Key Points -
- Accelerated M&A activity by financial sponsors is expected in the near term due to improved market conditions and deregulation under the Trump administration.
- With the rapid development of new AI use...more
1/20/2025
/ Acquisitions ,
Artificial Intelligence ,
Capital Markets ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Mergers ,
Private Equity ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
The EU’s Digital Operational Resilience Act (DORA) becomes binding on 17 January 2025. As the compliance deadline approaches, EU financial regulators (ESAs) have issued a flurry of statements on the act, including:
- An...more
1/6/2025
/ Cybersecurity ,
Digital Operational Resilience Act (DORA) ,
EIOPA ,
Enforcement ,
EU ,
European Banking Authority (EBA) ,
European Supervisory Authorities (ESAs) ,
Financial Institutions ,
Financial Services Industry ,
Information and Communication Technology (ICT) ,
Investment Management ,
Policies and Procedures ,
Risk Management
At what point has a director served too long? What about term limits? A mandatory retirement age? When do a director’s skills become stale? These issues are addressed in this issue of The Informed Board, as well as why proxy...more
11/25/2024
/ Acquisitions ,
Artificial Intelligence ,
Board of Directors ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Investment ,
Investors ,
Machine Learning ,
Mergers ,
National Security ,
Proxy Season ,
Publicly-Traded Companies ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Shareholder Activism ,
Technology Sector
Cyber threats continue to grow as a result of increased digitization, widespread use of cloud computing, advanced connectivity and artificial intelligence (AI), requiring boards of directors across all sectors to focus more...more
11/22/2024
/ Artificial Intelligence ,
Board of Directors ,
Corporate Governance ,
Crisis Management ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Machine Learning ,
Privacy Laws ,
Publicly-Traded Companies ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Litigation ,
Third-Party
On 30 September 2024, the UK Department of Science, Innovation and Technology announced that the Cyber Security and Resilience Bill (Bill) will be introduced to Parliament in 2025. The Bill was first announced in the King’s...more
10/15/2024
/ Artificial Intelligence ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Digital Services ,
EU ,
Incident Response Plans ,
Intellectual Property Protection ,
Legislative Agendas ,
New Legislation ,
Popular ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management ,
Technology Sector ,
UK
The deadline for EU countries to transpose the expanded cybersecurity directive, NIS 2, into national law is 17 October 2024, but the implementation status varies significantly from country to country. Some of the member...more
10/14/2024
/ Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Deadlines ,
EU ,
National Security ,
Popular ,
Risk Management ,
Technology Sector
As AI systems become more complex, companies are increasingly exposed to reputational, financial and legal risks from developing and deploying AI systems that do not function as intended or that yield problematic outcomes....more
9/30/2024
/ Artificial Intelligence ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
NIST ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector ,
U.S. Commerce Department
Across industries, companies are facing new and uncertain regulatory pressures and demands in areas including artificial intelligence, sustainability, algorithmic pricing and fintech-bank relations. In this issue of The...more
9/10/2024
/ Algorithms ,
Antitrust Division ,
Artificial Intelligence ,
Banking Sector ,
Board of Directors ,
Competition ,
Corporate Governance ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Enforcement Actions ,
EU ,
Financial Institutions ,
FinTech ,
Multinationals ,
Price-Fixing ,
Regulatory Agenda ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Sustainability ,
Technology Sector ,
UK
As AI systems become more complex, companies are increasingly exposed to reputational, financial and legal risk from developing and deploying AI systems that do not function as intended or that yield problematic outcomes. The...more
9/4/2024
/ Artificial Intelligence ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
EU ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector ,
UK
Earlier this year, a dedicated policy prepared by the European Central Bank (ECB) came into effect requiring bank management bodies to broaden their collective understanding of and proficiency in identifying and dealing with...more
The oversight obligations of boards continue to expand. Recent enforcement actions and new laws in areas such as cybersecurity, artificial intelligence and supply chains create new challenges for boards, as we explain in this...more
2/19/2024
/ Acquisitions ,
Activist ,
Artificial Intelligence ,
Board of Directors ,
Canada ,
China ,
Competition ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
EU ,
Executive Orders ,
Federal Contractors ,
Financial Services Industry ,
Forced Labor ,
Germany ,
International Labor Laws ,
Life Sciences ,
Machine Learning ,
Manufacturers ,
Mergers ,
NGOs ,
Political Campaigns ,
Political Contributions ,
Political Conventions ,
Publicly-Traded Companies ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Shareholder Activism ,
Shareholders ,
Technology Sector ,
UK ,
Uyghur Forced Labor Prevention Act (UFLPA)
Key Points -
- New SEC rules from 2023 require public companies to report material cybersecurity incidents promptly and detail their cybersecurity risk management strategies in annual reports — requirements that increase...more
The U.S. Securities and Exchange Commission (SEC) adopted final rules in 2023 that are intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incident reporting by...more
12/20/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
Form 8-K ,
Incident Response Plans ,
Popular ,
Publicly-Traded Companies ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when...more
11/7/2023
/ Compliance ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Disclosure ,
Enforcement Actions ,
Information Security ,
Information Technology ,
Popular ,
Risk Management ,
Risk Mitigation ,
SolarWinds
Partner and co-head of Skadden’s Cybersecurity and Data Privacy practice David Simon recently sat down with two chief information security officers (CISOs) from the private equity sector as part of the firm’s National Cyber...more
11/6/2023
/ Artificial Intelligence ,
Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Interviews ,
Machine Learning ,
Popular ,
Private Equity ,
Risk Management ,
Securities and Exchange Commission (SEC)
The EU Digital Operational Resilience Act (Regulation (EU) 2022/2554) (DORA) creates a regulatory framework intended to enhance the operational resilience of the financial sector by establishing uniform requirements for the...more
11/3/2023
/ Compliance ,
Corporate Governance ,
Cybersecurity ,
Digital Markets Strategy ,
EU ,
Financial Crisis ,
Financial Institutions ,
Financial Regulatory Reform ,
Investment Funds ,
Investment Management ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management
In this month’s Privacy & Cybersecurity Update, we examine Delaware’s new comprehensive data privacy law, a joint statement by 12 data protection authorities on data scraping and data protection, a district court ruling on a...more
10/3/2023
/ California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Popular ,
Privacy Laws ,
Risk Assessment ,
Risk Management ,
State and Local Government ,
State Data Privacy Laws ,
State Privacy Laws ,
Web Scraping
In this month’s Privacy & Cybersecurity Update, we examine the newly established data privacy framework between the EU and U.S. and new consumer privacy laws in Oregon and Texas. We also review a court ruling that delayed...more
8/2/2023
/ Biometric Information Privacy Act ,
California ,
California Privacy Rights Act (CPRA) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Transfers ,
Disclosure ,
EU ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
NYDFS ,
Oregon ,
Popular ,
Privacy Laws ,
Proposed Amendments ,
Regulatory Requirements ,
Risk Management ,
Texas
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted 3-2 to adopt final rules that are intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and...more
7/28/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
New Rules ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC)