The National Institute of Standards and Technology ("NIST") recently updated its 2020 Privacy Framework 1.0 to include artificial intelligence ("AI") risk management....more
The Office of Management and Budget releases highly anticipated guidance to federal agencies on the use and deployment of artificial intelligence and how to manage its risks....more
5/7/2025
/ Artificial Intelligence ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Machine Learning ,
National Security ,
New Guidance ,
OMB ,
Regulatory Requirements ,
Risk Management ,
Technology Sector ,
Trump Administration
The European Union's Artificial Intelligence Act ("AI Act"), the world's first comprehensive legal framework on AI, entered into force on August 1, 2024. The AI Act sets out staggered compliance deadlines for the various...more
The U.S. Commerce Department's Bureau of Industry and Security ("BIS") issued a rule establishing a framework to prevent U.S. adversaries from accessing the most advanced artificial intelligence ("AI") systems while...more
2/6/2025
/ Artificial Intelligence ,
Bureau of Industry and Security (BIS) ,
Cybersecurity ,
Export Controls ,
Innovative Technology ,
Licensing Rules ,
National Security ,
Regulatory Requirements ,
Risk Management ,
Semiconductors ,
U.S. Commerce Department
DORA, the first EU regulation designed to establish a unified and robust digital resilience standard for the financial sector, becomes directly applicable on January 17, 2025, introducing significant penalties and...more
The Transportation Security Administration's ("TSA") proposed rule would require owners and operators of certain pipeline, freight railroad, passenger railroad, rail transit, and over-the-road bus ("OTRB") systems to...more
12/2/2024
/ Comment Period ,
Cybersecurity ,
Infrastructure ,
Oil & Gas ,
Pipelines ,
Proposed Rules ,
Railroads ,
Regulatory Agenda ,
Risk Management ,
Rulemaking Process ,
Surface Transportation ,
Transportation Security Administration
As the national implementation deadline for the NIS 2 EU Directive is over, businesses in scope should ensure they will soon be ready to comply with the strengthened cybersecurity requirements....more
On September 19, 2024, California adopted the California AI Transparency Act ("SB 942") to create transparency mechanisms that allow consumers to determine whether an "image, video, or audio content, or content that is any...more
The U.S. District Court for the Southern District of New York dismissed the majority of claims that the Security and Exchange Commission ("SEC") asserted against SolarWinds, including claims that the company's alleged...more
On May 17, 2024, Colorado enacted S.B. 24-205 (the "Act"), which imposes a duty of reasonable care on developers and deployers of high-risk artificial intelligence ("AI") systems to protect consumers from risks of algorithmic...more
The National Institute of Standards and Technology ("NIST") released a significant update to its framework, expanding its scope and reach to cover a broader audience and evolving cybersecurity risks and management issues....more
On Friday, October 27, the Federal Trade Commission ("FTC") announced new amendments to the Safeguards Rule, requiring covered financial institutions to report certain data breaches to the FTC and reflecting its continuing...more
11/13/2023
/ Cybersecurity ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
FTC Act ,
Gramm-Leach-Blilely Act ,
New Amendments ,
Non-Bank Lenders ,
Personal Information ,
Popular ,
Privacy Rule ,
Risk Assessment ,
Risk Management ,
Safeguards Rule ,
Section 5
In Short -
The Situation: On July 26, 2023, the U.S. Securities and Exchange Commission ("SEC") adopted final rules that significantly alter cybersecurity disclosure obligations for companies. The SEC's final rules adopt...more
8/2/2023
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
If adopted, these proposed rules would (i) enhance protection of customer information under Regulation S-P, (ii) add new requirements addressing cybersecurity risk to the U.S. securities markets, and (iii) expand the types of...more
The United States and European Union recently entered into an administrative agreement to collaborate on critical research related to artificial intelligence ("AI"), focusing on five key areas of significant global concern....more
The National Institute of Standards and Technology ("NIST") has released its AI Risk Management Framework ("AI RMF") as a resource to reportedly assist individuals, organizations, and society identify risks associated with...more
United States -
Regulatory—Policy, Best Practices, and Standard -
NIST Unveils Draft Guidance to Protect Critical Infrastructure -
On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
1/8/2021
/ CNIL ,
Consumer Privacy Rights ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Security ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Personal Data ,
Popular ,
Risk Management
New York is the first state to establish a department within a financial regulatory agency that is tasked with protecting consumers and financial markets against cyber threats.
On May 22, 2019, the New York Department of...more
6/5/2019
/ Banking Sector ,
Cryptocurrency ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Digital Currency ,
Financial Institutions ,
Financial Regulatory Agencies ,
Financial Services Industry ,
NYDFS ,
Popular ,
Risk Management