Categories
Archives
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Data Matters
Cybersecurity, Privacy, Data Protection, Artificial Intelligence, Internet Law, and Policy
With New Technologies Come New Risks: FINRA Issues 2025 Regulatory Oversight Report
Last week, the Financial Industry Regulatory Authority (FINRA) published its 2025 Annual Regulatory Oversight Report. The 80-page report hits on a number of familiar themes and subjects and includes two new areas of focus: 1) risks arising from the use of third-party vendors, including cybersecurity and data privacy risks, and 2) extended-hours trading services, which have become increasingly common across the industry. FINRA offers new observations regarding registered index-linked annuities (RILAs) in the context of Reg BI obligations. The report also reflects FINRA’s increased scrutiny of risks associated with emerging technologies, with a particular focus on generative artificial intelligence (AI) tools. Additionally, although much of the report repeats items included in prior years, it provides useful, comprehensive checklists reflecting FINRA’s views on the various topics and risk areas covered. Efforts to operationalize some of the items raised can present unique challenges, and we encourage you to reach out to a Sidley contact to talk further about particular concerns raised in the report.
(more…)
Andrew P. Blake
Washington, D.C.
ablake@sidley.com
W. Hardy Callcott
San Francisco
wcallcott@sidley.com
Kevin J. Campion
Washington, D.C.
kcampion@sidley.com
Kenyon Colli Hall
Boston
kenyon.hall@sidley.com
David M. Katz
New York
dkatz@sidley.com
Corin R. Swift
New York
corin.swift@sidley.com
Lilya Tessler
Dallas, Miami
ltessler@sidley.com
Lara C. Thyagarajan
New York
lthyagarajan@sidley.com
Paul M. Tyrrell
Boston
ptyrrell@sidley.com
Erin N. Kauffman
Washington, D.C.
ekauffman@sidley.com
CMS Seeks Comments on Proposed Guidance Addressing Study Protocols That Use Real-World Data
On January 17, 2025, the Centers for Medicare & Medicaid Services (CMS) issued a proposed guidance document on study protocols that use real-world data (RWD). The proposed guidance focuses on studies with RWD sources in the context of Medicare National Coverage Determinations (NCDs) using CMS’s Coverage with Evidence Development (CED) paradigm. It presents a proposed standardized template for manufacturers or other sponsors to use when developing CED study protocols using RWD. The proposed guidance could also have broader implications with respect to RWD studies and coverage considerations. Comments on the proposed guidance are due by March 18, 2025.
(more…)
Stephanie P. Hales
Washington, D.C.
shales@sidley.com
Meenakshi Datta
Chicago
mdatta@sidley.com
Trevor L. Wear
Chicago
twear@sidley.com
Ellie L. DeGarmo
Washington, D.C.
ellie.degarmo@sidley.com
Data Privacy and Cybersecurity Outlook for 2025: What Financial Services Firms Need To Know
Last year saw many developments across the worldwide data privacy and cybersecurity landscape, including in the EU/UK, and this momentum shows no sign of slowing in 2025. The EU General Data Protection Regulation (GDPR) enters its seventh year in May 2025. New cybersecurity and operational resilience legislation and related guidance are coming into force to regulate new and challenging technologies, several of which will affect financial services firms.
(more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Max Charles Savoie
London
msavoie@sidley.com
Eleanor Dodding
London
edodding@sidley.com
European Health Data Space Regulation Adopted: What’s Next for Life Sciences Companies?
On January 21, 2025, the European Health Data Space Regulation (EHDS) was formally adopted by the Council of the European Union. This marks the near-final step in the adoption process, and will enter into force in the coming weeks. Importantly for life sciences companies (pharma, biotech, and medtech), the EHDS’ so-called secondary use provisions will become applicable in 2029, leaving companies four years to consider, adapt to, and implement these wide-ranging requirements.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Josefine Sommer
Brussels
jsommer@sidley.com
Zina Chatzidimitriadou
London
zchatzidimitriadou@sidley.com
U.S. Department of Commerce Finalizes Connected Vehicles Supply Chain Restrictions
On January 16, 2025, the U.S. Department of Commerce Bureau of Industry and Security (BIS) Office of Information and Communications Technology and Services (OICTS) published a Final Rule formalizing prohibitions on certain connected vehicles (CVs) transactions involving hardware and software linked to the People’s Republic of China (China) and Russia.1 The Final Rule is scheduled to take effect on March 17, 2025. However, given that the Final Rule is one of several new regulatory frameworks on trade issued in the final days of the Biden administration, it remains to be seen what will happen with these regulations after January 20.
(more…)
Jen Fernandez
Washington, D.C.
jen.fernandez@sidley.com
Alex Tritell
Washington, D.C.
atritell@sidley.com
New U.S. Export Controls on Advanced Computing Items and Artificial Intelligence Model Weights: Seven Key Takeaways
On January 15, 2025, the U.S. Department of Commerce Bureau of Industry and Security (BIS) published in the Federal Register updated export controls on advanced computing items (including advanced integrated circuits (ICs) and related equipment, software, and technology) and, for the first time, controls on artificial intelligence (AI) model weights under the Export Administration Regulations (EAR). These new regulations were published as an interim final rule and took effect on January 13, 2025, although compliance is not required until May 15, 2025. BIS also published in the Federal Register a smaller companion rule on January 16, 2025, that expands licensing requirements on foundries and packaging companies seeking to export advanced computing equipment and requires compliance by January 31, 2025.
Jen Fernandez
Washington, D.C.
jen.fernandez@sidley.com
Lloyd Lyall
Washington, D.C.
lloyd.lyall@sidley.com
Action Items for U.S. Public Companies for 2025
Rapid rulemaking and aggressive enforcement by the SEC, combined with legislative, judicial, and regulatory developments, have created new requirements and expectations for U.S. public companies.
(more…)
Sonia Gupta Barros
Washington, D.C.
sbarros@sidley.com
Beth E. Berg
Chicago
bberg@sidley.com
Paul L. Choi
Chicago
pchoi@sidley.com
Samir A. Gandhi
New York
sgandhi@sidley.com
John P. Kelsh
Chicago
jkelsh@sidley.com
Claire H. Holland
Chicago
cholland@sidley.com
2025 Will Be a Brave New Tokenized World
Tokenization of real-world assets (RWAs) is revolutionizing the way we perceive and manage assets. “Tokenized RWAs,” or more simply the digital representation of physical or intangible assets using a token recorded on a blockchain, allows for the efficient recording, trading, transferring, and managing of tangible assets in a digital format.
(more…)
Andrew J. Sioson
Washington, D.C.
asioson@sidley.com
Lilya Tessler
Dallas, Miami
ltessler@sidley.com
Erika Cabo
Miami
erika.cabo@sidley.com
Upcoming Events
IAPP AI Governance Global Europe 2025
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com