The Cybersecurity Information Sharing Act of 2015 (CISA 2015) expired on September 30, 2025, after Congress missed the reauthorization deadline. That lapse removes the decade-old legal framework that encouraged and protected cyber threat information sharing among companies, Information Sharing and
In a significant regulatory development, the Cyberspace Administration of China (CAC) has officially issued the Measures for the Administration of National Cybersecurity Incident Reporting (the Final Reporting Measures), which will take effect on 1 November 2025. This
On September 1, 2025, Texas amended its telephone solicitation law to include text messages and to add several new requirements, including a registration requirement with the Texas Secretary of State, plus a form of security (such as a bond) in
The Court of Justice of the European Union (CJEU) has delivered its judgment on case C 413/23 P European Data Protection Supervisor (EDPS) v Single Resolution Board (SRB). The CJEU has confirmed that pseudonymised
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) (Dutch DPA) recently published a report on personal data breaches, which provides valuable insights into the Dutch DPA’s views on incident response. It also contains some helpful statistics.
Increase
Financial regulators globally emphasise the importance of financial entities being operationally resilient, which includes the ability to manage and recover from disruptions caused by their service providers. The topic receives significant attention in the financial services sector because the sector
Agentic AI brings the promise of AI making a range of decisions autonomously. It has been proposed as the way forward for some of the most impactful decisions in our lives: interacting with customers and actioning requests, triaging requests for
On August 14, 2025, the New York Department of Financial Services (“NYDFS”) entered into a consent order with Healthplex, Inc, (“Healthplex”), which is licensed by NYDFS as an independent claims adjuster and as a life and/or accident health insurance agent.
On July 24, 2025, the California Privacy Protection Agency (CPPA) approved regulations that would impose a new requirement under the California Consumer Privacy Act: mandatory annual cybersecurity audits for certain businesses. These new requirements are now undergoing review by the
On July 23, 2025, the White House released a sweeping new policy framework titled “Winning the AI Race: America’s AI Action Plan” (the “Plan”), describing the federal government’s approach to artificial intelligence (“AI”). This initiative, developed under the