On 19 June 2025 the Data (Use and Access) Act (the "DUA Act") received Royal Assent and became law in the UK, having been passed by the UK Parliament on 11 June 2025. The DUA Act principally reforms the General Data...more
On 19 June 2025 the Data (Use and Access) Act (the "DUA Act") received Royal Assent and became law in the UK, having been passed by the UK Parliament on 11 June 2025....more
7/7/2025
/ Artificial Intelligence ,
Copyright ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Machine Learning ,
New Legislation ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Privacy Laws ,
Regulatory Reform ,
UK
The first requirements under the EU Artificial Intelligence (AI) Act come into effect on February 2, 2025, banning the use of AI systems that involve prohibited AI practices and requiring providers and deployers of AI systems...more
2/7/2025
/ Artificial Intelligence ,
Data Protection ,
Employee Training ,
EU ,
Facial Recognition Technology ,
Innovative Technology ,
Machine Learning ,
Professional Development ,
Regulation ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
Artificial intelligence (AI) and other emerging technologies have the potential to revolutionize the financial industry. At the same time, its use introduces new risks that need to be anticipated and addressed. This paper...more
1/24/2025
/ Algorithms ,
Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Emerging Technologies ,
Employment Discrimination ,
Financial Institutions ,
Financial Services Industry ,
Innovative Technology ,
Machine Learning ,
Regulatory Agenda ,
Risk Assessment ,
Risk Management
On 17 October 2024, the European Commission adopted the first Implementing Regulation under the Network and Information Security 2 Directive (EU) 2022/2555 (NIS2), focusing on digital infrastructures and services. The...more
10/21/2024
/ Cloud Computing ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Centers ,
Data Protection ,
EU ,
European Commission ,
Incident Response Plans ,
Infrastructure ,
Member State ,
New Regulations ,
Online Marketplace ,
Regulatory Requirements ,
Risk Management
The Network and Information Security 2 Directive (EU) 2022/2555 ("NIS2") entered into force on 16 January 2023. NIS2 sets cyber rules for organizations whose services are considered essential or important for maintaining...more
8/5/2024
/ Compliance ,
Cybersecurity ,
Data Protection ,
Data Security ,
EU ,
EU Directive ,
European Commission ,
Member State ,
New Legislation ,
Public Policy ,
Risk Management
As the European Union sets the stage for groundbreaking AI regulation, our podcast offers a comprehensive exploration of this landmark legislation. Join us as we dissect the EU AI Act, unpacking its key provisions and...more
Mayer Brown Partners Ana Bruder, Justin Herring, and Oliver Yaros focus on cybersecurity risks and regulations in the EU and UK. They explore third-party risks, ransomware incidents, and the impact of AI, while examining how...more
Join us on the latest episode of Financial Services Focus as Justin Herring, Jeff Taft and Ana Bruder discuss key cyber threats facing the financial services industry, including third-party risks, sophisticated ransomware,...more
The Information Commissioner's Office (the "ICO") has clarified the methods it will use to calculate the fines it will issue for breaches of data privacy law in the UK by publishing its latest Data Protection Fining Guidance...more
The EU Data Act came into force on January 11, 2024. The Data Act is part of the European Commission’s data strategy released in February 2020 and obliges manufacturers of connected products to make use-related data available...more
The opinion was issued in response to a request by the French Data Protection Authority and provides guidance on the conditions for determining a controller's main establishment where that controller has establishments in...more
2/29/2024
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
European Data Protection Board (EDPB) ,
France ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Lead Supervisory Authority ,
New Guidance ,
Personal Data ,
Regulatory Requirements
On 9 December 2023, European Parliament negotiators and the Council presidency agreed on the final version of what is claimed to be the world's first-ever comprehensive legal framework on Artificial Intelligence; the European...more