On January 8, 2025, the U.S. Department of Justice (Department or DOJ) issued new rules required by then-President Biden’s February 2024 Executive Order (EO) 14117 to establish a new regulatory framework aimed at “Preventing...more
4/4/2025
/ Biometric Information ,
China ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Executive Orders ,
Final Rules ,
National Security ,
New Regulations ,
Popular ,
Reporting Requirements ,
Sensitive Personal Information
The U.S. Department of Justice’s (DOJ) sweeping new rule on cross-border data transactions is set to take effect in substantial part next month, with broad implications for companies that transfer U.S. personal data or...more
3/6/2025
/ Compliance ,
Cross-Border Transactions ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Export Controls ,
Federal Trade Commission (FTC) ,
National Security ,
Regulatory Requirements ,
Reporting Requirements ,
Sensitive Personal Information
The White House Office of Science and Technology Policy (OSTP) is seeking input on the Artificial Intelligence (AI) Action Plan being developed by the Administration, in a Request for Information (RFI) published on February...more
2/6/2025
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Executive Orders ,
Export Controls ,
Machine Learning ,
National Science Foundation ,
National Security ,
OSTP ,
Regulatory Agenda ,
Request For Information ,
Technology Sector ,
Trump Administration
As expected, President Trump took action on the first day of his new term to revoke the landmark 2023 Executive Order on Artificial Intelligence (AI) that was the centerpiece of the Biden Administration’s approach to AI....more
1/28/2025
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Executive Orders ,
Government Agencies ,
NIST ,
OMB ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Reform ,
Risk Management ,
Technology Sector ,
Trump Administration
On January 20, 2025, President Trump issued a Presidential memorandum entitled Regulatory Freeze Pending Review (Freeze Order). This action is unsurprising, as previous Presidents have consistently issued similar memoranda at...more
1/27/2025
/ Artificial Intelligence ,
Bureau of Industry and Security (BIS) ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Department of Justice (DOJ) ,
Executive Orders ,
FCC ,
Federal Trade Commission (FTC) ,
Final Rules ,
Foreign Agents Registration Act (FARA) ,
Government Agencies ,
OFR ,
Proposed Rules ,
Regulatory Freeze ,
Regulatory Reform ,
Telecommunications ,
Trump Administration
Last year we made some predictions about 2024’s cyber landscape and major issues. Several proved prescient, with incident reporting, CISO scrutiny, SEC aggression, and new regulation of various sectors taking shape as the...more
1/7/2025
/ Artificial Intelligence ,
Chief Information Security Officer (CISO) ,
China ,
Corporate Counsel ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
DFARS ,
Emerging Technologies ,
FCC ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Intelligence Services ,
Internet of Things ,
Loper Bright Enterprises v Raimondo ,
National Security Agency (NSA) ,
NIST ,
OIG ,
Popular ,
Regulatory Agenda ,
Regulatory Standards ,
SCOTUS ,
TSA ,
Unmanned Aircraft Systems
On October 21, 2024, the U.S. Department of Justice (Department or DOJ) and the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued proposals – required by the...more
10/24/2024
/ Biden Administration ,
Biometric Information ,
CFIUS ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Exempt Transactions ,
Foreign Entities ,
International Emergency Economic Powers Act (IEEPA) ,
National Security ,
NPRM ,
Prohibited Transactions ,
Recordkeeping Requirements ,
Reporting Requirements ,
Restricted Transactions ,
Sensitive Personal Information
On Tuesday, October 8, CTIA hosted the ConnectMobile Forum as part of this year’s Mobile World Congress in Las Vegas. The event brought together stakeholders from the messaging and voice ecosystems to discuss consumer...more
In this episode of the Wiley Connected podcast, hosts Duane Pozza and Kat Scott, partners in Wiley's Privacy, Cyber, and Data Governance practice, discuss the implications of new comprehensive privacy laws in Oregon and Texas...more
On April 30, 2024 the White House updated the foundational U.S. government policy that defines critical infrastructure (CI) sectors and establishes a coordination structure within the federal government to support owners and...more
The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is publishing a proposed rule (Proposal or NPRM) that will require broad segments of industry to meet onerous and quick...more
4/1/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Preservation ,
Department of Defense (DOD) ,
Department of Energy (DOE) ,
Department of Homeland Security (DHS) ,
Financial Services Industry ,
Food and Drug Administration (FDA) ,
Healthcare ,
ICANN ,
Information Technology ,
NPRM ,
Popular ,
