Malicious actors continue to exploit our connected digital ecosystem, disrupting organizations across all sectors. Some of the most significant evolutions in the cyber threat landscape stem from artificial intelligence...more
10/20/2025
/ Artificial Intelligence ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
Deep Fake ,
Incident Response Plans ,
Phishing Scams ,
Ransomware ,
Risk Management ,
Supply Chain ,
Third-Party Risk
On September 30, 2025, the Cybersecurity Information Sharing Act of 2015 (“CISA 2015” or the “Act”) expired as it reached the end of its effective period without being reauthorized by Congress. Intended to enhance sharing of...more
On September 15, 2025, the Office of the Director of National Intelligence (“DNI”) published the first exclusion and removal order (“Order”) under the Federal Acquisition Supply Chain Security Act of 2018 (“FASCSA”). The...more
On September 29, 2025, Governor Gavin Newsom signed into law Senator Scott Wiener’s SB-53, which establishes new requirements for developers of frontier artificial intelligence (AI) models. Section 2 of the law enacts the...more
On September 9, 2025, the Department of Defense (DoD) published a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements to implement the Cybersecurity...more
Leading businesses continue to suffer cyber attacks at the hands of sophisticated ransomware groups. For example, the threat group “Scattered Spider” (also known as UNC3944, Octo Tempest, 0ktapus) is once again making...more
On July 23, 2025, the Trump Administration unveiled a comprehensive national action plan for artificial intelligence (“Action Plan”), accompanied by three Executive Orders that begin implementing key elements of the...more
On February 21, 2025, President Trump issued a new memorandum addressing both foreign investment into the United States and outbound investment by US persons. Without imposing immediate legal or regulatory changes, the...more
3/5/2025
/ Artificial Intelligence ,
CFIUS ,
China ,
Critical Infrastructure Sectors ,
Economic Sanctions ,
Foreign Investment ,
National Security ,
Popular ,
Presidential Memorandum ,
Regulatory Agenda ,
Semiconductors ,
Trump Administration
On January 16, 2025, the U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) issued a final rule (the “Final Rule”) addressing national security concerns regarding information and communications technology...more
1/22/2025
/ Automotive Industry ,
Bureau of Industry and Security (BIS) ,
China ,
Final Rules ,
Hardware ,
Imports ,
National Security ,
Russia ,
Software ,
Supply Chain ,
U.S. Commerce Department
On January 13, 2025, the US Department of Commerce’s Bureau of Industry and Security (BIS) published an Interim Final Rule (IFR) titled “Framework for Artificial Intelligence Diffusion.” The IFR builds on a long series of...more
INTRODUCTION...
On January 16, 2025, President Biden issued an Executive Order (EO) on Strengthening and Promoting Innovation in the Nation’s Cybersecurity, to further address increasing threats from nation-state actors...more
As global economic and geopolitical environments enter a new era, companies need to continuously develop and adjust their coherent global business strategies to secure and further expand business opportunities in all markets...more
1/2/2025
/ Acquisitions ,
Artificial Intelligence ,
Bureau of Industry and Security (BIS) ,
Business Opportunities ,
Business Strategies ,
CFIUS ,
China ,
Compliance ,
Covered Transactions ,
Critical Infrastructure Sectors ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Entity List ,
Exports ,
Final Rules ,
Financial Transactions ,
Forced Labor ,
Foreign Investment ,
Importers ,
Imports ,
Investment ,
Joint Venture ,
National Security ,
NPRM ,
Prohibited Transactions ,
Real Estate Transactions ,
Regulatory Requirements ,
Semiconductors ,
Sensitive Personal Information ,
Supply Chain ,
Trade Relations ,
Uyghur Forced Labor Prevention Act (UFLPA)
Financial institutions and securities market participants continue to face escalating cyber threats – in frequency, volume, and severity. The many reasons for the escalating risk include: Financial services companies are...more
On October 28, 2024, the US Department of the Treasury (“Treasury”) issued a Final Rule to require the notification or prohibition of certain outbound investments and other transactions by US persons involving persons of...more
On October 24, 2024, President Biden issued the first-ever National Security Memorandum (NSM) on artificial intelligence (AI), fulfilling another directive (subsection 4.8) set forth in the Administration’s Executive Order on...more
On May 15, 2024, the Bipartisan Senate AI Working Group—Senate Majority Leader Chuck Schumer (D-NY) and Senators Mike Rounds (R-SD), Todd Young (R-IN), and Martin Heinrich (D-NM)—released a report titled "Driving U.S....more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident...more
4/1/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Preservation ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
NPRM ,
Proposed Rules ,
Ransomware ,
Regulatory Agenda
On March 1, 2024, the US Department of Commerce’s (“Commerce”) Bureau of Industry and Security (“BIS”) published an Advance Notice of Proposed Rulemaking1 (the “Notice”) seeking public comments on potential regulation of the...more
3/19/2024
/ Bureau of Industry and Security (BIS) ,
China ,
Comment Period ,
Connected Cars ,
Data Collection ,
Executive Orders ,
Foreign Adversaries ,
Information Technology ,
Motor Vehicles ,
National Security ,
OEM ,
Proposed Rules ,
Public Comment ,
Regulatory Agenda ,
Rulemaking Process ,
U.S. Commerce Department
On March 6, 2024, New Hampshire Governor Chris Sununu signed SB 255 into law, making the Granite State the latest to enact a comprehensive privacy law—the 15th state, if you count Florida’s privacy law of narrower...more
On January 16, 2024, Governor Philip D. Murphy signed into law the New Jersey Data Privacy Act (the “Privacy Act”), which goes into effect on January 15, 2025....more
1/24/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Information Technology ,
New Jersey ,
New Legislation ,
New Regulations ,
Popular ,
State Data Privacy Laws ,
State Privacy Laws
On 9 December 2023, European Parliament negotiators and the Council presidency agreed on the final version of what is claimed to be the world's first-ever comprehensive legal framework on Artificial Intelligence; the European...more
Background and Summary -
Table On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC”) issued a release (the “Adopting Release”), adopting final rules (the “Final Rules”) aimed at standardizing and...more
On March 9, 2023, the Securities and Exchange Commission (“SEC”) announced that Blackbaud Inc. (“Blackbaud”) agreed to pay $3 million to settle charges for alleged misleading disclosures about its 2020 ransomware attack and...more
Background -
On March 9, 2022, the U.S. Securities and Exchange Commission (the “SEC”) released proposed amendments (the “Proposed Amendments”) aimed at enhancing and standardizing disclosure relating to cybersecurity...more
3/15/2022
/ Business Development Companies ,
Comment Period ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Disclosure Requirements ,
Foreign Private Issuers ,
Form 8-K ,
Proposed Amendments ,
Publicly-Traded Companies ,
Regulation S-K ,
Regulatory Agenda ,
Regulatory Reform ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On March 9, 2022, the US Securities and Exchange Commission (SEC) voted 3-1 to propose new rules and amendments under the Securities Exchange Act of 1934 that would constitute the SEC’s first attempt to adopt specific rules...more
3/11/2022
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Disclosure Requirements ,
Proposed Amendments ,
Publicly-Traded Companies ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)