Remove 2025 Remove Due diligence Remove Law
article thumbnail

The EU’s Cyber Resilience Act Has Now Been Agreed

Inside Privacy

In terms of timing, the CRA will come into force over a phased transition period starting in late 2025. Conducting due diligence on imported PDEs. Covington’s Privacy and Cybersecurity Practice regularly advises on cybersecurity laws in Europe and elsewhere.

article thumbnail

Top 10 (Well, 11) Cybersecurity Blog Posts for 2024

Debevoise Data Blog

In this post, we discuss how companies can comply with NYDFSs current approach by establishing internal governance committees, conducting a gap assessment against existing controls and standardizing due diligence processes, among other practical tips.

professionals

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

EU cyber regulation wave quietly rolls on – Commission set to finalize new cyber standards

Inside Privacy

Although voluntary, the draft standards will also have consequences for European cybersecurity laws more broadly, including: NIS 2, Europe’s cybersecurity directive for essential infrastructure, which provides that member states may require entities to use products that are certified under the ECCS. of global turnover.

article thumbnail

Helpful Guidance on Managing AI-Related Cybersecurity Risks from Hong Kong’s SFC

Debevoise Data Blog

There is also some overlap with the requirements in the EU AI Act and the Colorado AI Law , although the Circular is narrower (applying only to language models) and more prescriptive. Some companies may want to address this now as 2025 budgets are being finalized. To subscribe to the Data Blog, please click here.

article thumbnail

Managing Cybersecurity Risks Arising from AI – New Guidance from the NYDFS

Debevoise Data Blog

The Guidance applies to entities that are covered by Part 500 ( i.e., entities with a license under the New York Banking Law, Insurance Law or Financial Services Law), but it provides valuable direction to all companies for managing the new cybersecurity risks associated with AI.

article thumbnail

UK Financial Regulators Publish Response to AI Consultation – Seven Takeaways

Debevoise Data Blog

The UK’s Approach to AI Regulation As set out in the government’s white paper on AI , the UK, unlike the EU, does not intend to implement AI-specific laws or regulations. One possibility is for the UK Financial Regulators to introduce standardized AI due diligence requirements that firms must satisfy before they can adopt third-party tools.

article thumbnail

Part 2 – Helpful Guidance on Managing (Non-Cybersecurity) AI Risks from Hong Kong’s SFC

Debevoise Data Blog

For some firms, compliance with the Circular will require a significant increase in their compliance budgets and the securing of additional resources for 2025 and beyond. The authors would like to thank Debevoise Law Clerks Adam Shankman and Diane Bernabei for their contribution to this blog post.