The EU officially adopted the Data Act in January 2024, and it came into force on September 12, 2025. The Data Act builds on existing laws like the General Data Protection Regulation and the Data Governance Act. Now that the legislation is active, companies that fall under its scope must proactively review its provisions and ensure they comply with the new obligations. At a high-level, the Data Act establishes rules for fair access to and use of data. It is concerned with data related to … [Read more] about The EU Data Act Comes Into Force
Chilean Regulator Launches Public Consultation on New Cybersecurity Law

On 16 September 2025, the Chilean Cybersecurity Agency (Agencia Nacional de Ciberseguridad, ‘ANCI’) launched a public consultation on its provisional list of companies that may be classified as ‘operators of vital importance’ (Operadores de … [Read more] about Chilean Regulator Launches Public Consultation on New Cybersecurity Law
Texas Expands Data Broker Act Requirements

On September 1, 2025, the amendments to the Texas Data Broker Act (the Act) became effective. The Act, which originally came into effect on September 1, 2023, defines “data brokers” as business entities that derive their principal source of revenue … [Read more] about Texas Expands Data Broker Act Requirements
United States, International Coalition Issue Joint Warning of Increasing PRC Backed Threat Activity

On August 27, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the United States Department of Defense Cyber Crime Center (DC3) … [Read more] about United States, International Coalition Issue Joint Warning of Increasing PRC Backed Threat Activity
CISA Gives Itself an Extension for Cyber Incident Reporting Rules

The Cybersecurity and Infrastructure Security Agency (CISA) has extended the deadline for it to issue final rules about mandatory incident reporting for critical infrastructure entities. The original deadline of October 2025 was pushed by six months … [Read more] about CISA Gives Itself an Extension for Cyber Incident Reporting Rules