Mauricio Paez

Mauricio Paez

Jones Day

Contact

Readers' Choice Awards

Cybersecurity
Cybersecurity
Cybersecurity
View Bio
RSS

Latest Publications

Share:

New ECB Guide on Outsourcing Cloud Services to Cloud Service Providers

On 16 July 2025, the European Central Bank ("ECB") published a non-binding Guide clarifying supervisory expectations for institutions outsourcing cloud services....more

11/7/2025  /  Banks , Capital Requirements Directive IV (CRDIV) , Cloud Computing , Digital Operational Resilience Act (DORA) , EU , Exit Strategies , Information and Communication Technology (ICT) , Regulatory Oversight , Regulatory Requirements , Risk Management

Italy Leads the Way in Shaping National AI Legislation Within the EU

Italy is the first EU Member State to enact national legislation on Artificial Intelligence ("AI"), thereby positioning itself as a frontrunner in shaping AI rule-making within the European Union....more

10/16/2025  /  AI Act , Artificial Intelligence , Data Centers , Data Privacy , Data Protection , EU , General Data Protection Regulation (GDPR) , Healthcare , Information Technology , Intellectual Property Protection , Italy , Machine Learning , New Legislation , Popular , Regulatory Reform , Regulatory Requirements

Raising the Stakes: California Enacts Trio of New Consumer Privacy Obligations

Three new California privacy bills signed into law expand consumer privacy protections and could have broad compliance implications for any company doing business in the state....more

10/14/2025  /  California , California Consumer Privacy Act (CCPA) , California Privacy Protection Agency (CPPA) , Consumer Privacy Rights , Data Brokers , New Legislation , Opt-Outs , Regulatory Requirements , Social Media , State Privacy Laws

Rising Global Regulation for Artificial Intelligence (UPDATED)

Artificial intelligence (“AI”) is a global subject of intense focus by governments, research institutions, investors, and corporations, ranging from start-ups to well-established industry leaders. As technology and regulatory...more

10/2/2025  /  Artificial Intelligence , Emerging Technologies , Innovative Technology , Machine Learning , New Regulations , Popular , Regulatory Oversight , Regulatory Reform , Regulatory Requirements , Risk Management

CJEU Clarifies Scope of Personal Data in EDPS v SRB Decision

The Single Resolution Board ("SRB") transferred pseudonymized comments from data subjects to Deloitte without informing them. The European Data Protection Supervisor ("EDPS") found a violation of information duties applicable...more

9/11/2025  /  Anonymization , Court of Justice of the European Union (CJEU) , Data Controller , Data Processors , Data Transfers , Disclosure Requirements , EDPS , EU , General Court of the European Union (GCEU) , General Data Protection Regulation (GDPR) , Personal Data , Regulatory Violations , Single Resolution Board , Transparency

EU General Court Upholds EU-U.S. Data Privacy Framework

On September 3, 2025, the General Court of the European Union dismissed an action for annulment brought by a French member of Parliament against the European Commission's decision recognizing the adequacy of the level of...more

9/5/2025  /  Cross-Border Transactions , Cybersecurity Framework , Data Privacy , Data Protection , EU , European Commission , General Court of the European Union (GCEU) , General Data Protection Regulation (GDPR) , International Data Transfers , Schrems I & Schrems II

EU AI Act: European Commission Publishes General-Purpose AI Code of Practice

The European Union's Artificial Intelligence Act ("AI Act") establishes a comprehensive, risk-based regulatory framework including provisions relating to general-purpose AI ("GPAI") models that apply as from 2 August 2025. In...more

8/6/2025  /  Artificial Intelligence , Copyright , EU , European Commission , Innovative Technology , Machine Learning , New Legislation , Popular , Regulatory Requirements , Risk Management , Transparency

White House Issues Executive Orders on AI Action Plan

The White House recently announced America's AI Action Plan (the "Plan")—sweeping federal AI policy reforms prioritizing innovation and deregulation of the artificial intelligence ("AI") industry....more

