Cyber Strategy at the AI Frontier: President Trump Releases Executive Order to Promote Advanced Artificial Intelligence Innovation and Security
On June 2, 2026, President Trump issued the Executive Order, Promoting Advanced Artificial Intelligence Innovation and Security. The Executive Order carries forward several priorities included in President Trump’s Cyber Strategy for America, released in March 2026.[1] The Executive Order declares, “It is the policy of the United States to promote AI innovation and security by working collaboratively with the private sector to modernize government and private sector information systems and harden them against external threats; to protect American ingenuity and intellectual property from exploitation and theft by adversaries; and to cultivate America’s advanced AI-enabled capabilities.” (more…)
New York Department of Financial Services Issues Coordinated Guidance on Frontier AI Cybersecurity Risks
On May 21, 2026, the New York State Department of Financial Services (“DFS”) issued two coordinated Industry Letters: a letter on Heightened Cybersecurity Risks Associated with Frontier AI Models (the “AI Advisory”) and accompanying Guidance on Measures Regulated Entities Should Consider in a Heightened Cybersecurity Threat Environment (the “Guidance,” and together, the “May 2026 Publications”). The AI Advisory builds on DFS’s October 2024 guidance on cybersecurity risks arising from AI, but is narrower in focus. Specifically, it addresses frontier models that may materially increase the speed and effectiveness of vulnerability discovery and exploitation.
U.S. SEC Regulation S-P: Compliance Deadline Approaching for Smaller Entities
The U.S. Securities and Exchange Commission has issued amendments to Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information, which became effective on August 2, 2024 (the Final Amendments). For smaller entities, including registered investment advisers with less than $1.5 billion in assets under management, as well as certain broker-dealers and other SEC-regulated entities, the compliance deadline is June 3, 2026. The compliance deadline for larger entities was December 3, 2025. For a full list of entities required to comply, please see June 4, 2024 Sidley Update.
UK Operational Incident and Third-Party Reporting Rules: What Firms Should Do Now
The Financial Conduct Authority (FCA) has published Policy Statement PS26/2 together with final guidance in FG26/3 and FG26/4. The Prudential Regulation Authority (PRA) has also published PS7/26 alongside Supervisory Statement SS1/26 and an update to SS2/21. PS26/2 and PS7/26 introduce a new UK framework for reporting serious operational incidents and material third-party arrangements. The framework was developed by the FCA, PRA, and the Bank of England and is intended to give the regulators better visibility of operational disruption and third-party dependencies and to support a more data-driven supervisory approach.
Chambers 2026 Global Practice Guide for Cybersecurity
The Chambers Global Practice Guide for Cybersecurity 2026 has been published. The guide provides the latest legal information on cybersecurity law and regulation, including in relation to critical infrastructure, financial sector operation resilience, cyber-resilience, and ICT certification. The guide also covers the intersection of cybersecurity with data protection law, developments in AI and healthcare regulation.
Regulatory Update: National Association of Insurance Commissioners Spring 2026 National Meeting
The National Association of Insurance Commissioners (NAIC) held its Spring 2026 National Meeting (Spring Meeting) March 22–25, 2026. This blog post summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Spring Meeting. Highlights include progress on addressing regulatory concerns related to indexed annuity illustrations, establishment of a new working group on market conduct modernization, exposure of a risk-based capital (RBC) adjustment framework for collateral loans, a Securities Valuation Office (SVO) report on resource strain caused by increased Private Letter Rating filings, multiple revisions to statements of statutory accounting principles (including guidance on sale-leasebacks, repurchase agreements and residential mortgage loans held in statutory trusts, and proposed disclosures for funding agreement-backed financing programs), and updates on the pilot phase of the AI Systems Evaluation Tool.
The New Cyber Doctrine of the United States: The Trump Administration Issues Cyber Strategy and Executive Order Targeting Cybercrime
The New Cyber Doctrine of the United States: The Trump Administration Issues Cyber Strategy and Executive Order Targeting Cybercrime
On March 6, 2026, the Trump Administration released President Trump’s Cyber Strategy for America, and an Executive Order targeting cyber-enabled crime, fraud, and predatory schemes. Together these documents do more than merely outline the Administration’s response to cyber threats; they articulate a new cyber doctrine centered on imposing costs on adversaries and mobilizing both government and private-sector capabilities at scale.
Congress Considers Right to Repair Bill for Vehicle Owners
Last week, the House Energy and Commerce Committee voted to send the Right to Equitable and Professional Auto Industry Repair (REPAIR) Act to the full U.S. House of Representatives for consideration. This legislation, if enacted, would give car owners access to their vehicle-generated data and repair data and tools from vehicle manufacturers. It would also grant owners certain rights over the use of that data, including the right to delete it, and would prevent recipients of vehicle-generated data from selling, transferring, or licensing that data absent certain exceptions. As indicated by its name, the REPAIR Act is reflective of the so-called “right to repair” movement to allow consumers and independent repair shops access to the same data for repair and maintenance that manufacturers make available to themselves or franchised dealers. It also has important implications for data privacy in modern vehicles, which generate increasingly large volumes of information.
Geopolitics and Cybersecurity: Japan and the UK Announce Strategic Cyber Partnership Among Growing Global Focus on Privacy and Cyber Risks Posed by Foreign Actors
On January 31, 2026, the governments of Japan and the United Kingdom announced they were strengthening their cybersecurity collaboration through a bilateral Strategic Cyber Partnership (Partnership).
The 12th Edition of Lexology In-Depth: Privacy, Data Protection and Cybersecurity is now available
The 12th edition of Lexology In-Depth: Privacy, Data Protection and Cybersecurity (formerly The Privacy, Data Protection and Cybersecurity Law Review) provides an incisive global overview of the legal and regulatory regimes governing data privacy and security. With a focus on recent developments, it covers key areas such as data processors’ obligations; data subject rights; data transfers and localisation; best practices for minimising cyber risk; public and private enforcement; and an outlook for future developments. A number of lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law. (more…)
