Quantum computing (QC) is poised to disrupt cybersecurity in ways that business leaders and legal professionals cannot afford to ignore. But what exactly is quantum computing, why does it pose such a significant threat to...more
4/1/2025
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
EU ,
National Security ,
NIST ,
Popular ,
Risk Management ,
Technology Sector
The UK’s Online Safety Act 2023 (OSA) is a comprehensive piece of legislation designed to regulate social media companies and search services and to increase protections for individuals online. It draws comparisons to the...more
2/19/2025
/ Data Privacy ,
Data Protection ,
Enforcement Actions ,
New Legislation ,
Online Platforms ,
Online Safety for Children ,
Risk Assessment ,
Risk Management ,
Social Media ,
Transparency ,
UK
The AI Action Summit brought together a wide-ranging assembly of influential figures to discuss the future of artificial intelligence (AI) governance, risk mitigation and international cooperation. The attendees included...more
2/17/2025
/ Artificial Intelligence ,
China ,
EU ,
Innovative Technology ,
International Trade ,
Investment ,
Machine Learning ,
Regulatory Agenda ,
Risk Management ,
Sustainability ,
Technology Sector ,
UK
The first binding obligations of the European Union’s landmark AI legislation, the EU AI Act (the Act), came into effect on February 2, 2025. Essentially, from this date, AI practices which present an unacceptable level of...more
2/4/2025
/ Artificial Intelligence ,
Biometric Information ,
Data Privacy ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management
The NIS 2 Directive requires a wide range of in-scope organizations to adopt robust cybersecurity measures and incident response plans....more
11/5/2024
/ Compliance ,
Cyber Threats ,
Cybersecurity ,
Employee Training ,
Enforcement ,
EU ,
European Commission ,
Fines ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Penalties ,
Reporting Requirements ,
Supply Chain
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
10/15/2024
/ CNIL ,
Consent ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Retention ,
Enforcement Actions ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Sensitive Personal Information
In a landmark moment for global AI governance, the United States, European Union and United Kingdom have signed the Council of Europe’s framework convention on artificial intelligence and human rights, democracy, and the rule...more
9/17/2024
/ Artificial Intelligence ,
Ethics ,
EU ,
Human Rights ,
Innovative Technology ,
International Treaties ,
Machine Learning ,
Regulatory Agenda ,
Treaties ,
UK ,
United States
The agreed text of the AI Act was published on July 12, 2024, essentially starting the clock on the legal deadlines contained in it. Its obligations will apply in tiered phases, with the first key obligations being enforced...more
7/22/2024
/ Artificial Intelligence ,
Compliance ,
Corporate Counsel ,
Cybersecurity ,
Distributors ,
EU ,
Exemptions ,
Imports ,
Information Governance ,
Machine Learning ,
Manufacturers ,
Recordkeeping Requirements ,
Risk Assessment ,
Supply Chain
In May 2024 the UK passed the new Digital Markets, Competition and Consumers Act (DMCC). Amongst other changes, the DMCC grants the UK Competition and Markets Authority (CMA) new powers to directly impose fines of up to 10%...more
The FCC’s recent introduction of a new Voluntary Cybersecurity Labelling Program for consumer Internet of Things (IoT) products reflects the continued desire by U.S. regulators to bolster the security of the ever-increasing...more
4/10/2024
/ Compliance ,
Cybersecurity ,
Data Security ,
Distributors ,
EU ,
Imports ,
Internet ,
Internet of Things ,
Manufacturers ,
Regulatory Standards ,
Telecommunications ,
UK
Electronic identification and trust services (eIDAS) refer to a range of services that include verifying the identity of individuals and businesses online and verifying the authenticity of electronic documents. Since 2014,...more
On March 13, 2024, the EU Parliament voted to pass the EU’s much-discussed AI Act (with 523 votes in favor, 46 against and 49 abstentions). For an insight into the AI Act’s progression through the EU lawmaking system, see our...more
The Council of the European Union and the European Parliament reached a provisional agreement on a new comprehensive regulation governing AI, known as the “AI Act,” late on Friday night (December 8, 2023). While the final...more
The UK and U.S. Governments have now formalized the UK-U.S. Data Bridge. The U.S. Attorney General designated the UK as a “qualifying state” for the purposes of the Executive Order 14086 on September 18, 2023, and the UK...more
U.S. companies can now self-certify to permit personal data to freely flow from the Europe to the United States.
U.S. organizations can now self-certify their compliance with the EU-U.S. Data Privacy Framework (DPF) to...more
7/27/2023
/ BCRs ,
Data Integrity ,
Data Privacy ,
Data Security ,
Department of Transportation (DOT) ,
Enforcement ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Self-Certification ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The European Union (EU) has made steady progress in shaping its proposed AI law, known as the “AI Act.” With the European Parliament approving its preferred version, the AI Act has now entered the final stage of the...more
The use of generative AI tools, like ChatGPT, are becoming increasingly popular in the workplace. Generative AI tools include artificial intelligence chatbots powered by “large language models” (LLMs) that learn from (and...more
American Data Privacy and Protection Act would require organizations to limit collection of personal information, grant consumers access to their own data, enhance data protections for children, mandate implementation of...more
7/11/2022
/ California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Privacy Policy ,
Private Right of Action ,
Proposed Legislation ,
Small Business ,
Third-Party Service Provider
On March 24, 2022, the EU Parliament and Council negotiators agreed on the wording of new EU rules to limit the market power of big online platforms. The EU Digital Markets Act (DMA) will prohibit certain practices used by...more
The EU and UK have imposed additional export controls and sanctions with respect to Russia and Belarus connected to the Russian invasion of Ukraine. Below is a summary of key developments over recent days since our last blog...more
3/3/2022
/ Airspace ,
Asset Freeze ,
Belarus ,
Belarus Sanctions ,
Economic Sanctions ,
Export Controls ,
Foreign Relations ,
Proposed Legislation ,
Russia ,
UK ,
Ukraine
Despite months of posturing and growing geopolitical tensions, Russia’s full-scale invasion of Ukraine this week was a shock to the global community. Western leaders have been swift and unanimous in their response, condemning...more
2/28/2022
/ Anti-Money Laundering ,
Asset Freeze ,
Biden Administration ,
Bureau of Industry and Security (BIS) ,
ECCNs ,
Economic Sanctions ,
EU ,
Executive Orders ,
Export Administration Regulations (EAR) ,
General Licenses ,
Office of Foreign Assets Control (OFAC) ,
Russia ,
SDN List ,
UK ,
Ukraine
Initial Global Sanctions on Russia in Response to Events in Eastern Ukraine - In response to President Putin’s televised recognition of Donetsk and Luhansk People’s Republics (“DNR” and “LNR”) of Ukraine as “independent”...more
The European Data Protection Board (EDPB), the body which represents EU data protection authorities, has adopted guidelines (Guidelines) confirming when transfers need to be “safeguarded” in accordance with the GDPR (and...more
This week the European Data Protection Board (EDPB), a body that represents European data protection authorities, set up a new cookie banner taskforce. The new taskforce will coordinate the response to over 400 complaints...more
With artificial intelligence (AI) becoming more are more embedded in our everyday lives, there has been a corresponding need for regulations that foster AI development and adoption in a responsible manner. The question is how...more