The deadline for EU countries to transpose the expanded cybersecurity directive, NIS 2, into national law is 17 October 2024, but the implementation status varies significantly from country to country. Some of the member...more
10/14/2024
/ Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Deadlines ,
EU ,
National Security ,
Popular ,
Risk Management ,
Technology Sector
With the EU’s AI Act having entered into force on August 1, 2024, companies now need to focus on its implementation. Although the AI Act will not be fully enforceable until August 2, 2027, some obligations will become binding...more
The Federal Trade Commission (FTC) recently initiated an enforcement sweep called Operation AI Comply against several companies that allegedly “relied on artificial intelligence as a way to supercharge deceptive or unfair...more
In this edition of Insights, we take a closer look at the megadeals and sponsor transactions driving recent M&A activity, the importance of staying ahead of the risks in AI development and deployment, and other diverse...more
9/30/2024
/ Acquisitions ,
Administrative Procedure Act ,
Artificial Intelligence ,
Chevron Deference ,
Corner Post Inc v Board of Governors of the Federal Reserve System ,
Corporate Governance ,
Delaware General Corporation Law ,
Federal Bans ,
Federal Trade Commission (FTC) ,
Final Rules ,
Government Agencies ,
Judicial Authority ,
Loper Bright Enterprises v Raimondo ,
Machine Learning ,
Mergers ,
Non-Compete Agreements ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Authority ,
Regulatory Requirements ,
SCOTUS ,
SEC v Jarkesy ,
Securities and Exchange Commission (SEC) ,
Shareholder Litigation ,
Shareholders ,
Technology Sector
As AI systems become more complex, companies are increasingly exposed to reputational, financial and legal risks from developing and deploying AI systems that do not function as intended or that yield problematic outcomes....more
9/30/2024
/ Artificial Intelligence ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
NIST ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector ,
U.S. Commerce Department
On September 23, 2024, the U.S. Department of Justice (DOJ) updated its Evaluation of Corporate Compliance Programs (ECCP) guidance. First published in 2017, the ECCP sets out factors that DOJ Criminal Division prosecutors...more
AI has revolutionized the way many businesses operate. Firms in the financial sector are eager to take advantage of rapidly developing technologies but do not want to risk running afoul of relevant Securities and Exchange...more
9/16/2024
/ Artificial Intelligence ,
Broker-Dealer ,
Consumer Financial Products ,
Disclosure Requirements ,
Financial Services Industry ,
Investment Adviser ,
Machine Learning ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Technology Sector
Across industries, companies are facing new and uncertain regulatory pressures and demands in areas including artificial intelligence, sustainability, algorithmic pricing and fintech-bank relations. In this issue of The...more
9/10/2024
/ Algorithms ,
Antitrust Division ,
Artificial Intelligence ,
Banking Sector ,
Board of Directors ,
Competition ,
Corporate Governance ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Enforcement Actions ,
EU ,
Financial Institutions ,
FinTech ,
Multinationals ,
Price-Fixing ,
Regulatory Agenda ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Sustainability ,
Technology Sector ,
UK
The U.S. government’s recent complaint in a relator-filed case under the False Claims Act (FCA):
- Marks the first FCA suit in which the Department of Justice (DOJ) has intervened since launching its ongoing Civil...more
As AI systems become more complex, companies are increasingly exposed to reputational, financial and legal risk from developing and deploying AI systems that do not function as intended or that yield problematic outcomes. The...more
9/4/2024
/ Artificial Intelligence ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
EU ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector ,
UK
The Department of Defense (DoD) is currently reviewing and adjudicating the public comments received in response to its proposed regulations implementing its Cybersecurity Maturity Model Certification 2.0 program (CMMC)....more
8/13/2024
/ Aerospace ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Department of Defense (DOD) ,
False Claims Act (FCA) ,
Federal Contractors ,
National Security ,
NIST ,
Proposed Rules ,
Regulatory Agenda ,
Regulatory Requirements
The U.S. District Court for the Southern District of New York has dismissed many of the Securities and Exchange Commission’s (SEC’s) claims against software development company SolarWinds and its chief information security...more
8/8/2024
/ Board of Directors ,
Chief Information Security Officer (CISO) ,
Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure ,
Disclosure Requirements ,
Internal Controls ,
Misleading Statements ,
Public Statements ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
SolarWinds ,
White Collar Crimes
Earlier this year, a dedicated policy prepared by the European Central Bank (ECB) came into effect requiring bank management bodies to broaden their collective understanding of and proficiency in identifying and dealing with...more
Two recent settlements under the False Claims Act (FCA):
- Signal enhanced risk around cybersecurity for recipients of federal funds.
