-
Jan 6, 2025 | 
jdsupra.com | Kata Viktoria Eles |Nicola Kerr-Shaw |David Simon
[co-author: Aleksander Aleksiev]The EU’s Digital Operational Resilience Act (DORA) becomes binding on 17 January 2025. As the compliance deadline approaches, EU financial regulators (ESAs) have issued a flurry of statements on the act, including: An ESA statement on DORA compliance. The publication of the final Implementing Technical Standard for registers of information. An ESA report on regulators’ DORA “dry run” of registering information.
-
Oct 15, 2024 | 
jdsupra.com | Nicola Kerr-Shaw |David Simon
[co-author: Aleksander ALeksiev]On 30 September 2024, the UK Department of Science, Innovation and Technology announced that the Cyber Security and Resilience Bill (Bill) will be introduced to Parliament in 2025. The Bill was first announced in the King’s Speech on 17 July 2024. Its aim is to strengthen the UK’s cybersecurity and ensure that critical infrastructure and digital services are secure and resilient.
-
Oct 10, 2024 | 
jdsupra.com | Matthew Krueger |David Simon |John Turlais
Conducting effective cross-border internal investigations is more critical than ever for companies facing increasingly complex regulatory frameworks across the globe. With heightened scrutiny from regulatory authorities and diverse legal landscapes, navigating internal investigations requires precision, cultural awareness, and a deep understanding of varying legal frameworks. Mistakes in internal investigations can expose companies to further legal, reputational, and financial risks.
-
Oct 8, 2024 | 
jdsupra.com | Brian Egan |David Simon |Sammuel Kim
On September 11, 2024, the Department of Commerce’s Bureau of Industry and Security (BIS) published a proposed rule that would require U.S. persons to report certain activities related to the development or acquisition of “dual-use” artificial intelligence (AI) models and computing clusters (Proposed Rule).
-
Aug 11, 2024 | 
concurrences.com | Bill Batchelor |Ryan Junck |David Simon |Nicola Kerr-Shaw
SummaryIn Nuctech Warsaw (T-284/24), the EU Court of Justice held that EU subsidiaries can lawfully be required to provide access to email accounts and data held by their overseas parent company. The ruling involved the following framing: Broad reach of EU extraterritorial investigative powers: The order interprets the European Commission’s (EC’s) investigative powers broadly. EU law applies to conduct with significant effects in the EU, even if the conduct occurs outside the EU. Consequent...
-
Aug 11, 2024 | 
concurrences.com | Bill Batchelor |Ryan Junck |David Simon |Nicola Kerr-Shaw
SummaryIn Nuctech Warsaw (T-284/24), the EU Court of Justice held that EU subsidiaries can lawfully be required to provide access to email accounts and data held by their overseas parent company. The ruling involved the following framing: Broad reach of EU extraterritorial investigative powers: The order interprets the European Commission’s (EC’s) investigative powers broadly. EU law applies to conduct with significant effects in the EU, even if the conduct occurs outside the EU. Consequent...
-
Jul 2, 2024 | 
lexology.com | Bradley A. Klein |Jessie Liu |William Ridgway |David Simon |John Barkmeyer
Two recent settlements under the False Claims Act (FCA):Signal enhanced risk around cybersecurity for recipients of federal funds. Underscore the need to assess compliance with cybersecurity requirements and contractual obligations. Demonstrate the need for contractors to oversee delegated security measures to ensure they meet contractual standards. BackgroundOn May 13, 2024, the Department of Justice (DOJ) entered into settlements with contractor Guidehouse Inc.
-
Jun 27, 2024 | 
jdsupra.com | Stuart D. Levi |Nicola Kerr-Shaw |David Simon
Key Points On May 21, 2024, the European Council approved the Artificial Intelligence Act, which will be implemented over the next 36 months. The AI Act defines AI systems very broadly and outlines obligations for providers, deployers, importers and distributors — regardless of geographic location — if they market an AI system, serve persons using an AI system or utilize the “output” of the AI system, all within the EU.
-
May 15, 2024 | 
reuters.com | Karen M. Lent |Anthony Dreyer |David Simon
Man poses in front of on a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica December 27, 2014. Picture taken December 27, 2014. REUTERS/Dado Ruvic/File Photo May 15, 2024 - The professional sports industry represents the unique intersection of numerous motivating factors for cyber criminals. In recent years, criminal hackers seeking financial gain have hit major sports teams with ransomware attacks.
-
Apr 15, 2024 | 
jdsupra.com | Kata Viktoria Eles |William Ridgway |David Simon
Executive Summary Valuable insights into the measures European regulators expect businesses to take to protect data privacy can be found in a report from the European Data Protection Board (EDPB) summarizing decisions under the EU’s General Data Protection Regulation (GDPR).
