The Cybersecurity and Infrastructure Security Agency (CISA) has extended the deadline for it to issue final rules about mandatory incident reporting for critical infrastructure entities. The original deadline of October 2025 was pushed by six months … [Read more] about CISA Gives Itself an Extension for Cyber Incident Reporting Rules
On August 28, 2025, Colorado Governor Jared Polis signed Senate Bill 25B-004 (Bill) into law, extending the compliance deadline of the Colorado Artificial Intelligence Act (CAIA) from February 1, 2026, to June 30, 2026. The Bill does not alter the … [Read more] about Compliance Deadline for Colorado AI Act Delayed Until June 30, 2026
On September 9, 2025, the California Privacy Protection Agency (CPPA) announced a joint investigation sweep targeting businesses that may be failing to honor consumers’ opt-out requests submitted via Global Privacy Control (GPC) signals, in … [Read more] about Multistate Privacy Investigative Sweep Targeting Website Global Privacy Control (GPC) Noncompliance
Rhode Island has enacted Senate Bill 603 (SB603), effective July 2, 2025, establishing a comprehensive cybersecurity framework for nonbank financial institutions licensed by the state’s Department of Business Regulation (DBR). Although SB603 is … [Read more] about Rhode Island’s New Cybersecurity Law for Nonbank Financial Institutions
On July 31, 2025, the United States Department of Justice (DOJ) announced a $9.8 million settlement with Illumina, Inc. (Illumina) to resolve alleged False Claims Act (FCA) violations related to cybersecurity vulnerabilities and shortcomings in its … [Read more] about DOJ Settles Cyber Qui Tam Action Against Illumina for Allegedly Unsecured Genomic Sequencing Products