Alston & Bird Privacy, Cyber & Data Strategy Blog

New EU Regulation Clarifies Cybersecurity Rules for IoT Devices and Other ‘Products with Digital Elements’

December 10, 2025 By Paul Greaves, Wim Nauwelaerts and Kelly Hagedorn

On November 28 2025, the European Commission adopted a regulation implementing the Cyber Resilience Act (‘CRA’) – an EU-wide law which lays down cybersecurity requirements for companies that design and sell ‘products with digital elements’. PDEs can take many forms including IoT devices, hardware components, and certain software. The CRA imposes cybersecurity obligations in connection with all in-scope PDEs, although it categorizes them according to risk. The majority of PDEs fall within a … [Read more] about New EU Regulation Clarifies Cybersecurity Rules for IoT Devices and Other ‘Products with Digital Elements’

California AG Announces $1.4 Million Settlement with Mobile App Provider for Alleged CCPA Violations

December 1, 2025 By Maki DePalo, David Keating and Hyun Jai Oh

On November 21, 2025, California Attorney General (AG) Rob Bonta announced a $1.4 million settlement with Jam City, Inc. (company), a mobile game app company, for alleged failures to enable in-app opt-outs from the sale and sharing of personal … [Read more] about California AG Announces $1.4 Million Settlement with Mobile App Provider for Alleged CCPA Violations

SEC Dismisses Remaining Claims Against SolarWinds

November 24, 2025 By Cara Peterman, Sierra Shear and Madeleine Juszynski Davidson

On November 20, 2025, the Securities and Exchange Commission (SEC) dismissed its landmark enforcement action against SolarWinds Corp. and the company’s Chief Information Security Officer, Tim Brown. In 2023, the SEC’s enforcement action broke new … [Read more] about SEC Dismisses Remaining Claims Against SolarWinds

The EU Digital Omnibus: A European Data Law Shake-Up May Be Coming

November 21, 2025 By Alice Portnoy, Wim Nauwelaerts and Paul Greaves

On November 19, the European Commission (EC) released its EU Digital Omnibus proposal - a 153-page document accompanied by an explanatory memorandum and a Staff Working Document. This proposal introduces amendments, deletions, and replacements to … [Read more] about The EU Digital Omnibus: A European Data Law Shake-Up May Be Coming

UK Cybersecurity Legislation Soon to be Introduced

November 21, 2025 By Hanna Hewitt

The UK Government has introduced the Cyber Security and Resilience (Network and Information Systems) Bill (the “Bill”) to Parliament, marking the most significant update to the UK’s cyber legislation since 2018. You can access a copy of the Bill … [Read more] about UK Cybersecurity Legislation Soon to be Introduced