The final rule on the new U.S. outbound investment security program (Outbound Investment Rules), implemented by the U.S. Department of the Treasury (Treasury) and effective on January 2, 2025, represents a significant regulatory framework aimed at prohibiting, or requiring notification to Treasury of, investments directed by, or undertaken by subsidiaries of U.S. persons in Chinese-affiliated companies that design, develop, or manufacture certain sensitive technologies deemed important to U.S. national security. Understanding the implications of the Outbound Investment Rules will be essential for both borrowers and lenders operating within these jurisdictions.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/01/MN-24013-Data-Matters-Blog-Imagery-Refresh_A_9.jpg606833Olivia Nganhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngOlivia Ngan2025-03-18 10:01:462025-03-18 10:01:46Impact of U.S. Outbound Investment Rules on Loan Transactions in China and Practical Considerations
On February 12, 2025, the European Insurance and Occupational Pensions Authority (“EIOPA”) published a consultation on its draft opinion on artificial intelligence (“AI”) governance and risk management (the “Opinion”).
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00James Phythian-Adamshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJames Phythian-Adams2025-03-14 13:31:262025-03-14 13:32:43EIOPA Publishes Consultation on Opinion on AI Governance and Risk Management
Women in Privacy® (WIP) invites you to join our networking lunch featuring a discussion with Shivali Mayor, Senior Director, Legal Lead for AI and Information Security, Astellas; Sasha Rubel, Head of AI/Generative AI Policy EMEA, Amazon Web Services; and Shazia Khan, Senior Privacy Counsel, Axiom Law.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/02/MN-25758-Women-in-Privacy-Image-for-Data-Matters-Blog.jpg606833Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngData Matters Contributors2025-02-25 16:19:282025-02-27 13:56:23Practical Steps for Complying With AI Literacy Obligations
On February 21, 2025, Commissioner Hester Peirce of the U.S. Securities and Exchange Commission (SEC) issued a statement inviting public input on a wide range of issues related to crypto assets and blockchain technology (the Statement). Although the Statement was issued by Commissioner Peirce in her individual capacity and does not necessarily reflect the views of the Commission or other Commissioners, it resembles a concept release in its scope and format, inviting public input on a wide range of issues concerning crypto assets and blockchain technology. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Lilya Tesslerhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngLilya Tessler2025-02-25 10:47:182025-02-25 10:47:18Engage with the U.S. SEC’s Crypto Task Force and Shape the Future of Crypto Regulation
On January 20, 2025, the European Data Protection Board (EDPB) adopted a report on the implementation of the right of access by controllers under the GDPR (the Report). The right of access was the subject of the EDPB’s third coordinated enforcement action (CEF) in 2024 which involved 1,185 controllers of varying size, industry, and sectors. The Report provides useful recommendations for controllers on how to comply with access requests, including guidance on how long access request documentation should be retained, the importance of maintaining internal documentation, and how to avoid a ‘one size fits all’ approach. The Report emphasizes that access requests should be handled on a case-by-case basis, considering the broad scope of the right and the limited exemptions.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/01/MN-24013-Data-Matters-Blog-Imagery-Refresh_B_7.jpg606833Francesca Blythehttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngFrancesca Blythe2025-02-18 10:13:112025-02-18 10:13:11EDPB Adopts Report on GDPR Right of Access Following 2024 Coordinated Enforcement Action
Despite recent focus on artificial intelligence (AI) by U.S. financial regulators, the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and Financial Industry Regulatory Authority (FINRA) have not yet issued new regulations specifically addressing the use of AI. Nonetheless, during the Biden administration, guidance from these agencies emphasized the necessity of responsible use of AI within existing regulatory frameworks, urging market participants to exercise additional diligence to navigate compliance risks associated with AI usage.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00W. Hardy Callcotthttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngW. Hardy Callcott2025-02-10 11:28:332025-02-10 11:28:33Artificial Intelligence: U.S. Securities and Commodities Guidelines for Responsible Use
