On February 4, 2025, the European Commission (EC) issued draft guidelines clarifying the AI practices that are prohibited under the European Union’s (EU) Artificial Intelligence (AI) Act. While non-binding, the guidelines offer valuable clarifications and practical examples to help businesses
Latest from The Data Advisor
Upcoming Reporting Obligations Under the EU Digital Services Act
Services subject to the EU’s Digital Services Act (DSA) will be required to publish their annual transparency report by February 16, 2025. This includes providers of hosting services, online platforms, very large online platforms (VLOP), and very large online search
Understanding the EU’s Cyber Solidarity Act: Key Takeaways
On February 4, 2025, the European Union’s (EU) Cyber Solidarity Act (CSA) entered into force. The CSA aims to harmonize and strengthen the cooperation between EU authorities to improve their capacity to detect and address large-scale cyber threats.
While the
Consumer Protection Update: With Disruption at the Federal Level, State Attorneys General Are Likely to Loom Large
We are less than a month into the new Trump administration and are seeing an unprecedented wave of activity and major changes at federal agencies. These changes promise to bring significant disruption to the staff and negatively impact the typical
The EU’s AI Act Starts to Apply as of February 2, 2025
On February 2, 2025, the European Union’s (EU) Artificial Intelligence Act (AI Act) will start to apply in phases. This alert summarizes the new obligations that will apply as of February 2, 2025. It also indicates when companies can expect
New Federal Children’s Privacy Requirements Are Not Child’s Play: FTC Amends COPPA Rule, Imposing New Obligations on Child-Directed Services
Companies that may have child users, or whose competitors have child users, take note. On January 16, 2025, the Federal Trade Commission (FTC) announced the final amendments to the Children’s Online Privacy Protection Rule (COPPA Rule). At a high level,
Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements
On January 14, 2025, the UK government unveiled a proposed framework aimed at combating the rise of ransomware attacks by implementing a payment prevention and reporting regime. This would require companies to not only report all ransomware incidents, but also
The UK’s Online Safety Regime Is Coming into Force: Steps to Take Now
In the last month, Ofcom, the regulator tasked with enforcing the UK’s Online Safety Act (OSA), has published guidance enacting requirements under the OSA to carry out illegal harms risk assessments and children’s access assessments. Providers of in-scope services must
New EU Cyber Resilience Requirements for Financial Sector Enter into Force
As of January 17, 2025, financial entities and their critical information and communication technology (ICT) service providers need to comply with the new cybersecurity requirements in the Digital Operational Resilience Act (DORA). DORA introduces significant operational and ICT security requirements
HHS-OCR Announces Proposed Modifications to the HIPAA Security Rule
Overview
The U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) has announced proposed modifications to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (the Proposed Rule). The Proposed Rule was published in the Federal