Tag: regulatory compliance
93 articles

Biometric Age Verification Shifts to On-Device Processing
With data breaches skyrocketing - a record 3,322 in the US last year alone - and over 30 age assurance laws now in force worldwide, the need for robust biometric age verification has never been more pressing. As governments crack down on underage access to social media, on-device processing is emerging as a crucial solution.

EU Orders Google to Open Android to Rival AI Assistants
Google is now required to open up Android to rival AI assistants, a move the company claims could compromise device security by giving external apps sensitive permissions. The European Commission's order, made under the Digital Markets Act, forces Google to grant third-party AI assistants access to Android sensors and system features.

GRC AI Tools Fall Short on Enterprise Readiness
Most organizations are flying blind when it comes to GRC AI tools, with a staggering 87% of IT and security pros admitting they can't fully see the AI tools active within their organization. This visibility gap poses a foundational risk, making it harder to rely on other controls and assurances.

India Warns WhatsApp Over Username Rollout Citing Security Risks
India's Ministry of Electronics and Information Technology has warned WhatsApp to halt its global rollout of a new usernames feature, citing security risks, and given the Meta-owned platform just three days to respond. The move has sparked concerns over regulatory action and the protection of user data.

US Lifts Export Controls on Anthropic's AI Model Fable 5
Big news: the US has lifted export controls on Anthropic's AI model Fable 5, allowing it to be accessible to users worldwide again after a brief shutdown. This comes after Anthropic made significant strides in curbing a concerning technique, successfully stopping it in over 99% of attempts.

FCC Tightens Cybersecurity Rules for Emergency Alert Systems, Undersea Cables
The FCC has just tightened cybersecurity rules for emergency alert systems and undersea cables to prevent vulnerabilities that could be exploited by rogue actors, foreign governments, or cybercriminals to spread chaos and misinformation. This move aims to safeguard the nation's primary public-warning platforms, including the Emergency Alert System and Wireless Emergency Alerts.

UK Privacy Watchdog Resigns Amid Poor Judgment Admission
UK Privacy Watchdog John Edwards has resigned with immediate effect, admitting his position had become untenable after being under investigation since February. He announced his decision on LinkedIn, bringing a sudden end to a months-long probe.

China Tightens Grip on Supply-Chain Data
China's new regulations, effective April, are tightening controls on supply-chain data, with a focus on the intent behind data collection, not just what is collected. Authorities can now scrutinize the purpose of investigations and information gathering to ensure they align with Chinese laws and regulations.

US Military Seeks Expanded Training Ranges to Simulate Contested Environments
The US military needs advanced training ranges that replicate the chaos of modern battlefields, where operators can rehearse and perfect critical maneuvers in simulated contested environments. Currently, regulatory hurdles and limited training spaces are hindering their ability to prepare for the complexities of modern warfare.

UK Regulators Warn Financial Firms on Frontier AI Cybersecurity Risks
UK regulators are sounding the alarm: as frontier AI models advance, financial firms must urgently bolster their cyber defences to avoid catastrophic threats to safety, customers, and financial stability. The warning comes as AI capabilities increasingly outpace human expertise, offering malicious actors unprecedented speed, scale, and low-cost opportunities to wreak havoc.

FTC to Crack Down on Deepfake Takedowns
Get ready for a major crackdown on deepfakes - starting May 19, 2026, websites and online services must swiftly remove nonconsensual deepfake media within 48 hours or face fines and FTC action. The Federal Trade Commission is set to enforce the Take It Down Act, protecting victims and holding platforms accountable.

HIPAA Security Rule Overhaul Nears, But Will Regulators Meet May Deadline?
As the HHS Office for Civil Rights prepares to unveil a major overhaul of the 23-year-old HIPAA Security Rule, concerns are mounting about meeting the May deadline. Director Paula Stannard urges healthcare organizations to consider the steep cost of inaction, emphasizing that the benefits of proposed modifications far outweigh the burdens.

