We had the privilege of joining Israel’s leading law firms in a fundraising event organised by the Israeli branch of DLA Piper in support of the Rising Up project by the Shalva organisation. Together, we managed to raise 120,000 shekels, which will go towards the Rising Up project dedicated to integrating young people with disabilities into the IDF and supporting them throughout their service. This includes accommodation, studies at the Jerusalem College of Technology, recreational activities, and professional guidance.

Thank you for the opportunity to take part in this worthy initiative, and congratulations to all the ERM players!

For the full article, click here: https://bit.ly/3U8vx4L

Partner, Rotem Perelman-Farhi, and Adv. Dr. Laura Jelinek in a piece on the new AI Transparency Law in CA – from a legal perspective.

On September 28, 2024, the California governor signed into law bill AB 2013, the so-called “AI transparency act”. This new law requires generative AI developers to post certain documentation on their website regarding the data used to train their AI systems. The law applies to generative AI released on or after January 1, 2022, and developers must comply with its provisions by January 1, 2026.

Who is subject to the law? The law applies to AI “developers”, i.e. any person or entity that either develops a generative AI technology or service or that “substantially modifies it,” and that make the AI system available for use in California. The scope is therefore rather broad and means that service providers that engage in material retraining or fine-tuning of existing generative AI models also need to comply with the law.

Scope of the Law: The law regulates “generative artificial intelligence,” which is defined as AI “that can generate derived synthetic content, such as text, images, video, and audio, that emulates the structure and characteristics of the artificial intelligence’s training data.”

What do developers need to do in order to comply? If a developer makes a generative AI system publicly available to Californians, it has to disclose certain documentation regarding the data used to train the system or service, among others:

  • The sources or owners of the datasets, and whether the developer purchased or licensed the datasets;
  • an explanation how the data is used in the AI system or service;
  • whether the datasets include any copyrighted or trademark-protected data;
  • the time period during which the data was collected; and
  • whether the datasets include “personal information” or “aggregate consumer information” as those terms are defined under the California Consumer Privacy Act.

Exemptions: AB 2013 does not apply to generative AI systems or services that are (1) solely designed to ensure security and integrity, (2) solely intended for the operation of aircraft within the national airspace, or (3) developed for national security, military, or defense purposes, and are made available only to a federal entity.

Other AI laws in California

Together with AB 2013, several other AI-related bills have been signed into law in California. Several of these focus on the use of AI in healthcare and in education; another bill requires watermarking of AI-generated content under certain circumstances.

The governor vetoed, however, SB 1047, known as the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act. This bill, supported by Elon Musk and Anthropic, and opposed by OpenAI, Meta and Google, had proposed the introduction of new safety requirements for large-scale AI models. Developers of large AI models, among others, would need to establish full shutdown capabilities, outline safety and security protocols to prevent significant harm to public infrastructure, and adhere to specific audit requirements.

Thanks to the Walla Money magazine for the congratulatory article regarding the joining of Adv. Tamar Dolev-Green to Epstein Rosenblum Maoz (ERM). Tamar is a partner and head of the Antitrust and Competition law department at our firm and brings with her great expertise and rich experience in the field.


We welcome her joining the ERM team!

On 21 September 2023, the UK Department for Science, Innovation and Technology announced further details on the new transatlantic data flow mechanism for UK-to-US personal data transfers. The new adequacy regulations were laid in Parliament and will take effect on 12 October 2023. From that date on, organisations in the United Kingdom will be able to transfer personal data to US organisations that are certified to the “UK Extension to the EU-US Data Privacy Framework” without the need for additional data protection safeguards.

As previously described by ERM (here and here), the EU-US Data Privacy Framework (“DPF”) is a mechanism that allows personal data to be transferred from the EU to US companies that are certified under the DPF without the need for additional data protection safeguards. Companies that wish to self-certify under the DPF need to commit to the “DPF Principles” and comply with a detailed set of privacy obligations.

How does the Data Bridge Work?

The UK Extension to the DPF, also known as “UK-US Data Bridge”, extends the DPF to data flows from the UK to the US. US organisations that already participate in the Data Privacy Framework can opt in to receive data from the UK. Those that wish to do so can elect to participate in the UK-US Data Bridge either as part of their annual re-certification to the EU-U.S. Data Privacy Framework, or outside of their annual certification to the EU-US Data Privacy Framework provided that they make their election no later than January 16, 2024.

What should Companies do next?

UK companies transferring personal data from the UK to the US should check whether the US businesses they work with participate (or plan to participate) in the UK-US data bridge, check US businesses’ privacy policies and assess whether the particular data transfer in question is covered by the Data Bridge.

Both UK and US companies may need to update their privacy policies, agreements and records of processing in order to reflect that they rely on or are certified under the UK-US data bridge.

Where businesses cannot rely on the new UK-US Data Bridge, they will have to continue using one of the already existing safeguards for data transfers, such as the international data transfer addendum to the European Commission’s standard contractual clauses for data transfers or binding corporate rules.

ERM is ready to support clients in the process of certifying under the Data Privacy Framework and on any other matters relating to privacy and data protection laws. Please reach out to us for more information.


The review was written by Rotem Perelman – Farhi, Partner and Heads of the firm’s Technology, IP & Data Department and Dr. Laura Jelinek, Associate in the the firm’s Technology, IP & Data Department.


* This newsletter is provided for informational purposes only, is general in nature, does not constitute a legal opinion or legal advice and should not be relied on as such. If you are seeking legal advice, it is essential to review the specific facts of each case in detail with a qualified lawyer.

ERM has advised the Egoz Fund, whose subsidiary, ESHEL Real Estate Ltd., will grant a NIS 18,000,000 loan to members of a purchase group in Mazkeret Batya.

This is an interesting and complex transaction of a purchase group combined with TAMA 38.

The group purchased rights from the owners of the apartments in a building in Mazkeret Batya, and through an external organizer and a management company (Etgar Al) will strengthen the building against earthquakes and will add 17 housing units.

Eran Mizrahi, a partner in the real estate and urban renewal department, led the team with trainee Zvi Zavner.

For more information on such transactions, or our real estate and urban renewal department, please contact Eran Mizrahi or another member of our team.