Privacy & Cybersecurity Midyear Report: 4 Areas To Watch
August 2, 2024, Law360
Yaron Dori and Mark Young’s commentary was included in a Law360 article on key developments to expect in the data privacy and cybersecurity landscape in the second half of 2024.
Yaron weighs in on actions to regulate artificial intelligence (AI) that are being considered by Congress and federal agencies. "Federal agencies are doing what they can with the authorities that they have to regulate AI. It's not so much that what they're doing is new, but rather that their existing authority all of a sudden carries new meaning or additional currency because it's wrapped up in AI," Yaron said.
Yaron adds that given this scrutiny, companies are beginning to understand how to go about using and deploying AI tech responsibly, taking steps such as updating their policies to put in place "some guardrails and ground rules around the use of AI" and ensuring that they're appropriately disclosing how they're deploying these technologies.
Mark discusses what to expect from the European Union’s new cybersecurity regime under the Network and Information Systems, or NIS2, Directive. EU member states have been busy drafting regulations to implement the directive, which sets heightened rules for banks, energy suppliers, medical device makers, digital services, and a wide range of other critical infrastructure providers to secure their systems and report cyberattacks. Mark points out that the looming implementation is poised to spark "a real uptick in compliance efforts" to meet these more stringent obligations.
"Companies will have to look at what other laws they're already subject to in order to determine where there's overlap and how they're going to comply with the unique testing and reporting aspects of NIS2," Mark said. "It also places liability on management bodies that are charged with overseeing implementation of compliance programs, so that's likely to cause some tension as well."
Back
