Executive Summary
The year 2024 was the year of artificial intelligence regulation and the maturation of sustainability obligations in the business legal sphere. The **AI Act** was definitively approved and published in August, initiating its progressive entry into force and creating new regulatory urgency for all companies that use, develop or deploy AI systems. The **CSRD Directive** began its effective application for the first wave of obliged companies. And the **AEPD** continued intensifying its activity, with cumulative fines of €9.4 million.
At BMC, the legal department expanded its practice into AI law and corporate sustainability, areas that were shaping up as two of the pillars of business legal advice for years to come.
Key Highlights
The AI Act (EU Regulation 2024/1689) was a first-order regulatory milestone. With a risk-based approach for AI systems, the regulation establishes differentiated obligations for different types of applications. The areas of greatest impact for Spanish companies were: AI systems used in human resources (selection, performance evaluation, absence management), consumer credit and solvency assessment, biometric surveillance and control, and critical infrastructure management systems. From BMC, we initiated more than 45 projects analysing AI Act compliance for clients across different sectors.
CSRD in force for large public interest entities (more than 500 employees) generated intense demand for advice on preparing the first reports under ESRS standards. The double materiality analysis — which requires identifying both the company’s impact on the environment and the environment’s impact on the company — was the most laborious part of the process and where specialised advice added the greatest value.
Data protection reached a new level of maturity with the AEPD fully consolidated as an active regulator. The €9.4 million in fines for the year reflected unrelenting supervision activity, with proceedings extending to the AI sphere, next-generation cookies and biometric data processing in employment environments.
Practice Area Analysis
Employment law and AI: The use of algorithms in workforce management — in delivery platforms, contact centres and shift management — generated growing conflict. Workers and their union representatives began invoking the right to information on algorithmic management systems (recognised in the Workers’ Statute since the 2021 reform) with greater frequency and sophistication.
Environmental compliance: The Waste and Circular Economy Act (Act 7/2022) underwent regulatory development during the year, with the approval of several Royal Decrees on extended producer responsibility, packaging and deposit return systems. Companies in affected sectors had to implement waste management systems and adapt their supply chains to new requirements.
Intellectual property and AI: Questions of ownership and protection of AI-generated works, the lawfulness of training models with protected works and liability for the outputs of generative systems began to generate litigation and legal questions that European courts were starting to resolve.
Regulatory Changes
The Corporate Sustainability Due Diligence Directive (CS3D, Directive 2024/1760), approved in June 2024, established due diligence obligations regarding human rights and the environment for large companies with progressive employee and turnover thresholds. Companies had to begin mapping their supply chains with sustainability criteria.
Our data and technology legal advisory services consolidated as a reference point for companies navigating the complex digital regulatory ecosystem.
Outlook
The year 2025 would bring the Golden Visa abolition, entry into force of AI Act prohibitions, reduction of working hours to 37.5 and preparation for the second CSRD wave of obliged entities. The business legal environment showed no signs of simplification; on the contrary, the growing normative density made specialised and preventive legal advice more valuable than ever.
Our corporate law and compliance team continued leading the support of clients in proactive management of their legal obligations in an environment of growing complexity.
