The European Union's Artificial Intelligence Act ("AI Act"), the world's first comprehensive legal framework on AI, entered into force on August 1, 2024. The AI Act sets out staggered compliance deadlines for the various...more
The European Commission has released a new template for summarizing training data used in general-purpose artificial intelligence ("AI") models, as part of its broader AI regulatory framework....more
DORA, the first EU regulation designed to establish a unified and robust digital resilience standard for the financial sector, becomes directly applicable on January 17, 2025, introducing significant penalties and...more
On December 11, 2024, the French High Council for Literary and Artistic Property ("CSPLA") published a report on the implementation of the European regulation on artificial intelligence ("AI"), focusing on the transparency of...more
As the national implementation deadline for the NIS 2 EU Directive is over, businesses in scope should ensure they will soon be ready to comply with the strengthened cybersecurity requirements....more
On October 10, 2024, the EU Cyber Resilience Act ("CRA") was adopted by the Council of the European Union....more
The Situation: The French Supreme Court recently considered whether a limitation of liability clause could be enforced against a third party to a contract claiming compensation for a breach of contract that caused it damage....more
On 22 December 2023, the Regulation on harmonized rules on fair access to and use of data ("Data Act") was published in the EU's Official Journal. The Data Act lays down rules on fair access to and use of personal and...more
Beginning October 12, 2023, the UK-U.S. Data Bridge will allow UK companies to transfer personal data to the United States using the new EU-U.S. Data Privacy Framework....more
10/17/2023
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
EU Data Protection Laws ,
Information Technology ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
UK
On July 10, 2023, the EU Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework, concluding that the United States ensures an adequate level of protection for personal data transferred from the...more
On May 30, 2023, the Cyberspace Administration of China ("CAC") issued the "Guidance on Filing the Standard Contract for the Cross-Border Transfer of Personal Information" ("Guidance"), which took effect on June 1, 2023....more
In Short -
The Situation: There has been uncertainty over the circumstances in which data subjects can claim compensation for "mere" infringement of their rights without specific evidence of harm. On May 4, 2023, the Court...more
On February 24, 2023, the Cyberspace Administration of China ("CAC") issued the long-awaited Measures on the Standard Contract for Outbound Cross-Border Transfer of Personal Information ("Measures")....more
France's Orientation and Programming Law of the Ministry of the Interior ("LOMPI law"), published in the Official Journal of January 25, 2023, amends the insurance coverage of losses and damages paid in response to...more
2/27/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Processors ,
France ,
Information Technology ,
Insurance Code ,
New Guidance ,
Popular ,
Ransomware ,
Regulatory Requirements
Across multiple continents and industries, artificial intelligence ("AI") is a topic of intense focus by governments, research institutions, investors, and corporations—from start-ups to well-established industry players. As...more
The Council of the European Union ("EU") adopted a new Directive to strengthen cybersecurity and resilience across the Union. -
Following the European Parliament's approval on November 10, 2022, the Council of the European...more
On October 7, 2022, President Biden signed an executive order on "Enhancing Safeguards for United States Signals Intelligence Activities," outlining the measures that the United States will take to implement its commitments...more
On September 28, 2022, the European Commission published two proposals—the Revised Product Liability Directive and the AI Liability Directive—aimed at adapting liability rules to the green and digital transition within the...more
On September 15, 2022, the European Commission ("EU") published a proposal for a Cyber Resilience Act, the first EU-wide legislation introducing a single set of cybersecurity rules for hardware and software products placed in...more
On February 23, 2022, the European Commission ("Commission") published a proposal for a Data Act which aims at enhancing data access and use within the European Union ("EU")....more
2/24/2022
/ Artificial Intelligence ,
Data Collection ,
Data Privacy ,
Data-Sharing ,
EU ,
European Commission ,
Information Governance ,
International Data Transfers ,
Internet of Things ,
Personal Data ,
Personally Identifiable Information ,
Proposed Regulation ,
Regulatory Agenda ,
Small and Medium-Sized Enterprises (SMEs)
EU and UK data protection rules each restrict transfers of personal data to third countries not regarded as having an adequate level of protection, such as the United States, China, Russia and India....more
UNITED STATES -
Regulatory—Policy, Best Practices, and Standards -
President Biden Issues Cybersecurity Executive Order -
On May 12, 2021, President Biden issued an executive order that placed new standards on the...more
8/10/2021
/ Article III ,
Biden Administration ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Executive Orders ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
Mobile Apps ,
Personal Data ,
Popular ,
Ransomware ,
SCOTUS ,
Standing ,
TransUnion LLC v Ramirez
The Background: Transfers of personal data to countries outside the European Economic Area ("EEA") must meet certain requirements under the General Data Protection Regulation ("GDPR"). If the third country does not provide an...more
An interest group of EU banks that was formed to assist European financial institutions with their use of public cloud technology recently suggested model terms for the compliant use of cloud technology.
On May 17, 2021,...more
The Development: On 21 April 2021, the European Commission ("Commission") unveiled a proposal for a "Regulation laying down harmonized rules on Artificial Intelligence" ("AI Regulation"), which sets out how AI systems and...more