AI Governance Daily, 13 May 2026

Yesterday VDL stood in Copenhagen and put children at the centre of EU AI policy.

Today the Future of Privacy Forum walks us through the operational tool that actually delivers on that speech: the Commission's 29 April age verification recommendation.

This is the pattern to watch.

Speech = recommendation = DSA enforcement action. The political mood music gets converted into binding compliance work inside about six weeks.

If you run trust and safety, or you sell anything a 14-year-old might touch, your workload just got heavier. Fast.

🇪🇺 Europe & Regulation

• Age verification: the Commission shows its hand. FPF's walk-through of the 29 April Recommendation is the clearest read yet on where DSA enforcement is heading. It's non-binding on paper. In practice it's the operational follow-on from yesterday's Copenhagen speech, and it also picks a fight with national social media bans that don't fit the EU template. Translation for platforms: age assurance is no longer a roadmap item, it's a 2026 deliverable. Read

• Digital euro confidentiality, CNIL and the Germans speaking jointly. A joint statement from CNIL and the German federal data authority lands as the digital euro proposal heads for a Parliament vote, with Eurosystem issuance pencilled in for 2029. Why this is on an AI desk: CBDC rails will run automated decisioning at population scale. The privacy architecture they bake in now becomes the constraint on every AI model that ever touches a payment. Read

• EDPB Opinion 13/2026 on Finnish DPA certification. Looks like dry process plumbing. Isn't. Certification bodies = how the AI Act will actually scale enforcement once high-risk obligations bite. Think Cyber Essentials, but for model governance. Worth watching who gets accredited, on what scope, and how member states diverge. Read

🧠 Voices worth 5 minutes

• Metaculus on AI and the labour market. Deger Turan on Lawfare's Scaling Laws with fresh decade-out forecasts on workforce displacement. Forecasts aren't facts, but Metaculus is one of the few places doing this with discipline. Useful ammunition if you're trying to get your exec team off vibes and onto numbers when they talk about "AI and jobs". Read

• Bernard Marr on creatives fighting for their rights. IP and labour, viewed from the creative end of the value chain. If you have a marketing, design, or content function, your people are reading pieces like this and forming a view of your company. Better you've read it too. Read

⚠️ Watchlist

• Trump AI security executive order: still expected, still not signed.
• Council and Parliament formal adoption of the EU Omnibus deal before 2 August 2026.
• Article 50(2) provider transparency obligations: now 2 December 2026.
• High-risk AI obligations: now 2 December 2027.

---

Two days, one throughline: protect the kids, then build the rails. Speeches on Tuesday, recommendations on Wednesday, fines later. If your 2026 plan still treats trust and safety as someone else's problem, rewrite it this week.