8/6/2025  /  Artificial Intelligence , Data Centers , Executive Orders , Export Controls , Infrastructure , Innovative Technology , Machine Learning , National Security , Regulatory Reform , Semiconductors , Trump Administration

NIST Updates Its Privacy Framework to Address AI

The National Institute of Standards and Technology ("NIST") recently updated its 2020 Privacy Framework 1.0 to include artificial intelligence ("AI") risk management....more

5/12/2025  /  Artificial Intelligence , Data Privacy , Innovative Technology , Machine Learning , NIST , Privacy Framework , Risk Management

FTC Finalizes Amendments to the Children's Online Privacy Protection Act Rule

On April 22, 2025, the Federal Trade Commission ("FTC") published the finalized amendments to the Children's Online Privacy Protection Act ("COPPA") Rule (the "Rule"), marking the first major update since 2013....more

5/9/2025  /  COPPA , Data Privacy , Federal Trade Commission (FTC) , FERPA , Final Rules , First Amendment , New Regulations , NPRM , Online Safety for Children , Parental Consent , Personal Information , Regulatory Requirements

OMB Directs Agencies to Accelerate AI Adoption and Devise Governance Strategy

The Office of Management and Budget releases highly anticipated guidance to federal agencies on the use and deployment of artificial intelligence and how to manage its risks....more

5/7/2025  /  Artificial Intelligence , Executive Orders , Federal Contractors , Government Agencies , Machine Learning , National Security , New Guidance , OMB , Regulatory Requirements , Risk Management , Technology Sector , Trump Administration

EU AI Act: First Rules Take Effect on Prohibited AI Systems and AI Literacy

The European Union's Artificial Intelligence Act ("AI Act"), the world's first comprehensive legal framework on AI, entered into force on August 1, 2024. The AI Act sets out staggered compliance deadlines for the various...more

2/28/2025  /  Artificial Intelligence , Enforcement Guidance , EU , European Commission , Machine Learning , Regulatory Agenda , Regulatory Requirements , Risk Management

New Export Control Rule Regulates Global Diffusion of Artificial Intelligence

The U.S. Commerce Department's Bureau of Industry and Security ("BIS") issued a rule establishing a framework to prevent U.S. adversaries from accessing the most advanced artificial intelligence ("AI") systems while...more

2/6/2025  /  Artificial Intelligence , Bureau of Industry and Security (BIS) , Cybersecurity , Export Controls , Innovative Technology , Licensing Rules , National Security , Regulatory Requirements , Risk Management , Semiconductors , U.S. Commerce Department

Understanding DORA: Digital Operational Resilience Act Now in Effect for Financial Entities and ICT Service Providers

DORA, the first EU regulation designed to establish a unified and robust digital resilience standard for the financial sector, becomes directly applicable on January 17, 2025, introducing significant penalties and...more

1/17/2025  /  Compliance , Cybersecurity , Data Privacy , Data Protection , Digital Operational Resilience Act (DORA) , EU , Financial Institutions , Financial Services Industry , Regulatory Requirements , Risk Management

TSA Releases Proposed Rule to Enhance Pipeline and Railroad Cyber Risk Management

The Transportation Security Administration's ("TSA") proposed rule would require owners and operators of certain pipeline, freight railroad, passenger railroad, rail transit, and over-the-road bus ("OTRB") systems to...more

12/2/2024  /  Comment Period , Cybersecurity , Infrastructure , Oil & Gas , Pipelines , Proposed Rules , Railroads , Regulatory Agenda , Risk Management , Rulemaking Process , Surface Transportation , Transportation Security Administration

NIS 2 Directive: Transposition Period is Up for EU Member States

As the national implementation deadline for the NIS 2 EU Directive is over, businesses in scope should ensure they will soon be ready to comply with the strengthened cybersecurity requirements....more

11/19/2024  /  Cybersecurity , Data Protection , Data Security , EU , EU Directive , Member State , Risk Management

New York Imposes Stringent Cybersecurity and Cyber Incident Reporting Obligations on Hospitals

New York recently passed new cybersecurity regulations for hospitals licensed in New York to enhance patient safety and cybersecurity....more

