AI Training Requires Licensing in EU, Platforms GDPR Responsibility for UG Ads, Slovenia Digital Nomad and Other News – December 2025

The final weeks of 2025 brought significant court decisions reshaping how technology companies handle intellectual property and personal data across Europe.

Two major copyright rulings established contradictory precedents for AI training practices, whilst European courts expanded platform liability under GDPR in ways that will require substantial compliance infrastructure changes. Meanwhile, Poland’s proposed digital services tax and Slovenia’s new digital nomad programme signal continued regulatory and policy shifts affecting tech operations.

German Court Rules AI Training Requires Licensing

On 11 November 2025, the Munich Regional Court delivered what may become a defining judgment in the ongoing battle over AI training data. GEMA, Germany’s collecting society for musical works, successfully argued that OpenAI’s use of song lyrics to train ChatGPT constituted copyright infringement requiring proper licensing.

The court’s reasoning centred on a straightforward principle: if an AI model can reproduce copyrighted content as output, the model has effectively “embodied” that content during training. This approach differs from arguments about temporary copies or intermediate processing steps. The German court found the technical mechanisms of how AI stores and retrieves information to be irrelevant to the copyright analysis.

For technology companies, this creates immediate licensing obligations. The ruling means that any training dataset containing copyrighted material from Germany requires advance clearance from rights holders. This isn’t limited to obvious copying – even where the training process involves substantial transformation, the court focused on the model’s capability to reproduce the original works.

The decision also settled a key liability question: AI developers are responsible for infringement, not end users who prompt the system to generate infringing outputs. This places the compliance burden squarely on the companies building and deploying the models.

UK Court Takes Different Approach in Getty Images Case

Just days after the German ruling, a UK court examined similar questions in Getty Images v Stability AI, reaching conclusions that complicate the licensing landscape further. The case centred on whether Stability AI’s use of Getty’s images to train Stable Diffusion constituted copyright infringement under UK law.

Getty succeeded in establishing that their images were used without permission and that this involved copying. However, the case took an unusual procedural turn. Because Stable Diffusion’s training occurred outside the UK, Getty had to rely on a theory of “secondary infringement” – essentially arguing that downloading an AI model trained on infringing material abroad was analogous to importing counterfeit goods.

The court had to determine whether an AI model qualifies as an “article” under UK copyright law, and whether software constitutes tangible goods for import purposes. Whilst the full judgment details remain pending, the case illustrates how jurisdictional complexity creates enforcement challenges.

For companies operating internationally, this highlights a critical risk: different jurisdictions are applying fundamentally different legal frameworks to the same technical processes. A training practice that might be defensible in one territory could face liability in another, not because of different copyright principles, but because of procedural and jurisdictional variations.

The practical outcome is that companies cannot assume consistent treatment across Europe, let alone globally. Each market requires separate analysis, and a licensing strategy that works in one jurisdiction may prove inadequate elsewhere.

Romanian Case Expands Platform GDPR Obligations

On 2 December 2025, the Court of Justice of the European Union issued a landmark ruling that fundamentally redefines data protection responsibilities for online marketplaces. Case C-492/23 established that platform operators qualify as GDPR controllers for personal data appearing in user-generated advertisements, even when the platform neither creates nor approves that content.

The case arose from an advertisement published on a Romanian marketplace containing photographs and contact details of a woman falsely suggesting she offered sexual services. Although the platform removed the content shortly after notification, the damage was done – the material had already been copied and republished elsewhere.

The court held that platforms are not merely neutral technical intermediaries. By structuring content, providing categorisation systems, and monetising advertisements, platforms “determine the purposes and means of processing” under Article 4(7) GDPR. The terms of service provisions allowing platforms to copy, distribute and modify content further support controller status.

More significantly, the court ruled that eCommerce Directive liability exemptions do not override GDPR obligations. A platform might avoid civil liability for unlawful content under hosting safe harbours, but this provides no protection from data protection enforcement.

The ruling imposes proactive obligations unprecedented in their scope. Platforms must now implement pre-publication screening to identify special category data under Article 9 GDPR. This means technical systems capable of detecting sensitive information about racial or ethnic origin, political opinions, religious beliefs, health data, and sexual orientation before content goes live.

For marketplaces and classified platforms, the compliance implications are substantial. You cannot simply respond to takedown notices after publication – the court expects preventative measures. This shifts operational models from reactive content moderation to proactive data protection screening. The technical infrastructure required to screen all user submissions for sensitive data at scale represents a significant investment, particularly for platforms handling millions of listings.

The judgment also creates clear liability exposure for previously grey areas. If a user publishes personal data about a third party without consent, the platform is now jointly responsible as a controller. This means direct exposure to GDPR fines, not just liability for hosting content.

Slovenia Launches Digital Nomad Visa Programme

On 21 November 2025, Slovenia became the latest European country to implement a digital nomad visa scheme, joining a growing list of jurisdictions competing for remote workers. The programme allows non-EU nationals to reside in Slovenia for up to 12 months whilst working remotely for foreign employers or clients.

The visa is non-renewable in its current form, though applicants can reapply after a six-month gap following the initial period’s expiration. The income requirement stands at twice the average Slovenian salary, designed to ensure economic self-sufficiency without displacing local workers.

For technology companies, particularly those with distributed teams or considering European presence, Slovenia’s programme offers tactical advantages. The country provides EU access without the compliance complexity of larger markets, and its geographic position between Western Europe and the Balkans offers logistical benefits.

However, the programme’s structure reveals its limitations. A 12-month cap followed by a mandatory six-month absence makes Slovenia unsuitable for establishing permanent operations or building long-term teams. The scheme works for temporary projects or exploratory phases, but any sustained presence requires transitioning to conventional residence permits or corporate establishment.

Companies should also consider the tax implications carefully. Whilst Slovenia offers a 10% flat income tax rate, digital nomads remain subject to their home country’s tax obligations in most cases. The visa status doesn’t automatically create tax residency, which can complicate reporting requirements and social security contributions.

The wider trend of digital nomad programmes across Europe – Bulgaria, Croatia, Estonia, and now Slovenia – reflects governments’ attempts to capture economic activity from remote work without offering permanent immigration pathways. For tech companies, these programmes provide flexibility for deploying team members short-term, but they’re no substitute for proper international expansion planning.

Poland Considers 3% Digital Services Tax

Polish authorities launched consultations on 17 September 2025 regarding a proposed 3% Digital Services Tax targeting large platforms. The tax would apply to companies with global revenue exceeding EUR 750 million, focusing on digital advertising, online marketplaces, and data transfer services.

The proposal follows similar taxes implemented by France, Italy, Spain and the UK, despite ongoing OECD negotiations seeking a multilateral solution. Poland’s version specifically targets revenue rather than profits, meaning companies face the tax liability regardless of whether they achieve profitability in the Polish market.

For technology companies, this creates several immediate concerns. First, the tax applies to gross revenue, not net income. A platform operating on thin margins could find the 3% levy consuming a significant portion of profits. This particularly affects marketplaces and advertising businesses where revenue volumes are high but margins are compressed.

Second, the draft legislation is expected in 2026, but implementation details remain uncertain. Companies need clarity on exactly which services fall within scope, how revenue attribution works for cross-border transactions, and what reporting obligations apply. The consultation period will likely see significant lobbying, but businesses should prepare for the tax’s introduction regardless.

The United States has already warned of potential retaliatory measures, viewing digital services taxes as discriminatory against US technology companies. If implemented, Poland’s tax could trigger broader trade tensions, particularly given the new administration’s stated positions on European digital regulation.

For companies operating across multiple European markets, Poland’s proposal adds to an already complex patchwork. France, Italy and Spain have similar taxes with different thresholds and calculation methods. The UK has its own variant. Managing compliance across these jurisdictions requires dedicated tax planning and local expertise, with the administrative burden scaling proportionally to the number of markets served.

More fundamentally, digital services taxes create permanent cost structures that affect business model viability. A 3% top-line tax might seem manageable in isolation, but combined with corporate income tax, VAT, and other levies, the cumulative burden can make certain markets economically questionable for digital businesses.

These developments illustrate how European regulatory landscape continues evolving in directions that create both compliance obligations and operational constraints for technology companies. The German and UK copyright decisions demonstrate that legal uncertainty around AI training will persist, with companies facing contradictory requirements across jurisdictions. The Romanian GDPR ruling imposes substantial new compliance costs on platforms through mandatory pre-publication screening.

Technology companies face a period where regulatory costs are rising whilst legal certainty remains elusive. International operations require jurisdiction-specific licensing strategies, as assuming consistent treatment across borders creates exposure.

Wolja Digital tracks these developments and guides technology companies through the practical implications of new court decisions and regulatory changes. We help structure your operations to manage compliance obligations whilst maintaining business flexibility across European jurisdictions.