On January 29, 2025, the U.S. Copyright Office issued the second part of its Report on Copyright and Artificial Intelligence, following a Notice of Inquiry (NOI) the Office issued in 2023. The first part of the Office’s Report, released in July 2024, addressed digital replicas. This second part addresses copyrightability, an issue that attracted considerable interest from authors, artists, and the media and technology industries — approximately half of the more than 10,000 comments that the Office received in response to the NOI addressed copyrightability questions.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/02/MN-24013-Data-Matters-Blog-Imagery-Refresh_B_4.jpg606833Lauren M. De Lillyhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngLauren M. De Lilly2025-02-07 10:37:292025-02-07 10:37:29U.S. Copyright Office Issues Report on Artificial Intelligence and Copyrightability
On January 15, 2025 the EU Commission published an action plan with an aim to support cybersecurity in hospitals and healthcare providers in the EU (the Action Plan). The Action Plan is another response by the EU to the increasing cybersecurity threats facing all industries, including the health sector. The Commission notes that this risk has increased due to, amongst other factors, the increased digitisation of healthcare, which has allowed attack surfaces to grow. It also comes following a number of high-profile incidents which have impacted healthcare providers in the EU. The Action Plan is intended to build on the new EU cybersecurity legislation, such as the NIS Directive 2 (NISD2) and the Cyber Resilience Act, and feed into the full deployment of the European Health Data Space Regulation which was adopted on January 21, 2025. See our blog post here.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Francesca Blythehttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngFrancesca Blythe2025-02-06 12:01:452025-02-06 12:01:45EU Commission Launches Cybersecurity Action Plan for Hospitals and Healthcare Providers
Impact of U.S. Outbound Investment Rules on Loan Transactions in China and Practical Considerations
The final rule on the new U.S. outbound investment security program (Outbound Investment Rules), implemented by the U.S. Department of the Treasury (Treasury) and effective on January 2, 2025, represents a significant regulatory framework aimed at prohibiting, or requiring notification to Treasury of, investments directed by, or undertaken by subsidiaries of U.S. persons in Chinese-affiliated companies that design, develop, or manufacture certain sensitive technologies deemed important to U.S. national security. Understanding the implications of the Outbound Investment Rules will be essential for both borrowers and lenders operating within these jurisdictions.
(more…)
Olivia Ngan
Hong Kong
olivia.ngan@sidley.com
James Mendenhall
Washington, D.C.
jmendenhall@sidley.com
EIOPA Publishes Consultation on Opinion on AI Governance and Risk Management
On February 12, 2025, the European Insurance and Occupational Pensions Authority (“EIOPA”) published a consultation on its draft opinion on artificial intelligence (“AI”) governance and risk management (the “Opinion”).
(more…)
James Phythian-Adams
London
jphythianadams@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Julie Rodriguez
London
julie.rodriguez@sidley.com
Luqman Swift
Trainee Solicitor
luqman.swift@sidley.com
Practical Steps for Complying With AI Literacy Obligations
Women in Privacy® (WIP) invites you to join our networking lunch featuring a discussion with Shivali Mayor, Senior Director, Legal Lead for AI and Information Security, Astellas; Sasha Rubel, Head of AI/Generative AI Policy EMEA, Amazon Web Services; and Shazia Khan, Senior Privacy Counsel, Axiom Law.
(more…)
Data Matters Contributors
sidleyprivacyblog@sidley.com
Engage with the U.S. SEC’s Crypto Task Force and Shape the Future of Crypto Regulation
On February 21, 2025, Commissioner Hester Peirce of the U.S. Securities and Exchange Commission (SEC) issued a statement inviting public input on a wide range of issues related to crypto assets and blockchain technology (the Statement). Although the Statement was issued by Commissioner Peirce in her individual capacity and does not necessarily reflect the views of the Commission or other Commissioners, it resembles a concept release in its scope and format, inviting public input on a wide range of issues concerning crypto assets and blockchain technology.
