On December 11, 2025, President Trump issued a new Executive Order (EO) to protect American Artificial Intelligence (AI) innovation from “the most onerous and excessive laws emerging from the States that threaten to stymie innovation.” Consistent with the President’s July 2025 America’s AI Action Plan, the EO further indicates, “[i]t is the policy of the United States to sustain and enhance the United States’ global AI dominance through a minimally burdensome national policy framework for AI.” (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Colleen Theresa Brownhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngColleen Theresa Brown2025-12-23 12:54:382025-12-23 12:54:38Unpacking the December 11, 2025 Executive Order: Ensuring a National Policy Framework for Artificial Intelligence
The 12th edition of Lexology In-Depth: Privacy, Data Protection and Cybersecurity (formerly The Privacy, Data Protection and Cybersecurity Law Review) provides an incisive global overview of the legal and regulatory regimes governing data privacy and security. With a focus on recent developments, it covers key areas such as data processors’ obligations; data subject rights; data transfers and localisation; best practices for minimising cyber risk; public and private enforcement; and an outlook for future developments. A number of lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law. (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/01/MN-24013-Data-Matters-Blog-Imagery-Refresh_A_9.jpg606833David Lashwayhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngDavid Lashway2025-12-22 15:09:092025-12-22 15:16:12The 12th Edition of Lexology In-Depth: Privacy, Data Protection and Cybersecurity is now available
On December 9, 2025, the Financial Industry Regulatory Authority (FINRA) released its 2026 Annual Regulatory Oversight Report (2026 Report). The nearly 90-page report highlights emerging risks — including cybersecurity, data privacy, and generative AI (GenAI) — and offers tools and best practices for member firms. It also reemphasizes the perennial focus areas of Regulation Best Interest (Reg BI) compliance, third-party vendor management, best execution, consolidated audit trail (CAT), and compliance with the financial responsibility rules. Below are key takeaways, followed by a deeper dive into notable areas of focus, for some of the topics most relevant for broker-dealers.
The European Commission (Commission) released its Digital Omnibus package, which aims to streamline and recalibrate certain aspects of the fast-growing body of EU digital regulations, on November 19, 2025. Rather than rewrite the core legislative instruments, including Regulation (EU) 2024/1689 (AI Act), Regulation (EU) 2016/679 (GDPR), Regulation (EU) 2023/2854 (Data Act) and Directive (EU) 2022/2555 (NIS2), the Commission has opted for a series of targeted amendments intended to reduce overlap, smooth implementation and increase legal certainty. The Digital Omnibus package is now open for review for an eight-week period, which is being extended until the proposals are available in all EU languages, allowing stakeholders to comment directly on the Commission-adopted texts before negotiations progress in the Parliament and Council.
On November 19, 2025, the European Commission officially adopted a proposal for the Digital Omnibus package. Specifically, the Digital Omnibus package consists of two legislative proposals, a Digital Omnibus on AI and a general Digital Omnibus (Digital Legislation Omnibus). The proposed package marks the Commission’s first step toward optimising the EU’s digital rulebook. It draws on more than a year of preparatory work and extensive stakeholder feedback: businesses across a number of different sectors have highlighted concerns about regulatory overlap, uneven national implementation and the need for clearer cross-regime rules and streamlined reporting.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Francesca Blythehttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngFrancesca Blythe2025-12-09 11:51:212025-12-09 11:51:21EU Digital Omnibus: The European Commission Proposes Important Changes to the EU’s Digital Rulebook
Businesses that obtain consent prior to sending text marketing messages in Texas can breathe a cautious sigh of relief: the Texas Attorney General (Texas AG) has clarified that recent amendments to Texas’ telephone solicitation and telemarketing law enacted through Senate Bill 140 should not be interpreted to require such businesses to complete onerous registration requirements including posting of a $10,000 security bond and detailed disclosures about business owners, officers, directors and sales managers.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/05/MN-24013-Data-Matters-Blog-Imagery-Refresh_B_4.jpg606833Jonathan M. Wilanhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJonathan M. Wilan2025-12-03 15:01:102025-12-03 15:01:10Texting in Texas: Texas AG Settlement Clarifies No Registration Needed for Consent-Based Text Messaging
