On July 24, 2025, the California Privacy Protection Agency (CPPA) unanimously adopted a comprehensive rulemaking package under the California Consumer Privacy Act (CCPA) that primarily addresses automated decisionmaking...more
7/31/2025
/ Algorithms ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Employee Rights ,
Job Applicants ,
New Regulations ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology
On July 7th, the NAIC’s Big Data and AI Working Group (Working Group) exposed a draft of an AI Systems Evaluation Tool (Evaluation Tool). The stated purpose is to provide regulators with a tool that enables them to identify...more
7/30/2025
/ Algorithms ,
Artificial Intelligence ,
Compliance ,
Consumer Protection Laws ,
Data Collection ,
Financial Services Industry ,
Insurance Industry ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Technology
The Texas Responsible Artificial Intelligence Governance Act (TRAIGA), which was signed into law by Governor Greg Abbott on June 22, 2025, and is effective January 1, 2026, establishes a framework for regulating the...more
Consistent with President Trump’s de-regulatory agenda, the Consumer Financial Protection Bureau (CFPB or Bureau) is withdrawing over five dozen of its guidance documents, including interpretive rules, advisory opinions, and...more
On April 23, 2025, President Donald Trump issued an Executive Order titled “Restoring Equality of Opportunity and Meritocracy” (order). The order declares disparate impact theory to be “wholly inconsistent with the...more
5/12/2025
/ Artificial Intelligence ,
Civil Rights Act ,
Colorado ,
Disparate Impact ,
Executive Orders ,
Insurance Regulations ,
New York ,
NYDFS ,
Preemption ,
Regulatory Reform ,
Technology ,
Title VI ,
Trump Administration
Proposed rule would create new prohibitions on transactions of sensitive personal data and government-related data -
The Department of Justice (DOJ) has proposed a new rule aimed at preventing access of China and other...more
On October 16, 2024, the New York State Department of Financial Services (DFS) issued an industry letter providing guidance on how DFS-regulated entities (covered entities) should be evaluating and responding to artificial...more
10/30/2024
/ Artificial Intelligence ,
Covered Entities ,
Cyber Threats ,
Cybersecurity ,
Deep Fake ,
Industry Letters ,
New York ,
NYDFS ,
Popular ,
Regulatory Agenda ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management
On September 24th and 25th, the National Institute of Standards and Technology (NIST) convened a symposium to generate new insights about the next steps needed to unleash AI innovations that will enable trust in this...more
On February 26, 2024, the Connecticut Insurance Department (the CID) adopted Bulletin No. MC-25 on the “Use of Artificial Intelligence Systems in Insurance” (Connecticut Bulletin). This Connecticut Bulletin is similar to the...more
3/15/2024
/ Artificial Intelligence ,
Compliance ,
Corporate Governance ,
Insurance Industry ,
Model Rules ,
NAIC ,
NIST ,
Popular ,
Regulatory Oversight ,
Risk Management ,
State Insurance Administrations
Technological advances, especially in Artificial Intelligence and quantum computing, will continue to amaze in the coming years. They will open up vast new opportunities while presenting profound regulatory, litigation, and...more
3/1/2024
/ Artificial Intelligence ,
Business Losses ,
Consumer Financial Protection Bureau (CFPB) ,
Coronavirus/COVID-19 ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
NAIC ,
Popular ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws ,
Technology ,
Website Design ,
Websites
Welcome to our quarterly Global AI Regulatory Update, summarizing key developments from around the world.
On November 27, 2023, AI Security Guidelines were published. The guidelines were led by UK National Cyber Security...more
On January 17, 2024, the New York State Department of Financial Services (NY DFS) released for public comment a proposed circular letter (Proposed Letter) to regulate the use of artificial intelligence systems (AIS) and...more
On September 28, 2023, the Colorado Division of Insurance (CDI) released the first-of-its kind draft proposed regulation (Testing Regulation) for testing the outcomes of certain life insurance underwriting practices for...more
On November 1, 2023, the New York Department of Financial Services (NY DFS) published its highly anticipated final amendments to its influential cybersecurity requirements for financial services companies (Part 500)....more
11/15/2023
/ Chief Information Security Officer (CISO) ,
Compliance ,
Covered Entities ,
Cybersecurity ,
Final Rules ,
Financial Services Industry ,
Incident Response Plans ,
Multi-Factor Authentication ,
NYDFS ,
Policies and Procedures ,
Risk Assessment ,
Risk Management ,
State Data Breach Notification Statutes
On October 30, 2023, the Biden Administration issued the groundbreaking Executive Order 14110 on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (Order), which sets in motion a comprehensive...more
11/13/2023
/ Artificial Intelligence ,
Biden Administration ,
Civil Rights Act ,
Climate Change ,
Competition ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Department of Labor (DOL) ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Innovation ,
Innovative Technology ,
Intellectual Property Protection ,
NIST ,
Popular ,
Privacy Laws ,
Public Policy ,
Regulatory Agenda ,
Technology Sector
Welcome to the latest edition of Updata – the international update from Eversheds Sutherland’s dedicated Privacy and Cybersecurity team.
Updata provides you with a compilation of privacy and cybersecurity regulatory and...more
11/7/2023
/ Banking Sector ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subject Access Requests ,
Employee Monitoring ,
Enforcement Actions ,
EU ,
Hong Kong ,
New Legislation ,
Privacy Framework ,
Privacy Laws ,
UK
The Colorado Division of Insurance (CDI) adopted a new regulation on September 21, 2023 (Final Regulation) establishing requirements governing the use of external consumer data and information sources (ECDIS), as well as...more
10/2/2023
/ Algorithms ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Big Data ,
Casualty Insurance ,
Department of Insurance ,
Final Rules ,
Insurance Industry ,
Life Insurance ,
Predictive Analytics ,
Property Insurance ,
Proposed Legislation ,
Proposed Regulation ,
Risk Management
On July 17, 2023, the Innovation, Cybersecurity and Technology (H) Committee of the National Association of Insurance Commissioners (NAIC) released for comment a highly anticipated model bulletin (Model Bulletin) on...more
7/27/2023
/ Artificial Intelligence ,
Casualty Insurance ,
Comment Period ,
Corporate Governance ,
Insurance Industry ,
Model Forms ,
NAIC ,
Property Insurance ,
Regulatory Oversight ,
Request For Information ,
Risk Management ,
Third-Party Service Provider ,
Unfair or Deceptive Trade Practices
On May 26, 2023, the Colorado Division of Insurance (CDI) exposed, for public review and comment, a significantly revised draft of its proposed regulation (the Revised Draft Reg.) addressing the governance and risk management...more
Welcome to the latest edition of Updata!
Updata is an international report produced by Eversheds Sutherland’s dedicated Privacy and Cybersecurity team – it provides you with a compilation of key privacy and cybersecurity...more
5/11/2023
/ Adequacy Requirement ,
Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
China ,
Consent ,
Cookies ,
Cybersecurity ,
Czech Republic ,
Disclosure Requirements ,
EU ,
EU Data Protection Laws ,
Germany ,
International Data Transfers ,
Member State ,
New Guidance ,
New Legislation ,
NIST ,
Privacy Laws ,
Singapore ,
South Korea ,
State Privacy Laws ,
UK