FINRA Issues 2026 Regulatory Oversight Report
On December 9, 2025, the Financial Industry Regulatory Authority (FINRA) released its 2026 Annual Regulatory Oversight Report (2026 Report). The nearly 90-page report highlights emerging risks — including cybersecurity, data privacy, and generative AI (GenAI) — and offers tools and best practices for member firms. It also reemphasizes the perennial focus areas of Regulation Best Interest (Reg BI) compliance, third-party vendor management, best execution, consolidated audit trail (CAT), and compliance with the financial responsibility rules. Below are key takeaways, followed by a deeper dive into notable areas of focus, for some of the topics most relevant for broker-dealers.
EU Digital Omnibus: Implications for MedTech Companies
The European Commission (Commission) released its Digital Omnibus package, which aims to streamline and recalibrate certain aspects of the fast-growing body of EU digital regulations, on November 19, 2025. Rather than rewrite the core legislative instruments, including Regulation (EU) 2024/1689 (AI Act), Regulation (EU) 2016/679 (GDPR), Regulation (EU) 2023/2854 (Data Act) and Directive (EU) 2022/2555 (NIS2), the Commission has opted for a series of targeted amendments intended to reduce overlap, smooth implementation and increase legal certainty. The Digital Omnibus package is now open for review for an eight-week period, which is being extended until the proposals are available in all EU languages, allowing stakeholders to comment directly on the Commission-adopted texts before negotiations progress in the Parliament and Council.
EU Digital Omnibus: The European Commission Proposes Important Changes to the EU’s Digital Rulebook
On November 19, 2025, the European Commission officially adopted a proposal for the Digital Omnibus package. Specifically, the Digital Omnibus package consists of two legislative proposals, a Digital Omnibus on AI and a general Digital Omnibus (Digital Legislation Omnibus). The proposed package marks the Commission’s first step toward optimising the EU’s digital rulebook. It draws on more than a year of preparatory work and extensive stakeholder feedback: businesses across a number of different sectors have highlighted concerns about regulatory overlap, uneven national implementation and the need for clearer cross-regime rules and streamlined reporting.
Data Protection in Financial Services Week 2025 – Webinar Recordings Now Live
Data Protection in Financial Services (DPFS) Week 2025 consisted of a series of webinars featuring industry leaders who offered invaluable insights on balancing AI with privacy, cybersecurity, and regulatory challenges within the financial services industry. DPFS Week was relevant to all those in financial services, including those in banking, insurance, fintech, funds, payments, private equity, securities, wealth management, and other sectors.
U.S. FDA and CMS Actions on Generative AI-Enabled Mental Health Devices Yield Insights Across AI Product Development
Industry is increasingly exploring the use of AI chatbots to potentially diagnose and treat various medical conditions, including in the area of mental health. FDA is just beginning to develop its regulatory framework for approved, cleared, or authorized devices in the mental health space based on generative AI technology. The medtech industry, healthcare providers, and the public are closely watching FDA developments and guidance regarding the use of generative AI across the medical device space.
The UK’s First Copyright vs. AI Decision: Key Takeaways on a Win for the AI Industry
The UK’s first “Copyright vs. AI” decision (Getty Images (US) Inc & ors vs. Stability AI Limited [2025] EWHC 2863 (Ch)) marks a clear win for the artificial intelligence industry. The English High Court raised the rhetorical question on the industry’s lips, “whether this judgment will, in reality, have anything to say on the balance to be struck between the two warring factions…”. The Judge’s answer is clear: the case does not answer whether training and development of AI models in the UK is an indefensible infringement of copyright. As to deployment of that trained model, the High Court concluded that an AI model itself cannot constitute an infringing copy. On Stability AI’s reproduction of the Getty trademarks, the High Court found that there was a historic and limited infringement.
Women in Privacy – Global Privacy Leadership Lunch
Join us in Brussels for our next Women in Privacy – Global Privacy Leadership Lunch.
Regulatory Update: National Association of Insurance Commissioners Summer 2025 National Meeting
The National Association of Insurance Commissioners (NAIC) held its Summer 2025 National Meeting (Summer Meeting) August 10–13, 2025. This blog summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Summer Meeting. Highlights include adoption of guidance on asset adequacy testing for reinsurance transactions, renewed focus on the risks of offshore reinsurance transactions, evaluation of insurers’ use of funding-agreement-backed note (FABN) and funding-agreement-backed securities (FABS) programs, and consideration of additional regulatory frameworks to address insurers’ use of artificial intelligence (AI).
(more…)
A Mid-Year Privacy Check-In – Important Developments and New Compliance Obligations for Privacy Laws
During the first half of 2025, state legislators and regulators have been working overtime to enact new data privacy laws and expand existing laws, all of which are likely to have an impact on businesses in the remainder of the year and into 2026. These efforts reflect key themes such as increased regulation of teen data and social media platforms, enhanced restrictions on the collection and sale of geolocation and biometric data, simplified opt-out mechanisms for tracking technologies, and broader obligations concerning consumer health data and data minimization. In parallel, significant regulatory activity surrounding AI has emerged, including a new federal AI Action Plan and proposed amendments to the CCPA addressing automated decision-making technologies, alongside a wave of new state AI laws.
The Trump Administration’s 2025 AI Action Plan – Winning the Race: America’s AI Action Plan – and Related Executive Orders
On July 23, 2025, the Trump administration released its much-anticipated AI Action Plan, outlining 90 federal policy positions across three key pillars: Accelerating Innovation, Building American AI Infrastructure, and Leading in International Diplomacy and Security. These pillars are designed to guide near-term action and are underpinned by three cross-cutting priorities: protecting and promoting American workers, ensuring that artificial intelligence (AI) systems are trustworthy and free from ideological bias, and safeguarding AI from misuse, theft, or other risks posed by malicious actors. The scope of the AI Action Plan demonstrates the far-reaching impact of AI, with policy positions affecting not only technology but also trade, national security, cybersecurity, energy, labor, education, environmental regulation, antitrust, science, and financial markets.
