NYDFS Refresher Series – Part 1: What Companies Need to Know Ahead of Annual Certifications of Compliance
Upcoming compliance certification Every year by April 15, financial entities subject to the New York Department of Financial Services (NYDFS) oversight (covered entities) are required to certify their compliance with the NYDFS’ cybersecurity regulations, 23 NYCRR Part 500 (Part 500). This year’s deadline will be the first time covered entities […]
South Korea’s AI Basic Act: Overview and Key Takeaways
South Korea’s Act on the Development of Artificial Intelligence and Establishment of Trust (AI Basic Act) took effect on January 22, 2026, joining the European Union AI Act as a comprehensive AI regulatory regime. The AI Basic Act provides high-level requirements for transparency and addressing high-risk AI systems, and confirms its extraterritorial […]
EU AI Act: Proposed ‘Digital Omnibus on AI’ Will Impact Businesses’ AI Compliance Roadmaps
This update covers the European Commission’s proposed “Digital Omnibus on AI”, published 19 November 2025. Part of the European Union’s simplification drive, the proposal aims to streamline the EU Artificial Intelligence (AI) Act’s implementation, ease compliance burdens and adjust compliance deadlines ahead of the AI Act’s full application on 2 […]
China Releases Multiple Key Draft Cyber and Data Security Regulations at Year-End 2025
China is closing out 2025 with significant steps to reinforce its data protection and cybersecurity regime. In the past month, Chinese regulators have unveiled multiple key draft regulations for public comments. These developments underscore China’s efforts to address the increasing data and security risks and the continuous enforcement of its […]
The DOJ’s Data Security Program – Understanding and Complying with the New Bulk Data Transfer Rule
This post is one in a series where we discuss the US Department of Justice’s (DOJ’s) data security program, commonly known as the bulk data transfer rule, which prohibits individuals or entities from certain foreign countries, including China, from accessing certain types of sensitive data, and imposes onerous privacy and […]