On May 17, 2024, Colorado passed Senate Bill 24-205 (“the Colorado AI Law” or “the Law”), a broad law regulating so-called high-risk AI systems that becomes effective on February 1, 2026. The law imposes sweeping obligations on both AI system deployers and developers doing business in Colorado, including a duty of reasonable care to protect Colorado residents from any known…
Luke Dembosky, Avi Gesser, Erez Liebermann, Jim Pastore and Matt Kelly were all ranked by Chambers & Partners in the Privacy & Data Security: Cybersecurity category. For this category, Chambers reviews law firms’ capacity to assist clients in preparing for and responding to non-intentional data use, including bad actors, data breaches, and any situation where companies lose containment over the…
The rise of generative AI platforms has introduced significant new legal challenges for brand owners. While much has been written about the copyright implications of generative AI, many high-profile cases also include trademark infringement allegations, highlighting the potential for AI-generated content to affect brand reputation and create legal risk. AI tools offer businesses the ability to create new content and…
Key takeaways from April include: UK FCA’s AI regulation: UK FCA-regulated firms should take note of the FCA’s newly confirmed approach to AI regulation that seeks to be outcome-focused, principle-led, and flexible and consider whether their use of AI is consistent with the FCA’s objectives to mitigate risk to consumer protection, market competition, and market integrity. UK Generative AI: Adding…
On May 23, 2024, the U.S. Department of Housing and Urban Development (“HUD”) announced that, effective immediately, Federal Housing Administration (“FHA”)-approved Mortgagees are subject to a drastically heightened cybersecurity incident reporting regime. HUD issued this new requirement (the “HUD Notification Requirement”) without the need for notice or comment in Mortgagee Letter 2024-10 (the “Letter”), which amends the Single Family Housing…
We invite you to join members of our Consumer Finance and DSS Groups on May 21, 2024 from 4:00 pm to 5:00pm EDT for the fifth installment in a quarterly series of Consumer Finance webcasts. This episode will highlight topics including: AI in Lending AI in Payments AI in Customer Service Do you have specific questions you would like addressed? If…
On April 26, 2024, the Federal Trade Commission (the “FTC”) issued a controversial final rule (the “Final Rule”) that, among other things, expands the scope of the Health Breach Notification Rule (the “HBNR” or the “Rule”) to apply to health apps and related technologies. Driven by the popularity and increasing variety of direct-to-consumer healthcare technologies, many companies that do not…
On May 16, 2024, the SEC adopted amendments to Regulation S-P (“Reg S-P”) one year after its proposed amendments (the “Proposed Amendments”). The finalized amendments (“Amended Reg S-P”) largely track the Proposed Amendments and include significant requirements related to (1) incident response programs, (2) 30-day customer notifications of data breaches, (3) service provider oversight, (4) the scope of the Safeguards…
With the EU Digital Operational Resilience Act (“DORA”) implementation deadline set for January 2025, many financial services firms are spending 2024 preparing for the new regime. Amongst many operational resilience and management oversight requirements, DORA will require covered entities to monitor for, identify, and classify Information and Communications Technology (“ICT”)-related incidents (“incidents”) and cyber threats and report them under certain…
Despite much fanfare, and a process that seems to edge ever nearer to completion, the EU AI Act still has not been formally adopted. The Act still has to undergo a final European Council vote before it can be published in the Official Journal, 20 days after which it will be finally adopted; this is widely expected to occur sometime…