Data Protection in Financial Services (DPFS) Week 2025 consisted of a series of webinars featuring industry leaders who offered invaluable insights on balancing AI with privacy, cybersecurity, and regulatory challenges within the financial services industry. DPFS Week was relevant to all those in financial services, including those in banking, insurance, fintech, funds, payments, private equity, securities, wealth management, and other sectors.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Michael C. Hochmanhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngMichael C. Hochman2025-11-18 12:15:502026-01-23 12:10:12Data Protection in Financial Services Week 2025 – Webinar Recordings Now Live
Industry is increasingly exploring the use of AI chatbots to potentially diagnose and treat various medical conditions, including in the area of mental health. FDA is just beginning to develop its regulatory framework for approved, cleared, or authorized devices in the mental health space based on generative AI technology. The medtech industry, healthcare providers, and the public are closely watching FDA developments and guidance regarding the use of generative AI across the medical device space.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2024/12/MN-24013-Data-Matters-Blog-Imagery-Refresh_A_13.jpg606833Rebecca K. Woodhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngRebecca K. Wood2025-11-13 10:39:292025-11-13 10:39:29U.S. FDA and CMS Actions on Generative AI-Enabled Mental Health Devices Yield Insights Across AI Product Development
Unpacking the December 11, 2025 Executive Order: Ensuring a National Policy Framework for Artificial Intelligence
On December 11, 2025, President Trump issued a new Executive Order (EO) to protect American Artificial Intelligence (AI) innovation from “the most onerous and excessive laws emerging from the States that threaten to stymie innovation.” Consistent with the President’s July 2025 America’s AI Action Plan, the EO further indicates, “[i]t is the policy of the United States to sustain and enhance the United States’ global AI dominance through a minimally burdensome national policy framework for AI.” (more…)
Colleen Theresa Brown
Washington, D.C.
ctbrown@sidley.com
Michael C. Hochman
Washington, D.C.
michael.hochman@sidley.com
Kwaku A. Akowuah
Washington, D.C.
kakowuah@sidley.com
Michael E. Borden
Washington, D.C.
mborden@sidley.com
Christopher T. Shenk
Washington, D.C.
cshenk@sidley.com
Jonathan M. Wilan
Washington, D.C.
jwilan@sidley.com
Lauren Kitces
Washington, D.C.
lkitces@sidley.com
Marc A. Korman
Washington, D.C.
mkorman@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
The 12th Edition of Lexology In-Depth: Privacy, Data Protection and Cybersecurity is now available
The 12th edition of Lexology In-Depth: Privacy, Data Protection and Cybersecurity (formerly The Privacy, Data Protection and Cybersecurity Law Review) provides an incisive global overview of the legal and regulatory regimes governing data privacy and security. With a focus on recent developments, it covers key areas such as data processors’ obligations; data subject rights; data transfers and localisation; best practices for minimising cyber risk; public and private enforcement; and an outlook for future developments. A number of lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law. (more…)
David Lashway
Washington D.C.
dlashway@sidley.com
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Lauren Cuyvers
Brussels
lcuyvers@sidley.com
Matthias Bruynseraede
London
mbruynseraede@sidley.com
Jonathan M. Wilan
Washington, D.C.
jwilan@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Eleanor Dodding
London
edodding@sidley.com
FINRA Issues 2026 Regulatory Oversight Report
On December 9, 2025, the Financial Industry Regulatory Authority (FINRA) released its 2026 Annual Regulatory Oversight Report (2026 Report). The nearly 90-page report highlights emerging risks — including cybersecurity, data privacy, and generative AI (GenAI) — and offers tools and best practices for member firms. It also reemphasizes the perennial focus areas of Regulation Best Interest (Reg BI) compliance, third-party vendor management, best execution, consolidated audit trail (CAT), and compliance with the financial responsibility rules. Below are key takeaways, followed by a deeper dive into notable areas of focus, for some of the topics most relevant for broker-dealers.
(more…)
Andrew P. Blake
Washington, D.C.
