On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology (“ADMT”), insurance, and updates to the existing CCPA regulations. The revisions were informed by comments received by the CPPA during the formal public […]
Legislation
2025 State Cybersecurity Legislation Focuses on Financial Services
Eight years ago, on March 1, 2017, the New York Department of Financial Services enacted its landmark cybersecurity regulation covering financial services companies, 23 NYCRR Part 500, known as “Part 500.” Part 500 was the first state regulation to enumerate, in great detail, the elements of a cybersecurity program that a covered financial service company […]
Virginia Legislature Passes Second US AI Governance Act behind Colorado: Comparing the AI Acts
On February 20, 2025, the Virginia legislature passed the High-Risk Artificial Intelligence Developer and Deployer Act (House Bill 2094, the “VA AI Act”) that mandates developers and deployers of high-risk artificial intelligence systems (“HRAI systems”) to adhere to specific governance requirements. The VA AI Act will come into effect on July 1, 2026 (if Virginia […]
Forthcoming UK Cyber Security and Resilience Bill to Boost the UK’s Cyber Defenses
In the July 2024 King’s Speech, the UK government announced its intention to introduce a Cyber Security and Resilience Bill (the “Bill”) to improve the UK’s cyber defenses and protect essential public services. The announcement comes as companies and countries increasingly face attacks by cyber criminals and state actors, sometimes disrupting public services and infrastructure. […]
California Passes Generative AI “Training Transparency” Bill
On August 27, 2024, the California state legislature passed Assembly Bill 2013 and sent it to Governor Gavin Newsom for signature. If passed, AB 2013 would require companies that make generative AI systems and services publicly available to Californians to post documentation on their website about the data used to train such AI systems and […]