Episode 381 -- NAVEX's 2025 Annual Hotline Report
AI and the False Claims Act
Disparate Impact & Enforcement Rollbacks: What’s the Tea in L&E?
What’s in Your Operating Agreement? Legal Tips for Healthcare Providers
A New Brand of Uncertainty? — PE Pathways Podcast
The Rise of OTAs in Defense Contracting: Opportunities, Risks, and What Contractors Need to Know
Breaking the Cycle: Flooding, Infrastructure, and Climate Law in Practice
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
Understanding BBB Ratings: Building Trust and Mitigating Risks — Regulatory Oversight Podcast
Beyond the Bylaws: The Medical Staff Show - Need to Know: How to Manage Medical Staff Confidentiality and Privilege Protections
False Claims Act Insights - The Mathematics of Nuclear FCA Verdicts
PODCAST: Williams Mullen's Benefits Companion - Cost, Care and Captives: A Mid-Size Employer’s Guide to Benefit Trends
Compliance Tip of the Day: Citibank and Continuous Monitoring
Lawyers Beware: There Could Be Serious Ethics Issues With The New AI Browsers
Compliance and AI: Navigating Risk Management in the AI Era with Gaurav Kapoor
Data Driven Compliance: Understanding the UK’s New Failure to Prevent Fraud Offense with Sam Tate
Avoiding a Bored Board
Compliance Tip of the Day: Crowd Sourcing Risk Intelligence
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
The EU has introduced Delegated Regulation (EU) 2025/1190, establishing the first harmonized standards for threat-led penetration testing ("TLPT") across the financial sector. The regulation aims to strengthen the cyber...more
The latest Startup Struggle Survey by Slush* reveals that European startup founders are facing a tighter and more uncertain business environment in 2025. Based on insights from 607 early-stage founders, the grassroots report...more
With DORA in effect and the European Banking Authority’s updated guidelines for non-ICT services under consultation, financial entities must consider their approach to third-party risk management. After DORA became effective...more
The European Central Bank (ECB) has published its Guide on outsourcing cloud services to cloud service providers (the "Guide") clarifying how banks are expected to comply with obligations under the EU Digital Operational...more
When the lights stayed on in Kyiv during a wave of missile attacks in early 2024, Ukrainian officials quietly acknowledged a second line of defense that received far less public attention than the nation’s air-defense...more
Regulation (EU) 2025/1355 of the European Central Bank (ECB) adopted on 2 July has been published in the Official Journal of the European Union. This Regulation recasts and replaces Regulation (EU) No 795/2014, updating the...more
- What is new: The EU’s Delegated Regulation on Subcontracting has come into force, completing the legal framework of the Digital Operational Resilience Act (DORA). Attention will now turn to enforcement. - Why it matters:...more
In a long-awaited move, the EU Commission has published a proposal for a new EU “Space Bill”. Set to enter into force in 2030, this piece of legislation is aimed at harmonising a fragmented legal environment, in order to...more
The technology and digital regulatory environment in the EU and the UK is experiencing significant evolution in 2025 and beyond. These legal developments present both significant opportunities and complex compliance...more
The European Commission has published the final version of a general-purpose AI (“GPAI”) Code of Practice. We took a deeper look into it and prepared a short summary to help you understand what the GPAI Code of Practice is,...more
Commission Delegated Regulation (EU) 2025/532 has been published in the Official Journal of the European Union. The Delegated Regulation supplements the Digital Operational Resilience Act (DORA) with regard to regulatory...more
On July 10, 2025, the EU published its Code of Practice for General-Purpose AI Models, a comprehensive, though not exhaustive, framework designed to guide Artificial Intelligence ("AI") providers in complying with the...more
The European Banking Authority (EBA) has published its spring 2025 risk assessment report alongside a press release, outlining key developments and emerging risks within the European Union/European Economic Area (EU/EEA). The...more
On 25 June 2025, the European Commission announced its proposal for a “Space Act” that would introduce a new regulatory framework for EU space activities. The proposed framework includes cyber-resilience obligations for EU...more
European cybersecurity risk management and reporting obligations have received a substantial facelift. The Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the EU (“NIS 2”) became effective...more
The NIS2 Directive has significantly reshaped the cybersecurity landscape across the EU. Since the implementation deadline in October 2024, EU Member States have been working to incorporate new standards into their national...more
On June 25, 2025, the European Commission published the long-anticipated draft EU Space Act (“Act”), a potentially landmark regulation that will apply to both EU and non-EU operators providing space services in Europe. The...more
The Delegated Regulation, which contains regulatory technical standards (RTS) on threat-led penetration testing (TLPT) requirements under the EU Digital Operational Resilience Act (DORA), was recently published in the...more
On 25 June 2025, the European Commission has proposed the draft of the EU Space Act. This proposed new law is intended to provide a harmonised regulatory framework at European level from 2030 to ensure safety, resilience, and...more
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
The European Union Agency for Cybersecurity (ENISA) has launched the European Vulnerability Database (EUVD), a tool designed to enhance digital security across the EU. The EUVD is available here....more
The EU Cyber Resilience Act (CRA), adopted by the European Parliament in 2024, marks a major milestone in European cybersecurity legislation. As the first EU-wide law focused on the cybersecurity of digital products, it...more
As regulatory frameworks tighten and cybersecurity threats grow in complexity, operational resilience is, now more than ever, a boardroom challenge for banks....more
On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more
Quantum computing (QC) is poised to disrupt cybersecurity in ways that business leaders and legal professionals cannot afford to ignore. But what exactly is quantum computing, why does it pose such a significant threat to...more