• |

    May 1, 2024

Answers to Top Questions About the E.U. AI Act: Risk Tiers and Big-Player Transparency

The European Regulation on Artificial Intelligence, or E.U. AI Act (Act), approved last month as the world’s first comprehensive AI law, will have a global impact, applying to any companies whose AI interacts with Europeans. It promises regulation proportionate to the risks of each AI use, but companies worry that the Act’s layers of red tape will hold back innovation. This second article in a three-part series that answers common questions about the Act addresses the implications of the Act’s risk tiers and required assessments, including how it treats internal uses of AI. Part one reported on reactions among companies and delved into gray areas around its reach, the Act’s categorization of AI providers and deployers, and requirements affecting use of generative AI features. Part three will discuss practical steps for companies to prepare now for the Act. See “IBM, eBay and Walgreens CPOs Outline 10 Steps for Building AI Governance” (Oct. 18, 2023).

Navigating Ransomware’s Challenges

Ransomware is growing in speed, complexity and the size of financial damage it can visit upon a victim company, amplifying questions about how to deal with such events. During the recent Incident Response Forum Masterclass 2024, partners at Alston & Bird, Latham & Watkins, FGS Global and Skadden discussed these issues and how the regulatory environment has advanced, putting additional demands on companies. This article distills their insights, including those regarding ransomware response challenges and suggested practices for achieving an effective combination of people, processes and technologies. “Ransomware Incident Response Checklist” (Apr. 26, 2023).

Off-Channel Communications Are Not the Only Source of Electronic Recordkeeping Violations

In the past several years, regulators have been laser-focused on the recordkeeping duties of regulated firms with respect to business communications made on unapproved channels. The SEC and CFTC have together imposed nearly $3 billion in penalties for violations of those duties. A recent FINRA proceeding is an important reminder that regulated firms should also remain vigilant with respect to their authorized systems – especially legacy systems. FINRA’s letter of acceptance waiver and consent (AWC) with a broker-dealer alleges that, due to deficient supervisory procedures, the firm failed to preserve more than a million business-related electronic communications on four of its own platforms. This article details FINRA’s allegations and the terms of the AWC. See “Latest SEC Sweep of Off‑Channel Communications Both Befuddles and Turns Up the Heat on Investment Advisers” (Apr. 10, 2024).

Greenberg Traurig Welcomes Technology Litigator in San Francisco

Greenberg Traurig has announced that technology litigator Michael Burshteyn has joined the firm’s intellectual property litigation practice as a shareholder in San Francisco. He arrives from security startup CryptoMove, where he was founder and CEO. For insights from Greenberg Traurig, see our two-part series on private actions under the CPRA: “Key Issues and Defense Strategies” (Oct. 18, 2023), and “Settlement Considerations and Mitigating Risk” (Oct. 25, 2023).

Most-Read Articles

Spotlight on Trailblazing Women

To mark International Women’s Day 2024, women editors and reporters of ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Jill Abitbol, Managing Editor of the Cybersecurity Law Report and Anti-Corruption Report, features notable women in data privacy, cybersecurity, white collar defense, compliance and anti-corruption law, including Christina Montgomery, Leslie Shanklin, Palmina Fava, Alexandra Ross and Lucinda Low. Enjoy reading their inspiring remarks here.

We Celebrate Data Privacy Day 2024

Read the full brief here.