Many public companies are starting to face increased risks of securities class action litigation based on statements about their use of AI that are alleged to have been false or misleading.  We have previously written about the legal risks that companies face if they oversell the capabilities of their AI systems, which is known as “AI washing.” In particular, the…

On December 18, 2023, the Securities and Exchange Commission’s (the “SEC”) rule requiring disclosure of material cybersecurity incidents became effective. To date, 11 companies have reported a cybersecurity incident under the new Item 1.05 of Form 8-K (“Item 1.05”).[1]  After the first 100 days of mandatory cybersecurity incident reporting, we examine the early results of the SEC’s new disclosure requirement.…

On March 18, 2024, the U.S. Securities and Exchange Commission (“SEC”) announced settled charges against two investment advisers, Delphia (USA) Inc. (“Delphia”) and Global Predictions Inc. (“Global Predictions”) for making false and misleading statements about their alleged use of artificial intelligence (“AI”) in connection with providing investment advice.  These settlements are the SEC’s first-ever cases charging violations of the antifraud…

On February 26, 2024, the National Institute of Standards and Technology (“NIST”) announced the release of Version 2.0 of the Cybersecurity Framework (“Version 2.0” or the “Framework”). We previously wrote about proposed changes to the Framework, which has become an important industry standard for assessing cybersecurity maturity of organizations and managing cybersecurity risk. Version 2.0’s enhanced guidance, and particularly its…

On March 15, 2024, Erez Liebermann, Caroline Swett, Robert Maddox, and Stephanie Thomas from our Data Strategy and Security and Banking Groups hosted the next installment of our Data Security Webcast, where they delved into the Commodity Futures Trading Commission’s (“CFTC”) notice of proposed rulemaking for an operational resilience framework for futures commission merchants, swap dealers, and major swap participants…

In July, we previewed the new rules adopted by the Securities and Exchange Commission (“SEC”) for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. Under these rules, Item 1.05 of Form 8-K requires U.S. public companies to disclose material cybersecurity incidents. We have been tracking Form 8-K filings under the new SEC requirements since the rules went into effect on…

On February 28, 2024, President Biden issued an Executive Order (the “Order”) designed to protect the “sensitive personal data” of Americans from “exploitation” by “countries of concern” or related “covered persons.” Concurrently, the Department of Justice (“DOJ”) released an Advance Notice of Proposed Rulemaking (“Advance Notice”), detailing potential definitions for key terms not defined in the Order, discussing the potential…

Key takeaways from January include: Transparency about data processing and retention: In a reminder of the importance of transparency under the GDPR, and the need for companies to make their data subject access request processes easy to navigate, the Dutch data protection authority fined Uber €10 million for, amongst other failings: (i) not specifying to drivers how long it retained…

On 18 March 2024, Avi Gesser and Martha Hirst from the Debevoise Data Strategy and Security Group, in conjunction with the AI UK 2024 symposium, presented on the regulatory developments, and associated governance risks, relating to AI use. The presentation included practical guidance that can support businesses’ ability to use AI agilely within a developing regulatory landscape. The proliferation of…

Registered investment advisers (“RIAs”) have swiftly embraced AI for investment strategy, market research, portfolio management, trading, risk management, and operations.  In response to the exploding use of AI across the securities markets, Chair Gensler of the Securities and Exchange Commission (“SEC”) has declared that he plans to prioritize securities fraud in connection with AI disclosures and warned market participants against…