Our top-five European data protection developments from February are: European Commission publishes guidelines on prohibited AI practices: The EU Commission has published non-binding guidance on the EU AI Act’s prohibited use cases. European Parliamentary Research Service Report Highlights Tension Between the EU AI Act and GDPR: The ERPS published a report warning of a potential conflict between the EU AI…

South Korea has become the latest country to pass a national AI law. The “Basic Act on the Development of Artificial Intelligence and Establishment of Foundation for Trust” (the “Basic Act” or the “Act”), which has several similarities to – and differences from – the EU AI Act, and comes into force on January 22, 2026. Like its EU counterpart,…

As the first quarter of 2025 draws to a close and we look ahead to the spring, important changes to the Federal Rules of Evidence (“FRE”) regarding the use of AI in the courtroom are on the horizon. Specifically, the Federal Judicial Conference’s Advisory Committee on Evidence Rules (the “Committee”) is expected to vote on at least one AI-specific proposal…

On Tuesday, April 29, 2025 at 1:15 pm, Erez Liebermann will be moderating a panel at RSAC 2025 Conference to discuss the growing regulatory expectations around governance, including that from the Securities and Exchange Commission (SEC) and other regulators beating their cyber drums. The panelists will share best practices to educate the board, both ahead of and during an incident.…

On Wednesday, April 30, 2025 at 2:25 pm, Erez Liebermann will be moderating a panel at RSAC 2025 Conference to discuss different approaches of private equity firms in evaluating cyber maturity and in working with portfolio companies on M&A, risk management, and incident response. The panel will feature: Rich Adduci, Operating Executive, Berkshire Partners James Goddard, Senior Operating Executive, Hellman…

On Tuesday, April 29, 2025 at 9:40 am, Erez Liebermann will be moderating a panel at RSAC 2025 Conference to dive into the work that financial services companies, the government, and cloud service providers are taking to mature incident response. The panel will feature: Todd Conklin, Chief AI Officer and Deputy Assistant Secretary, US Treasury Heather Hogsett, Senior Vice President,…

On Thursday, April 24, 2025 at 9:00 AM ET, as a part of IAPP Global Privacy Summit 2025, Erez Liebermann will be moderating a panel of experienced in-house counsel and a former in-house counsel to discuss the pitfalls of incident response and lessons learned from crisis management missteps. By sharing real-world examples, insights and actionable recommendations, the session aims to equip…

Our top five European data protection developments from January are: UK ransomware reporting proposals. The UK Government released a consultation on ransomware related legislative proposals, including possible reporting obligations and payment bans for cyber ransom incidents. DeepSeek investigated by Italian DPA over AI chatbot data collection practices. The Italian DPA opened an investigation into DeepSeek for possible GDPR non-compliance associated…

On February 20, 2025, the SEC announced the creation of the Cyber and Emerging Technologies Unit (“CETU”) to focus on “combatting cyber-related misconduct and to protect retail investors from bad actors in the emerging technologies space.” In this blog post, we provide an overview of the announcement, which illustrates that the Trump administration will continue to prioritize SEC cybersecurity and…

Because media is constantly urging us to use more AI, Professor Ethan Mollick’s recent post that identified 5 Times Not to Use AI caught our attention. After dispensing with the obvious scenarios (e.g., using AI for illegal purposes, in high-stakes situations where errors could be catastrophic, or for decisions that ethically require human work), Professor Mollick offers five situations where…