In recent weeks, the EU and UK have both introduced changes to their respective versions of Europe’s landmark privacy legislation, the General Data Protection Regulation (GDPR). These reforms mark the first substantial...more
7/11/2025
/ Compliance ,
Cookies ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
New Legislation ,
Personal Data ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
UK
On 25 June 2025, the European Commission announced its proposal for a “Space Act” that would introduce a new regulatory framework for EU space activities. The proposed framework includes cyber-resilience obligations for EU...more
7/9/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Enforcement ,
EU ,
National Security ,
Outer Space ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management
- On 26 March 2025, the European Health Data Space (EHDS) Regulation entered into force. The regulation establishes a comprehensive framework for health-data sharing and access in the EU, with the dual aim of supporting the...more
6/26/2025
/ Compliance ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
EU ,
Health Care Providers ,
Healthcare ,
Healthcare Reform ,
Intellectual Property Protection ,
Life Sciences ,
Noncompliance ,
Personal Data ,
Regulatory Agenda ,
Regulatory Requirements ,
Shareholders
Texas has become the second state, after Colorado, to enact omnibus legislation regulating artificial intelligence (AI) systems. On June 22, 2025, Texas Gov. Greg Abbott signed into law the Texas Responsible Artificial...more
6/24/2025
/ Artificial Intelligence ,
Biometric Information ,
Corporate Counsel ,
Data Privacy ,
Disclosure Requirements ,
Enforcement Actions ,
Government Agencies ,
Legislative Agendas ,
New Legislation ,
Regulatory Requirements ,
State and Local Government ,
State Attorneys General ,
Technology ,
Texas
Executive Summary -
The EU Data Act, whose requirements apply from 12 September 2025, establishes new rights for businesses and consumers to access data they generated using “connected devices,” limiting the exclusive...more
6/24/2025
/ Cloud Computing ,
Competition ,
Contract Terms ,
DATA Act ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Enforcement ,
EU ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Regulatory Requirements ,
UK
After years of regulatory uncertainty, the Trump administration has signaled a new approach to digital assets, including by establishing a working group focused on digital assets and nominating crypto-friendly chairs to the...more
5/6/2025
/ Artificial Intelligence ,
Blockchain ,
CFTC ,
Cryptocurrency ,
Cybersecurity ,
Data Privacy ,
Digital Assets ,
Enforcement Actions ,
Enforcement Priorities ,
FinTech ,
NYDFS ,
Popular ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
State Attorneys General ,
Technology
On April 23 and 24, 2025, regulators, industry leaders and data privacy leaders from across the globe convened in Washington, D.C. for the 2025 International Association of Privacy Professionals (IAPP) Global Privacy Summit....more
5/5/2025
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
State Privacy Laws ,
Technology ,
UK
In a major development for businesses subject to state data privacy laws, eight state privacy regulators have joined forces to form the “Consortium of Privacy Regulators,” a bipartisan coalition aimed at coordinating...more
5/5/2025
/ California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Enforcement ,
Enforcement Actions ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements ,
State Attorneys General ,
State Privacy Laws
In two recent rulings, judges in the U.S. Northern District of California have allowed proposed class actions under the California Consumer Privacy Act (CCPA) to proceed without an allegation of a data breach, departing from...more
In its first major initiative, on March 21, 2025, the Federal Communications Commission’s (FCC’s) newly formed Council on National Security (Council) launched an investigation into the “ongoing U.S. operations” of businesses...more
Key Points --
- The FCPA remains valid and enforceable U.S. law, and violations of the law may serve as a predicate offense under state and local laws.
- Companies should be prepared for continued enforcement of...more
On March 26, 2025, the Department of Justice (DOJ) entered into a settlement agreement with MORSECORP, Inc. (MORSE), resolving False Claims Act (FCA) allegations that MORSE submitted false claims for payment under Department...more
On March 24, 2025, Virginia Gov. Glenn Youngkin vetoed the High-Risk Artificial Intelligence Developer and Deployer Act (House Bill 2094). The bill, which had passed through the Virginia Legislature in February 2025, would...more
3/25/2025
/ Algorithms ,
Artificial Intelligence ,
Corporate Counsel ,
Employment Discrimination ,
New Legislation ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
State Legislatures ,
Technology Sector ,
Trump Administration
Key Points -
- State AGs nationwide are focusing on initiatives in data privacy, cybersecurity, consumer protection and securities fraud.
