Access Point Provider: Engage a certified service provider to ensure you are technically capable of using the network.  

3. Update Software and Systems: Ensure your ERP or accounting software is compatible with the Peppol BIS UBL format.  

4. Train Staff: Prepare finance, administrative, and sales teams for the new processes.

5. Maintain a Reliable Audit Trail: Implement internal controls to ensure authenticity, integrity, and legibility requirements are met.  

The government has introduced tax incentives to support this digital transformation, while also instituting a strict penalty regime for non-compliance.

Tax Incentives

• Increased Investment Deduction: From January 1, 2025, digital investments are eligible for a 20% increase in the investment deduction.  

• Enhanced Cost Deduction: For taxable periods from 2024 to 2027, small businesses and independent contractors can apply an increased fee deduction of 120% for billing programs and associated consultancy costs.

Cross-Border Operations and Future Outlook

The B2B e-invoicing mandate is explicitly focused on domestic transactions between two VAT-registered entities in Belgium. For cross-border transactions, electronic invoicing is permitted only with the agreement of the recipient, with the format and method determined by bilateral consultation.  

However, by requiring its domestic businesses to adopt the pan-European Peppol network, the Belgian government is preparing them for the EU's full "VAT in the Digital Age" (ViDA) framework. This is a foundational step toward a planned near real-time e-reporting system in 2028. This future system will build upon the Peppol network, transitioning to a 5-corner model that includes direct, secure communication with the Belgian tax administration to eventually replace the annual client listing and provide real-time tax data.

In conclusion, the new Belgian B2B e-invoicing mandate, effective January 1, 2026, is a significant and non-negotiable shift toward digital processes. Based on the Peppol network and the Peppol BIS 3.0 (UBL) standard, it requires proactive action from businesses to update systems and ensure compliance. While the penalties for non-compliance are substantial, the mandate also acts as a strategic gateway to long-term operational efficiency, offering benefits like cost savings, faster payments, and enhanced security. By aligning with the EU's ViDA initiative and laying the groundwork for a future e-reporting system, this transformation positions Belgian businesses for greater digital maturity and competitiveness.

The EU AI Act: A Foundational Overview

The European Union's Artificial Intelligence Act (AI Act), which entered into force on August 1, 2024, is a pioneering regulatory framework designed to ensure the ethical, safe, and trustworthy development and deployment of AI systems within the EU. This legislation establishes a global precedent for AI governance by adopting a risk-based approach, with obligations and oversight measures directly proportional to the potential harm an AI system could pose to health, safety, and fundamental rights. The Act's broad, extraterritorial reach means it applies not only to providers and deployers based in the EU but also to any third-country providers whose high-risk AI system outputs are used within the Union.

The core of the AI Act is a four-tiered risk framework that categorizes AI systems with escalating levels of regulation:

• Unacceptable Risk: AI systems that pose a clear threat to fundamental rights are prohibited. This includes practices such as social scoring systems, biometric categorization of individuals to deduce protected characteristics, and manipulative AI that exploits vulnerabilities to distort behavior and cause significant harm.

• High-Risk: These are AI systems that can pose a serious risk to health, safety, or fundamental rights. They are subject to the most stringent obligations under the Act. The legislation identifies high-risk applications in several key sectors, including financial services, healthcare, and manufacturing.

• Limited Risk: This category of AI systems, such as chatbots or deepfakes, is subject to specific transparency obligations. Providers must ensure that users are aware when they are interacting with an AI system and that AI-generated content is clearly identifiable.

• Minimal Risk: The majority of AI applications currently available on the market, such as video games and spam filters, are considered to pose minimal to no risk and are therefore largely unregulated by the Act.

Phased Implementation: A Compliance Timeline

The AI Act’s obligations are not effective immediately but are phased in over a multi-year timeline, creating a staggered compliance roadmap. The most critical prohibitions on unacceptable risk AI systems will become applicable as early as February 2025. Any company, regardless of its industry or location, that currently uses or is developing systems that fall into this banned category is already operating with a significant compliance risk. The motivation for early preparation is underscored by the Act’s severe penalties for non-compliance, with fines reaching up to €35 million or 7% of a company’s global turnover.

Following the initial prohibitions, codes of practice for General Purpose AI (GPAI) systems will be ready in May 2025, with corresponding obligations becoming applicable in August 2025. The core obligations for high-risk AI systems listed in Annex III—which include systems used in employment, education, and critical infrastructure—will take effect in August 2026. A later deadline of August 2027 is provided for high-risk AI systems that are components of regulated products, such as medical devices or vehicles. This phased approach means that companies cannot afford to wait; they must initiate an immediate audit of their AI systems and establish a comprehensive governance framework now to navigate the full timeline.

Sectoral Implications and High-Risk Use Cases

The AI Act will have significant implications across multiple industries by classifying specific use cases as high-risk. Companies in these sectors must begin aligning their product development and internal processes with the Act’s requirements.

