Cyber risk has shifted from a technical issue to a systemic one and Britain’s financial regulators are making that reality unmistakably clear. On March 18, 2026, the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), and Bank of England announced a new, unified cyber and operational resilience framework that strengthens the requirements on how firms […]
Privacy & Cyber Regulatory Enforcement
“Show Your Work, AI”: Congress Pushes for AI Model Transparency
On March 26, 2026, a bipartisan group of U.S. lawmakers introduced H.R. 8094, titled the “AI Foundation Model Transparency Act of 2026” (“AI FMTA”). At its core, the AI FMTA would require developers of certain large AI Models, like ChatGPT or Claude, to publicly disclose key information about how the models are trained, what the […]
Key AI, Cybersecurity, and Privacy Takeaways from the NAIC 2026 Spring Meeting
From March 22–25, the National Association of Insurance Commissioners (“NAIC”) held its 2026 Spring National Meeting in San Diego, California. During the meeting, the Innovation, Cybersecurity, and Technology Committee, along with its working groups on Third-Party Data and Models, Big Data and Artificial Intelligence, and Cybersecurity, addressed key developments regarding oversight of third-party data and […]
Connecticut Proposes Mandatory Forensic Investigation and Reporting for Large Scale Data Breaches
Connecticut lawmakers have introduced legislation that, if enacted, would significantly expand breach-response obligations for organizations affected by large-scale cybersecurity incidents. As proposed, Raised Senate Bill 117 (SB 117), would create a new category of “massive” data breaches and impose mandatory forensic investigation and reporting requirements that go well beyond Connecticut’s existing breach notification framework. What […]
CISA Warns Organizations to Harden Endpoint Management Systems Following Cyberattack on Stryker Corporation
On March 18, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert (the Alert) urging U.S. organizations to harden their endpoint management systems following the March 11, 2026 cyberattack against medical technology firm Stryker Corporation (Stryker), which disrupted Stryker’s internal Microsoft environment. CISA stated that it is conducting enhanced coordination with federal partners, […]