On June 10, the Cybersecurity & Infrastructure Security Agency (CISA) released Binding Operational Directive (BOD) 26-04 on Prioritizing Security Updates Based on Risk and the accompanying Implementation Guidance. In releasing the BOD and Implementation Guidance, CISA noted that the
Latest from Inside Privacy
Vermont Data Privacy Bill Signed into Law
On June 16, 2026, the Vermont Governor signed into law the Vermont Data Privacy and Online Surveillance Act, making Vermont the fourth state to enact a comprehensive data privacy law this year. The law will take effect on January
Amadeus IT Group Receives GDPR Fine
On May 26, 2026, the Spanish Data Protection Agency (“AEPD”) published details of its decision to fine Amadeus IT Group, S.A. (“Amadeus”), a Madrid-headquartered technology provider for the global travel and tourism industry, EUR 18 million in connection with GDPR
The TAKE IT DOWN Act’s Notice and Removal Requirements Enter Into Effect
On May 19, 2026, the notice and removal requirements set forth in Section 3 of the Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act (“TAKE IT DOWN Act” or “TIDA”) entered into effect. Under
Washington Anti-Spam Law Decision Addresses Article III Standing in CEMA Cases
A federal court recently addressed whether plaintiffs alleging misleading commercial email practices in violation of Washington’s Commercial Electronic Mail Act (“CEMA”) have Article III standing to pursue claims. The ruling suggests that alleged violations of CEMA, standing alone, could constitute
ENISA’s NIS360 2026 report highlights both the criticality of the European space sector, and flags a persistent cybersecurity maturity gap
On May 28, 2026, the European Union Agency for Cybersecurity (“ENISA”) published the third edition of its NIS360 report, an annual benchmarking tool that assesses the cybersecurity maturity of entities in the sectors set out in Annex I of
Brazil Steps Up Regulation of Violence Against Women in the Digital Environment
On 20 May 2026, Brazil adopted Presidential Decree No. 12,976, establishing a comprehensive framework to address violence against women online. Adopted alongside a parallel decree (No. 12,975) reforming intermediary liability, it reflects a more assertive approach to
EU AI Act Update: The European Commission Publishes Draft Guidelines on HRAIs
On 19 May 2026, the European Commission published its long-awaited draft, non-binding guidelines on the classification of high-risk AI systems (“HRAIs”) under the EU AI Act (the “Guidelines”). Across three documents—covering general principles, high-risk classification in the context of regulated
Louisiana Enacts Comprehensive Privacy Law
White House Releases Executive Order on Advanced AI Innovation and Security
On June 2, 2026, the White House issued an executive order titled “Promoting Advanced Artificial Intelligence Innovation and Security” (the “Order”). The Order reflects the Administration’s stated policy of advancing U.S. leadership in artificial intelligence (“AI”) while addressing