On 3 February 2025, the European Commission (“EC”) published an updated version of its frequently asked questions (“FAQs”) on the EU Data Act.[1]  The Data Act, which is intended to make data more accessible to users of IoT devices in the EU, entered into force on 11 January 2024 and will become generally applicable as of 12 September 2025.Continue Reading Data Act FAQs – Key Takeaways for Manufacturers and Data Holders

The rapid development of AI is introducing new opportunities and challenges to dispute resolution. AI is already impacting the document review and production process, legal research, and the drafting of court submissions. It is expected that the use of AI will expand into other areas, including predicting case outcomes and adjudicating disputes. However, the use of AI in litigation also bears risk, as highlighted by a recent First-tier Tribunal (Tax) decision, where an appellant had sought to rely on precedent authorities that, in fact, were fabricated by AI (a known risk with AI using large language models, referred to as hallucination).[1] While, in this particular case, no further consequences seemed to follow (in light of the fact that the appellant, a litigant in person, “had been unaware that the AI cases were not genuine and that she did not know how to check their validity[2]), the Tribunal did highlight that “providing authorities which are not genuine and asking a court or tribunal to rely on them is a serious and important issue”,[3] suggesting that litigants may incur certain risks by relying on authorities suggested by AI, unless these are independently verified. On 12 December 2023, a group of senior judges, including the Master of the Rolls and the Lady Chief Justice, issued guidance on AI for judicial office holders, which, amongst other things, discourages the use of AI for legal research and analysis and highlights the risk of AI being relied on by litigants to provide legal advice and/or to produce evidence.[4]Continue Reading Nexus of AI, AI Regulation and Dispute Resolution

On November 1, the New York Department of Financial Services (“DFS” or the “Agency”) announced finalized amendments to its Cybersecurity Regulation applicable to DFS-regulated entities.[1]  The finalized amendments to the Cybersecurity Regulation (the “Amendments”) contain significant revisions designed to mandate preventative measures to address common attack vectors and enhance cybersecurity governance, bringing more formality and uniformity to the assessment and mitigation of a covered entity’s specific cybersecurity risks.[2]  The Amendments may also portend future changes to cybersecurity regulations outside of DFS, as the original DFS Cybersecurity Regulation influenced many existing cybersecurity requirements in other areas of the law.  Continue Reading New York Department of Financial Services Finalizes Amendments to Cybersecurity Regulation

In recent weeks, six states, Florida (effective July 1, 2024)[1], Texas (effective July 1, 2024)[2], Montana (effective October 1, 2024)[3], Iowa (effective January 1, 2025)[4], Tennessee (effective July 1, 2025)[5] and Indiana (effective January 1, 2026)[6], have passed consumer privacy laws, adding to the growing list of states with comprehensive privacy legislation alongside California, Virginia, Colorado, Connecticut and Utah.  In the ever-changing landscape of privacy compliance, it is more critical and complicated than ever for businesses to be able to determine which state privacy laws may apply to their business.Continue Reading Determining Applicability of Newly Enacted Comprehensive U.S. Privacy Laws

On January 10, 2023, the Resolution of the National Cybersecurity Agency’s of January 3, 2023, which includes the taxonomy of incidents affecting networks, information systems, and information services other than ICT Assets to be notified by entities included in the National Cybersecurity Perimeter, was published in the Italian Official Journal.

Please click here to read

On May 3, 2022, the European Commission published its proposal for a regulation on the “European Health Data Space”.

The EHDS is a talismanic European healthtech initiative that could revolutionize access to a deeper pool of EU-wide health data and unlock significant tech, AI and data analytics innovation.  As a core part of the Commission’s

A 2021 survey of chief legal officers demonstrated that cybersecurity has overtaken compliance as the most significant legal risk that businesses face today. This should not come as a surprise as 2021 brought a series of high-profile cyberattacks on major companies and U.S. infrastructure targets.
Continue Reading Cybersecurity: Data Breaches, Ransomware Attacks and Increased Regulatory Focus

On February 18, 2021, the U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC) announced a $507,375 settlement with BitPay, Inc. (BitPay), a payment processor for merchants accepting digital currency as payment for goods and services, for 2,102 apparent violations of multiple sanctions programs between 2013 and 2018.[1] The settlement highlights that financial service providers facilitating digital currency transactions must not only establish sanctions compliance programs to screen their own customers but also must monitor third-party non-customer transaction information.
Continue Reading OFAC Settles with Digital Currency Payment Processor for Sanctions Violations

After what appears to be a period of relative leniency in 2018/19, enforcement actions for violations of the EU General Data Protection Regulation (“GDPR”) have since intensified. In 2020, according to publically available information, supervisory authorities across the EU and the UK Information Commissioner’s Office (“ICO”) have issued over EUR 170 million worth of fines combined[1], with six of the top ten individual fines imposed being issued in 2020[2].
Continue Reading Ready to Pounce: Regulators Are Intensifying GDPR Enforcement

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2021”.

Cybersecurity, a topic that was already top of mind for boards and corporate stakeholders at the start of the year, was pushed even further to the fore in the wake of the