On October 21, 2025, the New York Department of Financial Services ("NYDFS") sent a letter to the executives and information security personnel at covered entities with new guidance for managing technology and data risks...more
12/10/2025
/ Business Continuity Plans ,
Cloud Computing ,
Cybersecurity ,
Data Security ,
FinTech ,
Incident Response Plans ,
New Guidance ,
NYDFS ,
Policies and Procedures ,
Regulatory Oversight ,
Risk Management ,
Supply Chain ,
Third-Party Risk ,
Third-Party Service Provider
California's new Transparency in Frontier Artificial Intelligence Act creates the nation's first standardized safety disclosure framework for frontier AI models. On September 29, 2025, Governor Newsom signed the Transparency...more
10/27/2025
/ Artificial Intelligence ,
California ,
Disclosure Requirements ,
Innovative Technology ,
Machine Learning ,
New Legislation ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Transparency ,
Whistleblowers
Three new California privacy bills signed into law expand consumer privacy protections and could have broad compliance implications for any company doing business in the state....more
On January 1, 2026, California Assembly Bill 2013, the "Generative Artificial Intelligence Training Data Transparency Act" ("AB 2013"), will come into effect, requiring generative artificial intelligence ("GenAI") developers...more
9/18/2025
/ Artificial Intelligence ,
California ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Innovative Technology ,
Machine Learning ,
New Legislation ,
Regulatory Requirements ,
State Privacy Laws ,
Training ,
Transparency ,
Website Owner Liability ,
Websites
The Single Resolution Board ("SRB") transferred pseudonymized comments from data subjects to Deloitte without informing them. The European Data Protection Supervisor ("EDPS") found a violation of information duties applicable...more
9/11/2025
/ Anonymization ,
Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Transfers ,
Disclosure Requirements ,
EDPS ,
EU ,
General Court of the European Union (GCEU) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Regulatory Violations ,
Single Resolution Board ,
Transparency
On September 3, 2025, the General Court of the European Union dismissed an action for annulment brought by a French member of Parliament against the European Commission's decision recognizing the adequacy of the level of...more
The European Union's Artificial Intelligence Act ("AI Act") establishes a comprehensive, risk-based regulatory framework including provisions relating to general-purpose AI ("GPAI") models that apply as from 2 August 2025. In...more
8/6/2025
/ Artificial Intelligence ,
Copyright ,
EU ,
European Commission ,
Innovative Technology ,
Machine Learning ,
New Legislation ,
Popular ,
Regulatory Requirements ,
Risk Management ,
Transparency
The White House recently announced America's AI Action Plan (the "Plan")—sweeping federal AI policy reforms prioritizing innovation and deregulation of the artificial intelligence ("AI") industry....more
8/6/2025
/ Artificial Intelligence ,
Data Centers ,
Executive Orders ,
Export Controls ,
Infrastructure ,
Innovative Technology ,
Machine Learning ,
National Security ,
Regulatory Reform ,
Semiconductors ,
Trump Administration
The National Institute of Standards and Technology ("NIST") recently updated its 2020 Privacy Framework 1.0 to include artificial intelligence ("AI") risk management....more
On April 22, 2025, the Federal Trade Commission ("FTC") published the finalized amendments to the Children's Online Privacy Protection Act ("COPPA") Rule (the "Rule"), marking the first major update since 2013....more
5/9/2025
/ COPPA ,
Data Privacy ,
Federal Trade Commission (FTC) ,
FERPA ,
Final Rules ,
First Amendment ,
New Regulations ,
NPRM ,
Online Safety for Children ,
Parental Consent ,
Personal Information ,
Regulatory Requirements
The Office of Management and Budget releases highly anticipated guidance to federal agencies on the use and deployment of artificial intelligence and how to manage its risks....more
5/7/2025
/ Artificial Intelligence ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Machine Learning ,
National Security ,
New Guidance ,
OMB ,
Regulatory Requirements ,
Risk Management ,
Technology Sector ,
Trump Administration
The European Union's Artificial Intelligence Act ("AI Act"), the world's first comprehensive legal framework on AI, entered into force on August 1, 2024. The AI Act sets out staggered compliance deadlines for the various...more
DORA, the first EU regulation designed to establish a unified and robust digital resilience standard for the financial sector, becomes directly applicable on January 17, 2025, introducing significant penalties and...more
The final rule establishes prohibitions and restrictions on the transfer of certain data due to national security risks from specified countries of concern....more
1/16/2025
/ Data Brokers ,
Data Privacy ,
Data Protection ,
Data Transfers ,
Department of Justice (DOJ) ,
Export Controls ,
Final Rules ,
International Data Transfers ,
National Security ,
Personal Data ,
Regulatory Requirements ,
Reporting Requirements
A new presidential administration is likely to bring change across the federal government, perhaps nowhere more starkly than at the Securities and Exchange Commission ("SEC"), which has greatly expanded its enforcement reach...more
The Transportation Security Administration's ("TSA") proposed rule would require owners and operators of certain pipeline, freight railroad, passenger railroad, rail transit, and over-the-road bus ("OTRB") systems to...more
12/2/2024
/ Comment Period ,
Cybersecurity ,
Infrastructure ,
Oil & Gas ,
Pipelines ,
Proposed Rules ,
Railroads ,
Regulatory Agenda ,
Risk Management ,
Rulemaking Process ,
Surface Transportation ,
Transportation Security Administration
As the national implementation deadline for the NIS 2 EU Directive is over, businesses in scope should ensure they will soon be ready to comply with the strengthened cybersecurity requirements....more
New York recently passed new cybersecurity regulations for hospitals licensed in New York to enhance patient safety and cybersecurity....more
11/7/2024
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Hospitals ,
Information Technology ,
New Legislation ,
New York ,
Personally Identifiable Information ,
PHI ,
Regulatory Reform
The first wave of Australia's expansive privacy law reforms has been introduced into Federal Parliament in the Privacy and Other Legislation Amendment Bill 2024 (Cth) ("Bill")....more
10/29/2024
/ Australia ,
Cybersecurity ,
Damages ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Invasion of Privacy ,
Personally Identifiable Information ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
On September 4, 2024, U.S. Securities and Exchange Commission ("SEC") Chair Gary Gensler reiterated concerns about artificial intelligence-related ("AI") disclosures and the need for companies to communicate accurately about...more
10/24/2024
/ Artificial Intelligence ,
Boilerplate Language ,
Broker-Dealer ,
Class Action ,
Disclosure Requirements ,
Investment Adviser ,
Machine Learning ,
Misrepresentation ,
Publicly-Traded Companies ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Securities Violations ,
Shareholder Litigation
On September 19, 2024, California adopted the California AI Transparency Act ("SB 942") to create transparency mechanisms that allow consumers to determine whether an "image, video, or audio content, or content that is any...more
The Federal Aviation Administration ("FAA") has proposed new rules to standardize its criteria for addressing cybersecurity threats for transport category airplanes, engines, and propellers....more
On June 20, 2024, a U.S. federal district court held, in a suit brought by Jones Day, that the Department of Health and Human Services ("HHS") had misapplied the Health Insurance Portability and Accountability Act ("HIPAA")...more
8/2/2024
/ Confidential Information ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Medical Records ,
New Guidance ,
PHI
The U.S. District Court for the Southern District of New York dismissed the majority of claims that the Security and Exchange Commission ("SEC") asserted against SolarWinds, including claims that the company's alleged...more
Rhode Island is the latest state to adopt a comprehensive data privacy law, titled the Data Transparency and Privacy Protection Act....more