The European Commission has published draft guidance on the classification of “high-risk” AI systems under the EU AI Act, together with practical examples of systems that, in its view, would…
The Council of the EU and the European Parliament have reached an agreement on delays and amendments to the EU AI Act, as part of the EU’s ongoing digital simplification…
On December 9, 2025, FINRA released its 2026 FINRA Annual Regulatory Oversight Report (the “2026 Report”). The 2026 Report contains a standalone section on Generative AI (“GenAI”) that substantially expands…
This summer, the UK enacted the long-anticipated Data (Use and Access) Act 2025 (“DUAA”), the first major amendments to the UK’s data protection legislation since Brexit. The changes include substantial…
The EU Data Act (or the “Act”) is a new regulation that establishes rules on who can access and use data generated by connected devices and related services – data…
On August 20, 2025, Colorado’s Division of Insurance (the “Division”) adopted final amendments to its regulation on the Governance and Risk Management Framework Requirements for certain insurers that use external…
President Trump issued an Executive Order on June 6, 2025, that sheds light on the Administration’s approach to cybersecurity and AI by highlighting foreign threats to U.S. cybersecurity, emphasizing federal…
In Part 1 of this series, we discussed the annual cybersecurity audit requirements in the California Privacy Protection Agency (the “CPPA”)’s proposed rulemaking package (the “Draft Regulations”). In Part 2,…
Our top-five European data protection developments from February are: European Commission publishes guidelines on prohibited AI practices: The EU Commission has published non-binding guidance on the EU AI Act’s prohibited…
Our top five European data protection developments from January are: UK ransomware reporting proposals. The UK Government released a consultation on ransomware related legislative proposals, including possible reporting obligations and…