Back in March 2022, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) was signed into law as yet another regulation aiming to enhance federal cybersecurity by requiring critical infrastructure entities to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA). Two years later, on April 4, 2024, CISA published its proposed rule to codify CIRCIA’s specific mandates, which are expected to take effect in 2026.

Back in 2017, the New York State Department of Financial Services (NYDFS) took a significant step to enhance the cybersecurity defenses of financial institutions operating in New York by introducing the NYDFS Cybersecurity Regulation. Through its set of requirements—since amended in 2023—the Regulation aims to better safeguard the sensitive information processed through these organizations which must adhere to its mandates.

As technology continues to evolve and embed itself more into society, regulations to govern its use and protect consumers are struggling to keep up in parts of the world. But not so in the European Union (EU), where they’ve recently made progress on a wave of new cyber legislation—among those is the NIS 2 Directive.

As of June 2024, the European Union's Digital Operational Resilience Act (DORA) is set to become a pivotal piece of legislation impacting financial institutions and their Information and Communication Technology (ICT) service providers. Designed to improve the stability and security of the financial sector amidst increasing cyber threats, DORA mandates several rigorous standards that organizations under its purview will need to accommodate.

One of many different kinds of cyber attack, phishing involves a message—sent by email or otherwise—where a malicious actor purports to be reputable in some way to convince individuals to reveal personal information that the criminal can then exploit for gain.

In January 2024, the AI Governance Alliance—an arm of the World Economic Forum (WEF)— released a series of three papers covering several important artificial intelligence (AI) topics:

Trying to keep up with the rapidly emerging and evolving governance of AI? Struggling to figure out how to address customer misgivings about your AI systems?

NOTE: This blog was originally published on 3/24/2024 and has been updated as of 8/1/2024 now that the EU AI Act has been published in the Official Journal of the European Union and “enter[s] into force” 20 days thereafter, or on August 1, 2024.