UK proposes New Cyber Security and Resilience Bill to Boost the UK’s Cyber Defences
During the King’s Speech on 17 July 2024, the newly appointed UK Prime Minister announced the UK Government’s intention to introduce a new Cyber Security and Resilience Bill to strengthen the UK’s defences against the global rise in cyberattacks and to protect the UK’s critical infrastructure. In background briefing notes published together with the King’s Speech, the UK Government stated that the new Cyber Security and Resilience Bill will “strengthen our defences and ensure that more essential digital services than ever before are protected.” According to the briefing notes, the Cyber Security and Resilience Bill intends to address the concern that the UK has not kept up-to-date with recent legislative advancements made by the EU in the cybersecurity space, resulting in the UK being “comparably more vulnerable.” Although the form of the proposed Cyber Security and Resilience Bill has yet to be released, the UK Government has indicated that it plans to introduce the bill in the coming months.
Important Changes to Malaysia’s Data Protection Laws
In July 2024, Malaysia’s legislative body approved significant changes to the country’s Personal Data Protection Act. The changes have the effect of aligning Malaysia’s personal data protection laws more closely with international data protection laws. The effective date and other implementation guidelines are expected to follow closely.
Section 230’s Original Intent Offers Touchstone for Online Safety
As Section 230 of the 1996 Communications Decency Act nears its 30th year since enactment, debate rages on in Congress and in the public as to whether and how it should be changed or perhaps scrapped altogether.
An Artificial Intelligence, Privacy, and Cybersecurity Update for Indian Companies Doing Business in the United States and Europe
Pivotal shifts have occurred in global data privacy, artificial intelligence (AI), and cybersecurity from executives facing more pressure to monitor their organizations’ cybersecurity operations, to an unprecedented wave of consumer data privacy laws and rapid advancements in AI technology use and deployment. Indian organizations should establish best practices to address these new (and emerging) laws, regulations, and frameworks.
One Step Closer: AI Act Approved by Council of the EU
On 21 May 2024, the Council of the European Union approved the EU Artificial Intelligence Act (the “AI Act”). This is the final stage in the legislative process and comes after the EU Parliament voted to adopt the legislation on 13 March 2024. This final vote clears the path for the formal signing of the legislation and its publication in the Official Journal of the EU in the coming weeks. The AI Act will then enter into force 20 days after such publication with staggered transition periods of 6 to 36 months.
The Digital Markets, Competition and Consumers Act is Approved: Key Things to Know About the UK’s New Competition and Consumer Powers
On May 23, 2024, the UK finally passed its Digital Markets, Competition and Consumers Act (DMCCA), introducing a new “pro-competition” regime for digital markets and marking the biggest reform to UK competition and consumer laws in a decade. The DMCCA is the latest piece of legislation aiming to tackle the power of Big Tech, as regulators around the world debate new ways to oversee competition in the digital sector.
ICO Publishes Its Strategic Approach to Regulating AI
On 30 April 2024, the UK’s Information Commissioner’s Office (“ICO”) published its strategic approach to regulating artificial intelligence (“AI”) (the “Strategy”), following the UK government’s request that key regulators set out their approach to AI regulation and compliance with the UK government’s previous AI White Paper (see our previous blog post here). In its Strategy, the ICO sets out: (i) the opportunities and risks of AI; (ii) the role of data protection law; (iii) its work on AI; (iv) upcoming developments; and (v) its collaboration with other regulators. The publication of the ICO’s Strategy follows the recent publication of the Financial Conduct Authority’s (“FCA”) approach to regulating AI.
Top 10 Questions on the EU AI Act
The EU AI Act will be the first standalone piece of legislation worldwide regulating the use and provision of AI in the EU, and will form a key consideration in AI governance programs. The AI Act will have a significant impact on many organizations inside and outside the EU, with failure to comply potentially leading to fines of up to 7% of annual worldwide turnover.
Regulatory Update: National Association of Insurance Commissioners Spring 2024 National Meeting
The National Association of Insurance Commissioners (NAIC) held its Spring 2024 National Meeting (Spring Meeting) March 15 through 18, 2024. This Sidley Update summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Spring Meeting. Highlights include proposed updates to the regulatory review process for affiliated investment management agreements, continued discussion of considerations related to private equity ownership of insurers, and continued development of accounting principles and investment limitations related to certain types of bonds and structured securities.
FinCEN Seeks Input on Banks’ Collecting Partial Social Security Numbers for Customer Identification Programs
On March 28, 2024, the Financial Crimes Enforcement Network (FinCEN), in consultation with the U.S. banking agencies and the National Credit Union Administration, issued a request for information (RFI) regarding the customer identification program (CIP) requirement for depository institutions (referred to herein as banks) to collect tax identification numbers (TINs).1 Comments are due by May 28, 2024.