• Financial Services: AI is widely used for tasks such as fraud detection, creditworthiness assessments, and risk evaluation. The Act specifically categorizes AI systems used for creditworthiness assessments as high-risk. This classification imposes strict requirements on financial institutions, including the need to implement a quality management system, perform conformity assessments, and maintain detailed documentation and logging. Given that a 2023 ECB survey found 60% of major European banks are already using AI, the compliance burden for this sector is substantial.

• Healthcare: AI is transforming medicine by improving diagnostics, personalizing treatment plans, and optimizing resource allocation. However, AI-based software for medical purposes is classified as high-risk. This necessitates that manufacturers integrate the AI Act's requirements with existing regulations, such as the Medical Device Regulation (MDR), ensuring data quality to mitigate bias and establishing clear protocols for human oversight. The new Product Liability Directive also works in tandem with the AI Act to provide better legal certainty for victims in cases where a defective product, including an AI system, causes damage.

• Manufacturing and Other Sectors: The Act classifies AI used in machinery, robotics, and vehicles as high-risk, particularly where safety is involved. Manufacturers must align their product development and conformity assessments with the Act's technical and transparency standards now. Beyond these core sectors, the Act also impacts education (e.g., AI tools for exam scoring), employment (e.g., CV-sorting software for recruitment), and law enforcement (e.g., predictive policing).

Obligations for Providers and Deployers

The AI Act imposes distinct but interconnected obligations on both providers (developers) and deployers (users) of AI systems. For providers, this means establishing a robust risk management system, ensuring high-quality datasets that minimize bias, providing comprehensive technical documentation, and designing systems for record-keeping and human oversight. For certain high-risk systems, third-party conformity assessments will be required before they can be placed on the market. Deployers, on the other hand, must ensure human oversight and continuous monitoring of the systems in operation to ensure compliance. The new legal regime grants a contracting party a direct, extracontractual claim against a director if the director’s fault caused the damage, even if that fault was committed in the framework of a contract.

The Pillars of Sustainability: A Triple Bottom Line Approach

Sustainability in a business context has evolved from a voluntary, philanthropic endeavor to a core strategic imperative that is fundamental to a company's longevity and resilience. This holistic approach is often framed by the "Triple Bottom Line" theory, which posits that a company's success should be measured not just by its financial performance but also by its impact on society and the environment. This framework is often summarized by the three Ps: Profit, Planet, and People.

• Profit (Economic Sustainability): This pillar goes beyond short-term financial gains to focus on a company's long-term viability. It encompasses practices that create a resilient economic model, such as efficient resource management, cost-effective operations, and investment in innovation. It also includes ensuring fair wages and equitable growth opportunities for employees, recognizing that a stable, well-compensated workforce is essential for sustained profitability.

• Planet (Environmental Sustainability): This dimension is perhaps the most widely understood. It is centered on minimizing the negative impact of business activities on the natural world. This includes reducing carbon emissions, conserving water, managing waste responsibly, and transitioning to renewable energy sources.Companies that adopt green practices not only help combat climate change but often achieve cost savings through reduced energy consumption and waste-disposal expenses.

• People (Social Sustainability): This pillar focuses on the well-being of all people and communities affected by a company’s operations. It covers a wide spectrum of issues, from employee rights and working conditions to community engagement and ethical supply chain management. For multinational corporations, this means ensuring against child labor and promoting fair wages for workers across their global supply chains.

This three-pronged approach is encapsulated in the increasingly influential ESG (Environmental, Social, and Governance) criteria, which provides a practical framework for investors to evaluate a company's sustainability performance and inform their investment decisions.

The Business Imperative: Benefits and Opportunities

Adopting a comprehensive sustainability strategy is no longer a matter of corporate social responsibility but a critical factor in a company's competitive advantage. By embracing sustainable practices, companies can achieve improved operational efficiency and reduced costs, as evidenced by examples such as Unilever saving $440 million through eco-efficiency projects. Furthermore, a commitment to sustainability enhances a company’s brand reputation, helping to attract and retain customers and employees who value green and ethical practices. Companies that are proactive in this area, such as IKEA, are also better positioned to comply with new and forthcoming legislation, including the EU Climate Law and the CSDDD, which mandates due diligence on human rights and environmental impacts.

A particularly compelling dynamic is the complex interplay between artificial intelligence and sustainability. AI presents a significant paradox: it can be a powerful tool for advancing sustainability goals, yet its underlying infrastructure has a substantial environmental footprint. On one hand, AI and machine learning models are already being used to optimize transportation logistics, as seen in UPS’s ORION system, which reduces fuel usage by minimizing turns on delivery routes. Airbus similarly uses 3D printing to manufacture lighter aircraft parts, which significantly decreases fuel consumption and greenhouse gas emissions.