- Special areas of concern also include AI and online privacy and protections for...more
3/14/2025
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Enforcement Actions ,
Online Safety for Children ,
Securities Fraud ,
State Attorneys General ,
Technology Sector
As Trump administration directives emerge, it’s crucial for businesses and other stakeholders to stay informed and adapt their strategies accordingly. We will provide ongoing coverage of these developments and their potential...more
2/4/2025
/ Affirmative Action ,
Artificial Intelligence ,
Climate Change ,
Cybersecurity ,
Diversity and Inclusion Standards (D&I) ,
Energy Sector ,
Environmental Social & Governance (ESG) ,
Executive Orders ,
Federal Contractors ,
Financial Regulatory Reform ,
Healthcare ,
Intellectual Property Protection ,
International Litigation ,
International Trade ,
Legislative Agendas ,
Life Sciences ,
National Security ,
New Legislation ,
New Regulations ,
OECD ,
Privacy Laws ,
Regulatory Agenda ,
Technology Sector ,
Trade Policy ,
Trump Administration
On January 16, 2025, the Federal Trade Commission (FTC) finalized amendments to the Children’s Online Privacy Protection Act (COPPA) Rule (Final Rule) relating to the collection, use and disclosure of personal information...more
1/30/2025
/ Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Privacy ,
Data Retention ,
Data Security ,
Disclosure Requirements ,
Federal Trade Commission (FTC) ,
Final Rules ,
Online Safety for Children ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements
On January 23, 2025, President Donald Trump issued an executive order titled “Removing Barriers to American Leadership in Artificial Intelligence” (Trump AI Executive Order). The Trump AI Executive Order assigns select...more
Key Points -
- President-elect Trump appointed David Sacks, a venture capitalist, as the White House AI and crypto czar.
- The Trump administration is likely to adopt a light regulatory approach to AI development and...more
1/15/2025
/ Artificial Intelligence ,
Corporate Governance ,
Cryptocurrency ,
Cybersecurity ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Machine Learning ,
National Security ,
New Legislation ,
Presidential Appointments ,
Regulatory Agenda ,
State and Local Government ,
Technology Sector ,
Trump Administration
At what point has a director served too long? What about term limits? A mandatory retirement age? When do a director’s skills become stale? These issues are addressed in this issue of The Informed Board, as well as why proxy...more
11/25/2024
/ Acquisitions ,
Artificial Intelligence ,
Board of Directors ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Investment ,
Investors ,
Machine Learning ,
Mergers ,
National Security ,
Proxy Season ,
Publicly-Traded Companies ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Shareholder Activism ,
Technology Sector
Cyber threats continue to grow as a result of increased digitization, widespread use of cloud computing, advanced connectivity and artificial intelligence (AI), requiring boards of directors across all sectors to focus more...more
11/22/2024
/ Artificial Intelligence ,
Board of Directors ,
Corporate Governance ,
Crisis Management ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Machine Learning ,
Privacy Laws ,
Publicly-Traded Companies ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Litigation ,
Third-Party
On October 22, 2024, the Securities and Exchange Commission (SEC) announced enforcement actions against several technology companies for making materially misleading disclosures regarding cybersecurity risks and intrusions....more
11/11/2024
/ Cyber Attacks ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Publicly-Traded Companies ,
Regulatory Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Securities Violations ,
SolarWinds ,
Technology Sector
The deadline for EU countries to transpose the expanded cybersecurity directive, NIS 2, into national law is 17 October 2024, but the implementation status varies significantly from country to country. Some of the member...more
10/14/2024
/ Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Deadlines ,
EU ,
National Security ,
Popular ,
Risk Management ,
Technology Sector
With the EU’s AI Act having entered into force on August 1, 2024, companies now need to focus on its implementation. Although the AI Act will not be fully enforceable until August 2, 2027, some obligations will become binding...more
The Federal Trade Commission (FTC) recently initiated an enforcement sweep called Operation AI Comply against several companies that allegedly “relied on artificial intelligence as a way to supercharge deceptive or unfair...more
In this edition of Insights, we take a closer look at the megadeals and sponsor transactions driving recent M&A activity, the importance of staying ahead of the risks in AI development and deployment, and other diverse...more
9/30/2024
/ Acquisitions ,
Administrative Procedure Act ,
Artificial Intelligence ,
Chevron Deference ,
Corner Post Inc v Board of Governors of the Federal Reserve System ,
Corporate Governance ,
Delaware General Corporation Law ,
Federal Bans ,
Federal Trade Commission (FTC) ,
Final Rules ,
Government Agencies ,
Judicial Authority ,
Loper Bright Enterprises v Raimondo ,
Machine Learning ,
Mergers ,
Non-Compete Agreements ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Authority ,
Regulatory Requirements ,
SCOTUS ,
SEC v Jarkesy ,
Securities and Exchange Commission (SEC) ,
Shareholder Litigation ,
Shareholders ,
Technology Sector