CSC Guidance Unveiled: NIL Enforcement and Implications for Collectives — Highway to NIL Podcast
Daily Compliance News: July 22, 2025, The I-9 Hell Edition
New Virginia "Workplace Violence" Definition and Healthcare Reporting Law: What's the Tea in L&E?
What the One Big Beautiful Bill Act Means for Employers - #WorkforceWednesday® - Employment Law This Week®
Understanding the New Overtime Tax Policies in the Big Beautiful Bill
When DEI Meets the FCA: What Employers Need to Know About the DOJ’s Civil Rights Fraud Initiative
(Podcast) California Employment News: Creating the Report for a Workplace Investigation – Part 4 (Featured)
California Employment News: Creating the Report for a Workplace Investigation – Part 4 (Featured)
Podcast - Navigating the Updated SF-328 Form
Five Tips for a New Public Company Director
Compliance Tip of the Day: Internal Control Deficiencies
Daily Compliance News: July 7, 2025 the Disaster on the River Edition
First 100 Days of the New HSR Rules with Antitrust Partner Kara Kuritz
Hospice Insights Podcast - Election Inspection: Be Proactive to Avoid Costly Election Statement Denials
Compliance into the Weeds: Autonomous AI Whistleblowing Misconduct
REFRESH Nonprofit Basics: Federal Tax Filing Deadlines and Penalties
(Podcast) California Employment News: Back to the Basics of Employee Pay Days
California Employment News: Back to the Basics of Employee Pay Days
Nonprofit Quick Tip: State Filings in Virginia and West Virginia
Great Women in Compliance: Creating Space to Speak Up: The Story Behind Psst.org
In its FY 2026 budget, Ohio quietly folded in a sweeping cybersecurity mandate that will require every “political subdivision” to have a cybersecurity program that aligns with recognized industry frameworks and adopt strict...more
While appointing and registering a DPO has been mandatory in China for many years, a portal has now finally been established for organisations to register those DPOs with the China data protection authority. This resolves...more
In September 2024, the US Securities and Exchange Commission (SEC) adopted rule changes to its Electronic Data Gathering, Analysis, and Retrieval (EDGAR) file access and account management system (EDGAR Next), which went into...more
Section 847 is widely regarded as a seismic shift that will result in a jump from 2,000 to 41,000 cases being processed annually! In anticipation of this, DCSA has been scaling up their resources and personnel. ACI’s 8th...more
On 25 June 2025, the European Commission announced its proposal for a “Space Act” that would introduce a new regulatory framework for EU space activities. The proposed framework includes cyber-resilience obligations for EU...more
European cybersecurity risk management and reporting obligations have received a substantial facelift. The Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the EU (“NIS 2”) became effective...more
The European Union’s ("EU") NIS2 Directive (Directive (EU) 2022/2555) capitalizes on the success of its predecessor, NIS, the first horizontal minimum harmonization cyber security and resilience frameworks at the EU level....more
On June 25, 2025, the European Commission published the long-anticipated draft EU Space Act (“Act”), a potentially landmark regulation that will apply to both EU and non-EU operators providing space services in Europe. The...more
As described in an earlier alert, the Department of Justice (DOJ) recently announced a 90-day pause in enforcement of the "Bulk Data Rule" for entities engaging in good faith compliance. That 90-day grace period ends on July...more
In November 2023, the New York Department of Financial Services (NYDFS) issued its second amendment to its "Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500). This was the...more
Enforce the Federal prohibition on foreign nationals voting in Federal elections. Requires documentary proof of United States citizenship and for verification from a State or local official for national mail voter...more
The U.S. Department of Justice’s (DOJ) sweeping new rule on cross-border data transactions is set to take effect in substantial part next month, with broad implications for companies that transfer U.S. personal data or...more
Introduction - On 27 September 2024, the Securities and Exchange Commission (SEC) adopted “EDGAR Next,” a collection of rule and form amendments intended to improve access to, and management of, accounts on the SEC’s filing...more
On January 15, 2025, the FAR Council finally released a proposed rule (the Rule)1 regulating the use and handling of controlled unclassified information (CUI) as a part of the general strategy to reduce threats of...more
On November 7, 2024, the Transportation Security Administration (the “TSA”) published a Notice of Proposed Rulemaking (the “Proposed Rule”) that would mandate cyber risk management (“CRM”) and reporting requirements for...more
Companies should not minimize the extent of a material cybersecurity incident by omitting material facts regarding the scope and potential impact of the incident. Cybersecurity risk factor disclosures should be tailored to a...more
The Servicemember Quality of Life Improvement and National Defense Authorization Act for Fiscal Year 2025 (FY2025 NDAA), signed into law on December 23, 2024, has significant implications for defense acquisition and...more
NIS2 (Network and Information Systems Directive 2) is the updated version of the NIS Directive, which the EU first introduced in 2016. The original NIS Directive aimed to enhance cybersecurity across member states by...more
Starting January 17, 2025, the Digital Operational Resilience Act (DORA) will require financial entities and their critical information and communication technology (ICT) service providers to comply with enhanced...more
New York State Governor Hochul recently gave us a “pre” New Year’s gift: effective on December 21, 2024, any individuals or businesses possessing the “private information” of New Yorkers must notify them, and certain state...more
DORA is now applicable, imposing requirements in respect of ICT risk management and digital operational resilience. Firms should be preparing their register of information ready for sharing with the CBI in April....more
The Cayman Islands Monetary Authority (“CIMA”) has issued a new Rule and Statement of Guidance on the obligations for the provision of virtual asset services – Virtual Asset Custodians and Trading Platforms (the “Rule”). With...more
U.S. investors interested in investing in advanced Chinese technology companies may now be constrained by the U.S. Government’s first-ever outbound investment rule (Final Rule) which took effect on Jan. 2, 2025. The Final...more
To kick off the New Year (and as is now tradition, since we put out a similar Recap & Forecast last year), Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2024...more
The rule imposes substantial new diligence, reporting, cybersecurity, and auditing obligations on companies. On December 27, 2024, the U.S. Department of Justice (“DOJ”) issued a final rule implementing Executive Order...more