11/7/2024  /  Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare Facilities , Hospitals , Information Technology , New Legislation , New York , Personally Identifiable Information , PHI , Regulatory Reform

Illinois Becomes Second State to Pass Broad Legislation on the Use of AI in Employment Decisions

On August 9, 2024, Illinois Governor J.B. Pritzker signed into law H.B. 3773 (the "Act"), making Illinois the second state to pass broad legislation on the use of artificial intelligence ("AI") in employment decisions....more

10/30/2024  /  Artificial Intelligence , Automated Decision Systems (ADS) , Bias , Employer Liability Issues , Employment Discrimination , Employment Policies , Hiring & Firing , Illinois , Job Applicants , Labor Reform , Machine Learning , New Legislation , State Labor Laws

First Tranche of Australia's Much Anticipated Privacy Law Reforms Revealed

The first wave of Australia's expansive privacy law reforms has been introduced into Federal Parliament in the Privacy and Other Legislation Amendment Bill 2024 (Cth) ("Bill")....more

10/29/2024  /  Australia , Cybersecurity , Damages , Data Breach , Data Privacy , Data Protection , Data Security , Invasion of Privacy , Personally Identifiable Information , Proposed Regulation , Regulatory Agenda , Regulatory Reform

EU Enacts Broad Cybersecurity Requirements for Hardware and Software Products

On October 10, 2024, the EU Cyber Resilience Act ("CRA") was adopted by the Council of the European Union....more

10/24/2024  /  Cybersecurity , ENISA , EU , EU Data Protection Laws , Hardware , Regulatory Requirements , Software

SEC's and Private Litigants' Continued Focus on "AI Washing"

On September 4, 2024, U.S. Securities and Exchange Commission ("SEC") Chair Gary Gensler reiterated concerns about artificial intelligence-related ("AI") disclosures and the need for companies to communicate accurately about...more

10/24/2024  /  Artificial Intelligence , Boilerplate Language , Broker-Dealer , Class Action , Disclosure Requirements , Investment Adviser , Machine Learning , Misrepresentation , Publicly-Traded Companies , Regulatory Requirements , Securities and Exchange Commission (SEC) , Securities Regulation , Securities Violations , Shareholder Litigation

California Enacts AI Transparency Law Requiring Disclosures for AI Content

On September 19, 2024, California adopted the California AI Transparency Act ("SB 942") to create transparency mechanisms that allow consumers to determine whether an "image, video, or audio content, or content that is any...more

10/15/2024  /  Artificial Intelligence , California , Innovative Technology , Machine Learning , New Legislation , Risk Management , Transparency

Brazil Amps Up Enforcement of Data Protection Law

Actions in the last six months of the Brazilian National Data Protection Authority (“ANPD”) suggest that it intends to aggressively enforce the Brazilian Data Protection Law (“LGPD”). The LGPD applies to any entity that...more

9/23/2024  /  Brazil , Consumer Privacy Rights , Data Breach , Data Controller , Data Privacy , Data Protection , Data Security , International Data Transfers , Personal Data , Personally Identifiable Information , Sensitive Personal Information

New FAA Regulations Target Cybersecurity Vulnerabilities in Aircraft Design

The Federal Aviation Administration ("FAA") has proposed new rules to standardize its criteria for addressing cybersecurity threats for transport category airplanes, engines, and propellers....more

9/20/2024  /  Aircraft , Aircraft Equipment , Aviation Industry , Cyber Threats , Cybersecurity , Federal Aviation Administration (FAA) , Final Rules , Notice of Proposed Rulemaking (NOPR) , NPRM

U.S. District Court Invalidates HHS Guidance Overreading HIPAA's Application to Online Technologies

On June 20, 2024, a U.S. federal district court held, in a suit brought by Jones Day, that the Department of Health and Human Services ("HHS") had misapplied the Health Insurance Portability and Accountability Act ("HIPAA")...more

8/2/2024  /  Confidential Information , Covered Entities , Data Privacy , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Privacy Rule , Medical Records , New Guidance , PHI
147 Results
 / 
View per page
Page: of 6
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide