Categories
Archives
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
Data Matters
Cybersecurity, Privacy, Data Protection, Artificial Intelligence, Internet Law, and Policy
Regulatory Update: National Association of Insurance Commissioners Fall 2025 National Meeting
The National Association of Insurance Commissioners (NAIC) held its Fall 2025 National Meeting (Fall Meeting) December 8–11, 2025. This blog summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Fall Meeting. Highlights include evaluation of insurers’ use of funding-agreement-backed note (FABN) and funding-agreement-backed securities (FABS) programs, adoption of guidance regarding the risk transfer analysis for combination reinsurance contracts, discussion of a new committee structure for NAIC investment monitoring activities, and consideration of additional regulatory frameworks to address insurers’ use of artificial intelligence (AI).
(more…)
Andrew R. Holland
New York
aholland@sidley.com
Sara N. Africano
Chicago
safricano@sidley.com
Stephanie H. Dobecki
Chicago
sdobecki@sidley.com
Ellen M. Dunn
New York
edunn@sidley.com
Michael L. Rosenfield
Los Angeles
mrosenfield@sidley.com
Jacob A. Grossman
Chicago
jgrossman@sidley.com
Unpacking the December 11, 2025 Executive Order: Ensuring a National Policy Framework for Artificial Intelligence
On December 11, 2025, President Trump issued a new Executive Order (EO) to protect American Artificial Intelligence (AI) innovation from “the most onerous and excessive laws emerging from the States that threaten to stymie innovation.” Consistent with the President’s July 2025 America’s AI Action Plan, the EO further indicates, “[i]t is the policy of the United States to sustain and enhance the United States’ global AI dominance through a minimally burdensome national policy framework for AI.” (more…)
Colleen Theresa Brown
Washington, D.C.
ctbrown@sidley.com
Michael C. Hochman
Washington, D.C.
michael.hochman@sidley.com
Kwaku A. Akowuah
Washington, D.C.
kakowuah@sidley.com
Michael E. Borden
Washington, D.C.
mborden@sidley.com
Christopher T. Shenk
Washington, D.C.
cshenk@sidley.com
Jonathan M. Wilan
Washington, D.C.
jwilan@sidley.com
Lauren Kitces
Washington, D.C.
lkitces@sidley.com
Marc A. Korman
Washington, D.C.
mkorman@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
The 12th Edition of Lexology In-Depth: Privacy, Data Protection and Cybersecurity is now available
The 12th edition of Lexology In-Depth: Privacy, Data Protection and Cybersecurity (formerly The Privacy, Data Protection and Cybersecurity Law Review) provides an incisive global overview of the legal and regulatory regimes governing data privacy and security. With a focus on recent developments, it covers key areas such as data processors’ obligations; data subject rights; data transfers and localisation; best practices for minimising cyber risk; public and private enforcement; and an outlook for future developments. A number of lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law. (more…)
David Lashway
Washington D.C.
dlashway@sidley.com
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Lauren Cuyvers
Brussels
lcuyvers@sidley.com
Matthias Bruynseraede
London
mbruynseraede@sidley.com
Jonathan M. Wilan
Washington, D.C.
jwilan@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Eleanor Dodding
London
edodding@sidley.com
FINRA Issues 2026 Regulatory Oversight Report
On December 9, 2025, the Financial Industry Regulatory Authority (FINRA) released its 2026 Annual Regulatory Oversight Report (2026 Report). The nearly 90-page report highlights emerging risks — including cybersecurity, data privacy, and generative AI (GenAI) — and offers tools and best practices for member firms. It also reemphasizes the perennial focus areas of Regulation Best Interest (Reg BI) compliance, third-party vendor management, best execution, consolidated audit trail (CAT), and compliance with the financial responsibility rules. Below are key takeaways, followed by a deeper dive into notable areas of focus, for some of the topics most relevant for broker-dealers.
(more…)
Andrew P. Blake
Washington, D.C.
ablake@sidley.com
W. Hardy Callcott
San Francisco
wcallcott@sidley.com
Kenyon Colli Hall
Boston
kenyon.hall@sidley.com
David M. Katz
New York
dkatz@sidley.com
Corin R. Swift
New York
corin.swift@sidley.com
Lilya Tessler
Dallas, Miami
ltessler@sidley.com
Lara C. Thyagarajan
New York
lthyagarajan@sidley.com
Paul M. Tyrrell
Boston
ptyrrell@sidley.com
EU Digital Omnibus: Implications for MedTech Companies
The European Commission (Commission) released its Digital Omnibus package, which aims to streamline and recalibrate certain aspects of the fast-growing body of EU digital regulations, on November 19, 2025. Rather than rewrite the core legislative instruments, including Regulation (EU) 2024/1689 (AI Act), Regulation (EU) 2016/679 (GDPR), Regulation (EU) 2023/2854 (Data Act) and Directive (EU) 2022/2555 (NIS2), the Commission has opted for a series of targeted amendments intended to reduce overlap, smooth implementation and increase legal certainty. The Digital Omnibus package is now open for review for an eight-week period, which is being extended until the proposals are available in all EU languages, allowing stakeholders to comment directly on the Commission-adopted texts before negotiations progress in the Parliament and Council.
(more…)
Francesca Blythe
London
fblythe@sidley.com
William RM Long
London
wlong@sidley.com
Elisabetta Righini
Brussels
erighini@sidley.com
Josefine Sommer
Brussels
jsommer@sidley.com
Eva von Mühlenen
Geneva
emuhlenen@sidley.com
Belinda Baum
Brussels
belinda.baum@sidley.com
EU Digital Omnibus: The European Commission Proposes Important Changes to the EU’s Digital Rulebook
On November 19, 2025, the European Commission officially adopted a proposal for the Digital Omnibus package. Specifically, the Digital Omnibus package consists of two legislative proposals, a Digital Omnibus on AI and a general Digital Omnibus (Digital Legislation Omnibus). The proposed package marks the Commission’s first step toward optimising the EU’s digital rulebook. It draws on more than a year of preparatory work and extensive stakeholder feedback: businesses across a number of different sectors have highlighted concerns about regulatory overlap, uneven national implementation and the need for clearer cross-regime rules and streamlined reporting.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Clive Gringras
London
clive.gringras@sidley.com
William RM Long
London
wlong@sidley.com
Elisabetta Righini
Brussels
erighini@sidley.com
Josefine Sommer
Brussels
jsommer@sidley.com
Texting in Texas: Texas AG Settlement Clarifies No Registration Needed for Consent-Based Text Messaging
Businesses that obtain consent prior to sending text marketing messages in Texas can breathe a cautious sigh of relief: the Texas Attorney General (Texas AG) has clarified that recent amendments to Texas’ telephone solicitation and telemarketing law enacted through Senate Bill 140 should not be interpreted to require such businesses to complete onerous registration requirements including posting of a $10,000 security bond and detailed disclosures about business owners, officers, directors and sales managers.
(more…)
Jonathan M. Wilan
Washington, D.C.
jwilan@sidley.com
Ian M. Ross
Miami
iross@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Garrett Lance
Washington, D.C.
glance@sidley.com
Data Protection in Financial Services Week 2025 – Webinar Recordings Now Live
Data Protection in Financial Services (DPFS) Week 2025 consisted of a series of webinars featuring industry leaders who offered invaluable insights on balancing AI with privacy, cybersecurity, and regulatory challenges within the financial services industry. DPFS Week was relevant to all those in financial services, including those in banking, insurance, fintech, funds, payments, private equity, securities, wealth management, and other sectors.
(more…)
Michael C. Hochman
Washington, D.C.
michael.hochman@sidley.com
Jennifer B. Seale
Washington, D.C.
jseale@sidley.com
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Thomas D. Cunningham
Chicago
tcunningham@sidley.com
Stephen W. McInerney
Chicago
smcinerney@sidley.com
Upcoming Events
Resources