Predictions regarding the 2023 CRA Rule and Section 1071 and how to prepare for expected developments
Consumer Finance Monitor Podcast Episode: Everything You Want to Know About the CFPB as Things Stand Today, and Lots More - Part 1
2024 Credit Reporting Review: Impactful Changes and Future Forecast — FCRA Focus Podcast
Stumbling Your Way Into a Union: Key Advice for Employers: What’s the Tea in L&E?
Are Overtime Wages and Tips Exempt From Income Tax? What Employers Need to Know to Prepare
The Regulatory Situation After the Trump Executive Orders Regulatory Freeze Pending Review
Consumer Finance Monitor Podcast Episode: The CFPB's Proposed Data Broker Rule
Understanding the DFPI's Proposed Rules: A Deep Dive Into California's Digital Financial Assets Law — The Crypto Exchange Podcast
Understanding the DFPI's Proposed Rules: A Deep Dive Into California's Digital Financial Assets Law — Payments Pros – The Payments Law Podcast
Legal Alert: USPTO Proposes Major Change to Terminal Disclaimer Practice
FDA Releases Laboratory-Developed Tests Final Rule – Thought Leaders in Health Law
The FTC’s Rule Banning Non-Compete Agreements | What You Need to Know
An In-Depth Analysis of the CFPB’s Proposed Overdraft Rule - The Consumer Finance Podcast
The FTC Takes Initiative to Stop Junk Fees
Understanding the CFPB's Proposed Digital Payments Larger Participants Rule and Its Implications for Digital Assets — The Consumer Finance Podcast
Instant Decline, Instant Relief? Unpacking the CFPB's Proposed Rule on NSF Fees — Payments Pros: The Payments Law Podcast
Redefining Banking: A Conversation on the CFPB's Proposed 1033 Rule — Payments Pros: The Payments Law Podcast
DE Under 3: FAR Council Submitted for OMB Approval Proposed Rule on “Pay Equity and Transparency in Federal Contracting”
The FTC Announces Three Important Developments
Exploring the Future of Open Banking: A Discussion on CFPB's 1033 Proposed Rule – Crossover Episode With Regulatory Oversight Podcast – The Consumer Finance Podcast
On November 7, 2024, the Transportation Security Administration (the “TSA”) published a Notice of Proposed Rulemaking (the “Proposed Rule”) that would mandate cyber risk management (“CRM”) and reporting requirements for...more
The Federal Acquisition Regulation (FAR) Council issued its long awaited proposed rule on Controlled Unclassified Information (CUI) on January 15, 2025. The proposed rule establishes a common form to be used by all federal...more
On January 15, 2025, the Federal Acquisition Regulatory (FAR) Council issued a proposed rule that, if adopted, would uniformly define and protect Controlled Unclassified Information (CUI) across the government. The proposed...more
On September 11, 2024, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) published a proposed rule that would create a mandatory quarterly reporting requirement for U.S. persons and U.S. entities that...more
On May 16, 2024, the SEC breathed new life into its decades-old Regulation S-P, which requires firms to adopt policies and procedures for the protection of customer information and records. The amended rule balloons the...more
WHAT: The U.S. Department of Defense (DOD) just published the second of two proposed rules setting forth key requirements for its long-anticipated Cybersecurity Maturity Model Certification (CMMC) 2.0 program. The earlier...more
As discussed in our previous blog post, the Cybersecurity and Infrastructure Security Agency (CISA) is proposing a significant new rule to bolster the nation’s cyber defenses through mandatory incident reporting. While...more
Cyber incidents involving critical infrastructure pose a serious risk to the US. In March 2024, the Environmental Protection Agency and the National Security Advisor warned state governors about potential attacks on drinking...more
On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make...more
April 2024 On April 4, 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) published a 447-page Notice of Proposed Rulemaking (“Proposed Rules”) in accordance with the...more
On April 4, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published its much-anticipated Notice of Proposed Rule Making for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)....more
CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more
In 2025, new federal reporting requirements will require hundreds of thousands of organizations to report cyber incidents within hours of discovery to the United States Government, marking a significant impact on how...more
On March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law. Generally, CIRCIA requires “covered entities,” defined as entities in certain critical infrastructure sectors, to...more
A sweeping array of businesses are another step closer to requirements to report cybersecurity incidents and ransomware payments to the federal government. On April 4, 2024, the U.S. Department of Homeland Security's (DHS)...more
On January 29, 2024, BIS proposed a rule that would impose new requirements for U.S. providers of Infrastructure as a Service (“IaaS”) products and their foreign resellers. The proposed rule would require U.S. IaaS providers...more
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), an operational component of the Department of Homeland Security (DHS), posted for public inspection its long-anticipated notice of proposed...more
On January 29, 2024, the Bureau of Industry and Security (BIS) at the U.S. Department of Commerce issued a new proposed regulatory rule (the “Proposed Rule”), which will impose significant diligence, monitoring, and reporting...more
The federal Cybersecurity and Infrastructure Security Agency (CISA) released a draft of its proposed rule detailing how covered entities operating in critical infrastructure sectors report cyberattacks and ransomware payments...more
Last October, the Federal Acquisition Regulation (FAR) Council proposed two new rules, one of which that will influence cyber incident response practices. The scope is limited as it only applies to federal government...more
The U.S. Department of Commerce's ("Commerce") Bureau of Industry and Security ("BIS") has issued a proposed rule (the "Proposed Rule") that would impose significant diligence, reporting, and recordkeeping requirements on...more
On January 29, 2024, the Department of Commerce, Bureau of Industry and Security (BIS) released a proposed rule (Proposed Rule) that would require U.S. cloud services providers (a.k.a. Infrastructure as a Service, or IaaS,...more
On December 21, 2023, the Department of Defense (DoD) issued a memorandum (Memo) providing guidance and clarification on the security and cyber incident management requirements applicable for the use of external Cloud Service...more
On January 29, 2024, the Commerce Department’s Bureau of Industry and Security (BIS) published a notice of proposed rulemaking (NPRM) introducing a Customer Identification Program (CIP) and other requirements applicable to...more
The U.S. Department of Commerce (“Commerce”), Bureau of Industry and Security (“BIS”) recently issued a proposed rule aimed at preventing foreign actors from utilizing U.S. Infrastructure as a Service (“IaaS”) products (i.e.,...more