OpenAI Bolsters Europe's Cybersecurity With Model Access
OpenAI is ramping up Europe's cybersecurity game by granting restricted access to its cutting-edge vulnerability-finding model, GPT-5.5-Cyber, to dozens of European organizations through its new Trusted Access for Cyber program. This move will empower defenders to swiftly protect systems and respond to threats, while also addressing security concerns with greater transparency.

US Bank Self-Reports Data Leak to Unauthorized AI App
A US bank has taken swift action, self-reporting a data leak that exposed sensitive customer information to an unauthorized AI app, sparking concerns over the volume and sensitivity of the compromised data. The bank's proactive disclosure to regulators and customers highlights its commitment to transparency in the face of a data-handling lapse.

UK Water Firm Fines £1m for 2-Year Data Breach Alternatively: South Staffordshire Water Breach Exposes 633,000 Or: Data Regulator Fines South Staffordshire Water £1m Best option: South Staffordshire Water Hit with £1m Data Breach Fine
Proactive security is no longer a nicety, but a necessity - as South Staffordshire Water's £1m fine for a 2-year data breach exposing 633,000 individuals' personal info painfully illustrates. Waiting for a ransom note or performance issues to discover a breach simply isn't an option.

Missouri Probes Conduent's Response to Massive Data Breach
Missouri's Department of Commerce and Insurance is stepping up its investigation into Conduent's massive data breach, which is believed to have affected over 25 million people, after the company failed to provide crucial information on the breach's impact. The state agency is urging insurers to come forward with details on their dealings with Conduent, citing significant consumer risk.

Europe Water downs AI Act Regulations Ahead of Enforcement
Europe's AI Act regulations just got a major update, with lawmakers agreeing to ease rules and delay enforcement to give innovators and startups a fair shot. The new deal sets a more relaxed timeline, with high-risk AI requirements now expected to kick in by December 2027.

Breach Response Requires Sustained Control
When a cyber breach hits, the decisions made in the first few days can have a lasting impact, setting the stage for years of consequences - and it's not just about fixing the tech, but also about the legal and communication choices that are made early on. In fact, a single incident can generate a ripple effect of legal, regulatory, and reputational consequences that persist for years.

Incident Response Shifts Focus to Trusted Recovery
The stakes are high: with the average breach costing nearly $4.9 million, organizations can no longer afford to focus solely on detecting intrusions - they must also prioritize swift and reliable recovery to restore operations, data, and trust. Speed and assurance of restoration have become just as crucial as early detection in incident response.

AMA Warns Congress of AI Chatbot Data Risks in Mental Health
The American Medical Association is urging Congress to set safeguards for AI chatbots offering mental health guidance, warning of potential risks if these tools aren't designed and deployed responsibly. Well-designed AI tools, however, can bring significant benefits to mental healthcare.

FTC Bolsters AI Efforts to Combat Deepfakes and Voice Scams
The Federal Trade Commission is stepping up its game against AI-powered scams, gearing up to enforce new laws targeting sexual deepfakes and exploring ways to shut down voice clone scams. It's a crucial move in the cat-and-mouse battle to stay ahead of tech-savvy scammers.

Coast Guard Rule Ramps Up Maritime Cybersecurity Standards
A new Coast Guard rule is set to revolutionize maritime cybersecurity by enforcing stricter standards on operational technology systems at US ports and commercial vessels, turning a long-overdue necessity into a booming market. This regulatory shift comes at a critical time, as global tensions rise and the shipping industry becomes an increasingly attractive target for cyber threats.

Netgear Sidesteps Router Ban with FCC Waiver
Netgear has scored a major win with the FCC granting it a temporary waiver, allowing the company to import consumer routers until 2027 despite a broader ban on foreign-made networking hardware. This move marks a significant exception to the rule, with Netgear becoming the first consumer brand to sidestep the import restriction.
Anthropic Unveils Claude Mythos, EU Regulators Scrutinize
This week, Anthropic unveiled Claude Mythos Preview, a powerful new model that's grabbed the attention of Europe's leaders, who are now scrutinizing its implications under the bloc's new AI legislation. Will Brussels' bold regulatory move have a ripple effect on AI development worldwide?