ablake@sidley.com
W. Hardy Callcott
San Francisco
wcallcott@sidley.com
Kenyon Colli Hall
Boston
kenyon.hall@sidley.com
David M. Katz
New York
dkatz@sidley.com
Corin R. Swift
New York
corin.swift@sidley.com
Lilya Tessler
Dallas, Miami
ltessler@sidley.com
Lara C. Thyagarajan
New York
lthyagarajan@sidley.com
Paul M. Tyrrell
Boston
ptyrrell@sidley.com
EU Digital Omnibus: Implications for MedTech Companies
The European Commission (Commission) released its Digital Omnibus package, which aims to streamline and recalibrate certain aspects of the fast-growing body of EU digital regulations, on November 19, 2025. Rather than rewrite the core legislative instruments, including Regulation (EU) 2024/1689 (AI Act), Regulation (EU) 2016/679 (GDPR), Regulation (EU) 2023/2854 (Data Act) and Directive (EU) 2022/2555 (NIS2), the Commission has opted for a series of targeted amendments intended to reduce overlap, smooth implementation and increase legal certainty. The Digital Omnibus package is now open for review for an eight-week period, which is being extended until the proposals are available in all EU languages, allowing stakeholders to comment directly on the Commission-adopted texts before negotiations progress in the Parliament and Council.
(more…)
Francesca Blythe
London
fblythe@sidley.com
William RM Long
London
wlong@sidley.com
Elisabetta Righini
Brussels
erighini@sidley.com
Josefine Sommer
Brussels
jsommer@sidley.com
Eva von Mühlenen
Geneva
emuhlenen@sidley.com
Belinda Baum
Brussels
belinda.baum@sidley.com
EU Digital Omnibus: The European Commission Proposes Important Changes to the EU’s Digital Rulebook
On November 19, 2025, the European Commission officially adopted a proposal for the Digital Omnibus package. Specifically, the Digital Omnibus package consists of two legislative proposals, a Digital Omnibus on AI and a general Digital Omnibus (Digital Legislation Omnibus). The proposed package marks the Commission’s first step toward optimising the EU’s digital rulebook. It draws on more than a year of preparatory work and extensive stakeholder feedback: businesses across a number of different sectors have highlighted concerns about regulatory overlap, uneven national implementation and the need for clearer cross-regime rules and streamlined reporting.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Clive Gringras
London
clive.gringras@sidley.com
William RM Long
London
wlong@sidley.com
Elisabetta Righini
Brussels
erighini@sidley.com
Josefine Sommer
Brussels
jsommer@sidley.com
Texting in Texas: Texas AG Settlement Clarifies No Registration Needed for Consent-Based Text Messaging
Businesses that obtain consent prior to sending text marketing messages in Texas can breathe a cautious sigh of relief: the Texas Attorney General (Texas AG) has clarified that recent amendments to Texas’ telephone solicitation and telemarketing law enacted through Senate Bill 140 should not be interpreted to require such businesses to complete onerous registration requirements including posting of a $10,000 security bond and detailed disclosures about business owners, officers, directors and sales managers.
(more…)
Jonathan M. Wilan
Washington, D.C.
jwilan@sidley.com
Ian M. Ross
Miami
iross@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Garrett Lance
Washington, D.C.
glance@sidley.com
Data Protection in Financial Services Week 2025 – Webinar Recordings Now Live
Data Protection in Financial Services (DPFS) Week 2025 consisted of a series of webinars featuring industry leaders who offered invaluable insights on balancing AI with privacy, cybersecurity, and regulatory challenges within the financial services industry. DPFS Week was relevant to all those in financial services, including those in banking, insurance, fintech, funds, payments, private equity, securities, wealth management, and other sectors.
(more…)
Michael C. Hochman
Washington, D.C.
michael.hochman@sidley.com
Jennifer B. Seale
Washington, D.C.
jseale@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Thomas D. Cunningham
Chicago
tcunningham@sidley.com
Stephen W. McInerney
Chicago
smcinerney@sidley.com
Colleen Theresa Brown
Washington, D.C.
ctbrown@sidley.com
U.S. FDA and CMS Actions on Generative AI-Enabled Mental Health Devices Yield Insights Across AI Product Development
Industry is increasingly exploring the use of AI chatbots to potentially diagnose and treat various medical conditions, including in the area of mental health. FDA is just beginning to develop its regulatory framework for approved, cleared, or authorized devices in the mental health space based on generative AI technology. The medtech industry, healthcare providers, and the public are closely watching FDA developments and guidance regarding the use of generative AI across the medical device space.
(more…)
Rebecca K. Wood
Washington, D.C.
rwood@sidley.com
Deeona R. Gaskin
Washington D.C.
dgaskin@sidley.com
Elizabeth Hardcastle
Washington, D.C.
ehardcastle@sidley.com
Andrew James
Washington, D.C.
ajames@sidley.com
Abigail K. Caroll
Washington, D.C.
abigail.carroll@sidley.com
Upcoming Events
AI and Patent Law: Navigating a Changing Landscape
Resources