On June 18, 2024, the SEC announced a $2.125 million settlement with R.R. Donnelley & Sons Co. (“RRD”) related to the company’s 2021 ransomware attack (the “Incident”). The settlement, and the SEC’s accompanying cease-and-desist order (the “Order”), portend the agency’s continued and increasing oversight over registrants’ cybersecurity policies and practices. Background RRD is a global […]
Regulatory Enforcement
DOJ Announces $11.3 Million in Settlements for FCA Violations
On Monday, June 17, 2024, the Department of Justice (DOJ) announced a settlement in which two U.S. based consulting companies agreed to pay a combined total of $11.3 million to resolve allegations that they violated the False Claims Act (FCA) by failing to comply with cybersecurity requirements in government contracts. According to the DOJ, the […]
EU Artificial Intelligence Act Signed Into Law
Today, the EU Artificial Intelligence Act (‘AI Act’) was signed into law. The AI Act will impose obligations on both private and public sector actors which provide, import, distribute, or deploy in-scope AI systems. It also contains obligations which apply in connection with general-purpose AI models. The AI Act has explicit extra-territorial effect, which means […]
European Parliament Approves EU Artificial Intelligence Act
On March 13, 2024, the European Parliament approved the much-anticipated EU Artificial Intelligence Act (‘AI Act’). The AI Act is billed as the first comprehensive legal framework worldwide that specifically regulates AI systems. It will impose obligations on both private and public sector actors which develop, import, distribute, or use in-scope AI systems. Like the […]
California Court of Appeals Paves the Way for Enforcement of California Privacy Rights Act Regulations
On February 9, 2024, the California state court of appeals mandated a trial court to vacate its order and judgment prohibiting the California Privacy Protection Agency (the “Agency”) from enforcing the California Privacy Rights Act regulations (the “CPRA Regulations”) until March 29, 2024. The Agency will be able to enforce the CPRA Regulations upon the […]