On the other hand, the energy-intensive nature of AI training and deployment is a growing concern. Generating a single image with a generative AI can consume as much energy as fully charging a smartphone. The fossil fuel industry is also leveraging AI to optimize its operations and increase production. While the EU AI Act currently only "encourages" environmental sustainability on a voluntary basis, existing regulations, such as the EU's Energy Efficiency Directive, require data centers to disclose their energy and water consumption, providing a partial regulatory push towards more responsible AI infrastructure.

Real-World Case Studies in Sustainability

Leading companies across various industries have successfully integrated sustainability into their core business models, providing valuable blueprints for others.

• IKEA's Supply Chain Accountability: IKEA's IWAY supplier code of conduct is a robust framework that ensures its partners meet strict humanitarian and environmental standards. The code evaluates everything from core worker rights and workplace safety to water and waste management in the supply chain.

• Patagonia's Circular Economy and Activism: Patagonia has built its brand on a commitment to the environment. The company operates a circular economy model by sourcing recycled materials, offering free repair services, and actively engaging in climate policy. The founder’s decision to transfer ownership of the company to a non-profit dedicated to fighting climate change is a powerful example of integrating purpose into a corporate structure. The company's circular economy approach continues to evolve, with a goal of eliminating virgin materials from its product line by 2025. Its headquarters also operates on 100% renewable electricity and has one of California's largest corporate solar panel systems.

• H&M's Circularity: H&M has shown how even a fast-fashion retailer can create a more circular model with its "Let's Close the Gap" initiative. The program collects old clothes from customers for restoration or recycling and provides incentives in the form of discounts, creating a feedback loop that promotes sustainable consumption.

• Apple's Closed-Loop Supply Chain: Apple has achieved 100% renewable energy use across its data centers, retail stores, and offices. As of 2025, over 99% of its product packaging is fiber-based and recyclable. The company's material recovery labs and self-designed disassembly robots support its goal of a closed-loop supply chain.

The New Frontier of Director Liability

A new Book 6 of the Belgian Civil Code, which took effect on January 1, 2025, has introduced a significant shift in corporate liability by abolishing the principle of "quasi-immunity" for company directors. Previously, a company's contractual partners were generally shielded from directly suing a director for a contractual breach committed by the company. Legal claims had to be directed at the company itself, and directors were largely protected from personal liability for their actions in the execution of corporate contracts.

The new legal regime fundamentally changes this dynamic. It now grants a contracting party a direct, extracontractual claim against a director if the director’s fault caused the damage, even if that fault was committed in the framework of a contract. For example, if a director knowingly approves the delivery of a defective product, the customer can now pursue personal liability claims against that director in addition to a claim against the company.

While directors still benefit from liability caps—which range from €125,000 to €12 million depending on the company's size—these protections are not absolute and do not apply in cases of intentional misconduct. To mitigate this new risk, companies must take proactive steps, including revising new and existing contracts to explicitly limit or exclude the non-contractual liability of their directors. Additionally, companies should review and potentially increase their directors and officers (D&O) insurance coverage and strengthen internal governance through clear decision-making processes and meticulous documentation to demonstrate due diligence.

Significant Amendments to Belgian Employment Law

The new Belgian government agreement, effective from January 2025, marks a substantial overhaul of labor law, introducing several key changes that will impact employers and employees alike. These measures aim to increase flexibility for employers while also tightening conditions for unemployment and early retirement.

• Reintroduction of Probation Periods: Employers will be allowed to terminate employment with a one-week notice period during the first six months. This is a significant change from the previous system and provides greater flexibility for employers in the initial phase of an employment relationship.

• Cap on Severance Pay: For new hires, severance pay will be capped at 52 weeks. While its immediate effect will be limited, as it will only become relevant after 17 years of seniority, it is a clear long-term signal of the government's intention to control labor costs.

• Flexi-Jobs Expansion: The "flexi-job" system, which provides a tax-attractive system for part-time work, will be expanded to all sectors unless a specific sector opts out. The maximum tax-free annual income for flexi-jobs will also be increased to €18,000, and the minimum hourly wage will rise to €21.

• Increased Employer Responsibility for Sick Employees: Employers will now be required to contribute 30% of the sickness allowance during the first two months following the initial 30 days of an employee's incapacity, making long-term absences more expensive for companies.

Beyond these changes, the government has also identified imbalances in B2B purchase agreements as a priority concern and is expected to ban certain unfair contract terms in the hotel, restaurant, and catering sectors.

Additional Amendments in Employment Law

The new government agreement also includes additional changes to labor law. The maximum number of annual voluntary overtime hours will be increased to 360 for all workers, with up to 450 hours allowed in the hotel, restaurant, and bar (HORECA) sector. The government also intends to introduce "fit notes" from treating physicians, which will clarify an employee's remaining work capacities rather than simply providing a sick note. The minimum age for student work will be set at 15 years old, and the maximum limit for student work under the fiscally beneficial system will be permanently increased to 650 hours per year.