Category: Policy & Legislation
NYDFS Refresher Series – Part 1: What Companies Need to Know Ahead of Annual Certifications of Compliance
Upcoming compliance certification Every year by April 15, financial entities subject to the New York Department of Financial Services (NYDFS) oversight (covered entities) are required to certify their compliance with the NYDFS’ cybersecurity regulations, 23 NYCRR Part 500 (Part 500). This year’s deadline will be the first time covered entities […]
South Korea’s AI Basic Act: Overview and Key Takeaways
South Korea’s Act on the Development of Artificial Intelligence and Establishment of Trust (AI Basic Act) took effect on January 22, 2026, joining the European Union AI Act as a comprehensive AI regulatory regime. The AI Basic Act provides high-level requirements for transparency and addressing high-risk AI systems, and confirms its extraterritorial […]
EU AI Act: Proposed ‘Digital Omnibus on AI’ Will Impact Businesses’ AI Compliance Roadmaps
This update covers the European Commission’s proposed “Digital Omnibus on AI”, published 19 November 2025. Part of the European Union’s simplification drive, the proposal aims to streamline the EU Artificial Intelligence (AI) Act’s implementation, ease compliance burdens and adjust compliance deadlines ahead of the AI Act’s full application on 2 […]
China Releases Multiple Key Draft Cyber and Data Security Regulations at Year-End 2025
China is closing out 2025 with significant steps to reinforce its data protection and cybersecurity regime. In the past month, Chinese regulators have unveiled multiple key draft regulations for public comments. These developments underscore China’s efforts to address the increasing data and security risks and the continuous enforcement of its […]
ICO Updates Guidance on Encryption
The UK Information Commissioner’s Office (ICO) has released updated guidance on encryption following a recent consultation.
The revised guidance provides a framework outlining when and how organisations should consider implementing encryption to protect personal data.
English Court of Appeal Rules on Compensation for Data Breaches
The English Court of Appeal has handed down an important judgment in Farley v. Paymaster (Equiniti)[1] on when compensation may be claimed for nonmaterial damage (such as distress or anxiety) arising out of breaches of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).
What the UK’s New Data (Use and Access) Act Means for Your Business
Event summary The UK’s Data (Use and Access) Act 2025 has now received royal assent. This landmark legislation introduces targeted updates to the UK’s data protection framework, impacting everything from automated decision-making and scientific research to marketing practices and cookie compliance. Please join our partners for a concise 30-minute webinar […]
Comparing New Neural Data Privacy Laws in 4 US States
Cooley partner Kristen Mathews‘ Law360 article argues that protecting neural privacy is essential – for both businesses and the human mind. Examining the evolving legal landscape surrounding neural data privacy in the United States, Mathews highlights recent legislation in Colorado, California, Montana and Connecticut regulating the handling of neural data […]
The DOJ’s Data Security Program – Understanding and Complying with the New Bulk Data Transfer Rule
This post is one in a series where we discuss the US Department of Justice’s (DOJ’s) data security program, commonly known as the bulk data transfer rule, which prohibits individuals or entities from certain foreign countries, including China, from accessing certain types of sensitive data, and imposes onerous privacy and […]
The Data (Use and Access) Act: What Businesses Need to Know
The UK’s Data (Use and Access) Act (DUA Act) has now received Royal Assent, introducing a series of targeted updates to the UK’s data protection framework in areas like artificial intelligence (AI) and research, while preserving alignment with core UK General Data Protection Regulation (GDPR) principles.