(more…)
Lilya Tessler
Dallas, Miami
ltessler@sidley.com
Andrew J. Sioson
Washington, D.C.
asioson@sidley.com
Chuck Daly
New York, Boston
cdaly@sidley.com
Carla G. Teodoro
New York
cteodoro@sidley.com
Alec J. Silvester
Miami
asilvester@sidley.com
EDPB Adopts Report on GDPR Right of Access Following 2024 Coordinated Enforcement Action
On January 20, 2025, the European Data Protection Board (EDPB) adopted a report on the implementation of the right of access by controllers under the GDPR (the Report). The right of access was the subject of the EDPB’s third coordinated enforcement action (CEF) in 2024 which involved 1,185 controllers of varying size, industry, and sectors. The Report provides useful recommendations for controllers on how to comply with access requests, including guidance on how long access request documentation should be retained, the importance of maintaining internal documentation, and how to avoid a ‘one size fits all’ approach. The Report emphasizes that access requests should be handled on a case-by-case basis, considering the broad scope of the right and the limited exemptions.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Eleanor Dodding
London
edodding@sidley.com
Artificial Intelligence: U.S. Securities and Commodities Guidelines for Responsible Use
Despite recent focus on artificial intelligence (AI) by U.S. financial regulators, the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and Financial Industry Regulatory Authority (FINRA) have not yet issued new regulations specifically addressing the use of AI. Nonetheless, during the Biden administration, guidance from these agencies emphasized the necessity of responsible use of AI within existing regulatory frameworks, urging market participants to exercise additional diligence to navigate compliance risks associated with AI usage.
(more…)
W. Hardy Callcott
San Francisco
wcallcott@sidley.com
Nathan A. Howell
Chicago
nhowell@sidley.com
Kate Lashley
Miami, New York
klashley@sidley.com
Andrew J. Sioson
Washington, D.C.
asioson@sidley.com
Lilya Tessler
Dallas, Miami
ltessler@sidley.com
Alec J. Silvester
Miami
asilvester@sidley.com
U.S. Copyright Office Issues Report on Artificial Intelligence and Copyrightability
On January 29, 2025, the U.S. Copyright Office issued the second part of its Report on Copyright and Artificial Intelligence, following a Notice of Inquiry (NOI) the Office issued in 2023. The first part of the Office’s Report, released in July 2024, addressed digital replicas. This second part addresses copyrightability, an issue that attracted considerable interest from authors, artists, and the media and technology industries — approximately half of the more than 10,000 comments that the Office received in response to the NOI addressed copyrightability questions.
(more…)
Lauren M. De Lilly
Los Angeles
ldelilly@sidley.com
Nima H. Mohebbi
Century City
nima.mohebbi@sidley.com
Rollin A. Ransom
Los Angeles
rransom@sidley.com
Kristina Martinez
Los Angeles
kmartinez@sidley.com
Sebastien Wadier
Los Angeles
sebastien.wadier@sidley.com
EU Commission Launches Cybersecurity Action Plan for Hospitals and Healthcare Providers
On January 15, 2025 the EU Commission published an action plan with an aim to support cybersecurity in hospitals and healthcare providers in the EU (the Action Plan). The Action Plan is another response by the EU to the increasing cybersecurity threats facing all industries, including the health sector. The Commission notes that this risk has increased due to, amongst other factors, the increased digitisation of healthcare, which has allowed attack surfaces to grow. It also comes following a number of high-profile incidents which have impacted healthcare providers in the EU. The Action Plan is intended to build on the new EU cybersecurity legislation, such as the NIS Directive 2 (NISD2) and the Cyber Resilience Act, and feed into the full deployment of the European Health Data Space Regulation which was adopted on January 21, 2025. See our blog post here.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Eleanor Dodding
London
edodding@sidley.com
Upcoming Events
IAPP AI Governance Global Europe 2025
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com