Ransomware ,
Recordkeeping Requirements ,
Securities and Exchange Commission (SEC)
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework version 2.0 (CSF 2.0). CSF 2.0 is a generational update to NIST’s foundational cybersecurity guidance, which...more
On February 22, 2024, the Federal Communications Commission (FCC or “Commission”) released a Public Draft of a Report and Order that, if adopted, would establish a voluntary labeling program for Internet of Things (IoT)...more
2/26/2024
/ Consumer Product Safety Commission (CPSC) ,
Cybersecurity ,
FCC ,
Food and Drug Administration (FDA) ,
International Harmonization ,
Internet of Things ,
Labeling ,
National Security ,
NIST ,
NPRM ,
Popular ,
Product Labels
As we enter the New Year, Wiley has looked back at the top cyber issues for 2023 and what they mean for 2024. Last year, we saw the rollout of the National Cybersecurity Strategy—which outlined a new era of cyber oversight—as...more
1/3/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Environmental Protection Agency (EPA) ,
Executive Orders ,
FBI ,
Federal Acquisition Regulations (FAR) ,
Federal Trade Commission (FTC) ,
FISA ,
NIST ,
NSTAC ,
NYDFS ,
OMB ,
Popular ,
Ransomware ,
Securities and Exchange Commission (SEC) ,
TSA
2023 has been a big year for AI with the landmark Executive Order for Safe, Secure, and Trustworthy Artificial Intelligence (EO) adding to the already busy and dynamic AI landscape. Issued less than two months ago, the EO has...more
12/22/2023
/ Artificial Intelligence ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Defense (DOD) ,
Emerging Technology Companies ,
Executive Orders ,
FCC ,
Federal Trade Commission (FTC) ,
National Security ,
NIST ,
Notice of Inquiry ,
OMB ,
Popular ,
Risk Management ,
Robocalling ,
TCPA ,
U.S. Commerce Department ,
UK
The end of the year is a good time to revisit your organization’s privacy policy to ensure it is accurate and up to date. Notably, at least one state privacy law – the California Consumer Privacy Act (CCPA) – requires that a...more
The Black Cat/ALPHV ransomware group filed a complaint with the U.S. Securities and Exchange Commission (SEC) to allege that one of their victims failed to disclose a cyberattack to the SEC within four days, reports Bleeping...more
On day two of Mobile World Congress (MWC), CTIA hosted a panel on “Promoting Security in a 5G World.” The panel discussed ongoing efforts by regulators and the ways that the wireless industry is responding to a changing...more
9/29/2023
/ 5G Network ,
Customer Proprietary Network Information (CPNI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Harmonization Rules ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
NIST ,
Popular ,
Telecommunications ,
Wireless Industry ,
Wireless Technology
On September 19, 2023, the Department of Homeland Security (DHS) released a Report to Congress (Report) on the Harmonization of Cyber Incident Reporting to the Federal Government. The Report reflects on the 52 in-effect or...more
California continues to forge ahead on potential new privacy, cybersecurity, and artificial intelligence (AI) obligations, including through its California Consumer Privacy Act (CCPA) rulemaking process and by launching a new...more
9/14/2023
/ Artificial Intelligence ,
Audits ,
Automated Systems ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Protection ,
Executive Orders ,
Governor Newsom ,
Machine Learning ,
Recordkeeping Requirements ,
Risk Assessment ,
Training Requirements
In a new Notice of Proposed Rulemaking (NPRM), the Federal Communications Commission (FCC) imposes a short comment deadline for a complex new cybersecurity labeling regime for Internet of Things (IoT) devices. The NPRM also...more
Cybersecurity continues to be top of mind for federal and state policymakers. This advisory identifies and analyzes some major recent developments that present opportunities and challenges in the coming months for a broad...more
8/4/2023
/ Biden Administration ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Department of Defense (DOD) ,
Disclosure Requirements ,
FCC ,
Federal Agency Taskforce ,
Oil & Gas ,
OIRA ,
Pipelines ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
TSA
Public companies will soon face new cybersecurity disclosure requirements from the Securities and Exchange Commission (SEC), which voted last week to approve a controversial new cybersecurity rule. The final rule—which is...more
8/2/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
By next year, consumers may be able to scan a QR code on their connected devices for information about cybersecurity protections that are built into their devices. Details on the program are still being worked out, but the...more
On July 13, 2023, the Federal Communications Commission (FCC or Commission) released a Draft Notice of Inquiry (Draft NOI or Draft) that would seek input on leveraging new technologies to collect and analyze data on...more