Debevoise Data Blog – Page 34

Webcast – CISA Proposes Major Reporting Obligations for Critical Infrastructure

By: Luke Dembosky, Erez Liebermann, HJ Brehmer and Stephanie Thomas April 12, 2024

On April 22, 2024, Luke Dembosky, Erez Liebermann, HJ Brehmer, and Stephanie Thomas from our Data Strategy and Security Group hosted the next installment of our Data Security Webcast, where they delved into the Cybersecurity and Infrastructure Security Agency (“CISA”) notice of proposed rulemaking (“Proposed Rule”) for reporting requirements for critical infrastructure entities that experience covered cybersecurity incidents developed pursuant…

CISA Proposes Major Reporting Obligations for Critical Infrastructure

By: Avi Gesser, Luke Dembosky, Jim Pastore, Erez Liebermann, Caroline Novogrod Swett, HJ Brehmer, Gabriel Kohan, Michael R. Roberts, Stephanie Thomas and Annabella M. Waszkiewicz April 8, 2024

Adding to the growing number of cybersecurity incident reporting obligations, the Cybersecurity and Infrastructure Security Agency (“CISA”) has introduced a reporting requirement that will impact all critical infrastructure sectors, featuring highly detailed reporting duties that necessarily will require covered entities to maintain asset inventories, along with subpoena power and criminal enforcement authority. Back in March 2022, President Biden signed the…

The Increasing Risks of AI Washing and Securities Fraud Class Actions

By: Maeve O'Connor, Avi Gesser, Jim Pastore, Kristin Snyder, Charu A. Chandrasekhar, Matt Kelly, Gabriel Kohan, Alexandra Mogul and Joshua A. Goland April 3, 2024

Many public companies are starting to face increased risks of securities class action litigation based on statements about their use of AI that are alleged to have been false or misleading. We have previously written about the legal risks that companies face if they oversell the capabilities of their AI systems, which is known as “AI washing.” In particular, the…

100 Days of Cybersecurity Incident Reporting on Form 8-K: Lessons Learned

By: Charu A. Chandrasekhar, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Matt Kelly, Anna Moody, John Jacob, Kelly Donoghue and Talia Lorch March 28, 2024

On December 18, 2023, the Securities and Exchange Commission’s (the “SEC”) rule requiring disclosure of material cybersecurity incidents became effective. To date, 11 companies have reported a cybersecurity incident under the new Item 1.05 of Form 8-K (“Item 1.05”).[1] After the first 100 days of mandatory cybersecurity incident reporting, we examine the early results of the SEC’s new disclosure requirement.…

AI Enforcement Starts with Washing: The SEC Charges its First AI Fraud Cases

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Avi Gesser, Arian June, Robert B. Kaplan, Julie M. Riewe, Jeff Robins, Kristin Snyder, Jonathan R. Tuttle, James Amler, Phil Fortino, Matt Kelly, Anna Moody, Stephan J. Schlegelmilch, Gabriel Kohan and Corey Goldstein March 19, 2024

On March 18, 2024, the U.S. Securities and Exchange Commission (“SEC”) announced settled charges against two investment advisers, Delphia (USA) Inc. (“Delphia”) and Global Predictions Inc. (“Global Predictions”) for making false and misleading statements about their alleged use of artificial intelligence (“AI”) in connection with providing investment advice. These settlements are the SEC’s first-ever cases charging violations of the antifraud…