- Underscore the need to assess compliance with cybersecurity requirements and...more
Colorado has become the first state to enact a comprehensive law relating to the development and deployment of certain artificial intelligence (AI) systems. The Colorado Artificial Intelligence Act (CAIA), which will go into...more
6/24/2024
/ Artificial Intelligence ,
Colorado ,
Consumer Financial Products ,
Consumer Protection Laws ,
Cybersecurity ,
Data Privacy ,
Disclosure Requirements ,
FinTech ,
Machine Learning ,
New Legislation ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management
On May 16, 2024, the Securities and Exchange Commission (SEC) announced the adoption of amendments to Regulation S-P (Reg S-P), which broadly track the changes originally proposed in March 2023. The revised Reg S-P requires...more
On April 2, 2024, the Enforcement Division of the California Privacy Protection Agency (CPPA) issued Enforcement Advisory No. 2024-01. This first-ever enforcement advisory focuses on promoting compliance with California...more
4/19/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Litigation ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Enforcement ,
Financial Institutions ,
FinTech ,
Intellectual Property Protection ,
Opt-Outs ,
Regulatory Requirements ,
Technology
Valuable insights into the measures European regulators expect businesses to take to protect data privacy can be found in a report from the European Data Protection Board (EDPB) summarizing decisions under the EU’s General...more
4/15/2024
/ Data Breach ,
Data Controller ,
Data Protection ,
Data Security ,
Enforcement ,
EU ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
Firewalls ,
General Data Protection Regulation (GDPR) ,
Passwords ,
Professional Regulators
On March 13, 2024, Utah enacted the Utah Artificial Intelligence Policy Act (UAIP), which imposes certain disclosure requirements on entities using generative AI tools with their customers, and limits an entity’s ability to...more
4/8/2024
/ Artificial Intelligence ,
Consumer Protection Laws ,
Corporate Counsel ,
Cybersecurity ,
Disclosure Requirements ,
Fines ,
Machine Learning ,
New Legislation ,
Penalties ,
Policies and Procedures ,
Popular ,
Reporting Requirements
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced its second settlement in four months growing out of a ransomware attack on a health care business. Maryland-based Green Ridge...more
Both the EU and Germany are taking significant steps to accelerate digitalization in the health sector and facilitate the exchange and use of health data for research and innovation purposes.
They aim to improve...more
4/4/2024
/ Analytics ,
Artificial Intelligence ,
Cybersecurity ,
Data Protection ,
Data-Sharing ,
Digital Health ,
EU ,
Germany ,
Healthcare ,
Life Sciences ,
Machine Learning ,
Pharmaceutical Industry ,
Popular ,
Privacy Laws ,
Research and Development
Tennessee has enacted the Ensuring Likeness, Voice and Image Security (ELVIS) Act, which aims to protect individuals from the use of their persona in connection with “deepfakes” (i.e., fake content generated by artificial...more
4/3/2024
/ Artificial Intelligence ,
Fraud ,
Innovative Technology ,
Intellectual Property Protection ,
Legislative Agendas ,
Machine Learning ,
Music Industry ,
Name and Likeness ,
New Legislation ,
Private Right of Action ,
Regulatory Agenda ,
State and Local Government ,
Technology ,
Tennessee
The Federal Communications Commission (FCC) recently approved a voluntary Internet of Things (IoT) Labeling Program, which allows manufacturers of IoT products to earn the FCC’s approval to display a “U.S. Cyber Trust Mark”...more
3/22/2024
/ Cybersecurity ,
Data Security ,
FCC ,
Internet of Things ,
Internet Retailers ,
Labeling ,
NIST ,
Online Marketplace ,
Popular ,
Regulatory Agenda ,
Telecommunications ,
Wireless Technology
The oversight obligations of boards continue to expand. Recent enforcement actions and new laws in areas such as cybersecurity, artificial intelligence and supply chains create new challenges for boards, as we explain in this...more
2/19/2024
/ Acquisitions ,
Activist ,
Artificial Intelligence ,
Board of Directors ,
Canada ,
China ,
Competition ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
EU ,
Executive Orders ,
Federal Contractors ,
Financial Services Industry ,
Forced Labor ,
Germany ,
International Labor Laws ,
Life Sciences ,
Machine Learning ,
Manufacturers ,
Mergers ,
NGOs ,
Political Campaigns ,
Political Contributions ,
Political Conventions ,
Publicly-Traded Companies ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Shareholder Activism ,
Shareholders ,
Technology Sector ,
UK ,
Uyghur Forced Labor Prevention Act (UFLPA)
Key Points -
- New SEC rules from 2023 require public companies to report material cybersecurity incidents promptly and detail their cybersecurity risk management strategies in annual reports — requirements that increase...more