Metaverse Law

Check out the blog post by Emma Wallace on cybersecurity laws for the financial sector. We cover several major updates ahead of 2025, including: -- EU's DORA requirements on cybersecurity, SLAs, and business continuity -- SEC updates requiring heightened incident response planning -- FTC updates to the Safeguards Rule -- CFPB introducing new consumer privacy rights for certain data providers Regulators are scrutinizing the financial sector now more than ever. Financial resilience is top of mind, due to the fallout from Silicon Valley Bank and FTX. Identity theft and wire fraud continues to rise, with the increasing number of data breaches exposing sensitive personal information. As a result, privately-owned banking, credit, insurance, and fintech companies will face increasing government inspection, audit, and cybersecurity testing requirements --- either by law or by contract. Be prepared for this new paradigm and read on! Link here: https://lnkd.in/gv3KCv7H Image credit: JustStartInvesting on Unsplash #cybersecurity #fintech #digitalpayments #banking #privacylaw #internationallaw #NotDORAtheExplorer

The state of EU and US AI legislation is a throwback to 2020. In this analysis for Reuters, we compare the EU AI Act with the patchwork of US state and federal AI legislation. Compared to the AI Act, US AI law is a hodge-podge of consumer protection, IP, employment, data privacy and risk assessment requirements. Given the nature of US federalism, we don't expect the passage of comprehensive AI legislation anytime soon. One on hand this is positive, the states can experiment and decide the appropriate balance between AI risk and innovation. On the other hand, this is a quagmire for global companies, many of whom will default to the strictest standards. #GDPRflashbacks #patchwork #ailaw #privacylaw #consumerprotection #employmentlaw #statebystateexperiment

Check out my latest post on the Metaverse Law blog! AI is increasingly integral to business operations like hiring and managing employees – and legislators are taking note. With the latest amendment to the Human Rights Act, Illinois joins Colorado and New York City with employment-specific AI regulations. The law…  – goes into effect on 2026;  – prohibits using AI systems with a discriminating effect on protected chatacteristics;  – bans the use of race or zip code used as a proxy for race;  – requires employers provide notice when using AI in their decision making. Read the full post and learn more about the latest amendment to the Illinois Human Rights Act here:

Check out our analysis of California's AI Transparency Act in OneTrust DataGuidance's recent article. For covered generative AI providers, this imposes AI detection requirements *and* third-party licensee requirements. Per the article, covered providers will need to do all of the following: -- Make an AI detection tool -- Include both an optional and a latent disclosure in all AI generated content -- Enter contracts with licensees to ensure such latent disclosures This Act goes into effect on January 1, 2026, but covered providers should act now given the significant technology requirements of the Act. Shout out to fellow contributor Jacob Canter at Crowell & Moring! Read more here: https://lnkd.in/gCmJYPPt #aigovernance #grc #AIengineers #SkyNetDetect #getreadyformoreAIredlines

Thank you Bloomberg Law for sharing my thoughts on quantum computing. Recently, NIST released Post-Quantum Encryption Standards, encouraging agencies to adopt standards that withstand quantum attacks: https://lnkd.in/giKxEZC2 “There is a big disconnect between the NIST standards and what private industry is trying to adopt,” Li said.   Expecting them to quickly shift their focus to post-quantum concerns may be a big leap, according to Li. Companies dealing with sensitive data privacy and security considerations—like those for hospitals and commercial airplanes—are still working to meet emerging government cyber requirements that are already falling behind a fast-evolving threat landscape.   “I do think that it’s important that NIST gives out this guidance, because it is a big risk, and companies need to game plan for it,” Li said. “But as far as our cybersecurity posture, we need to bring everyone up to even the minimum floor. Then let’s work on the next step.” #cybersecurity #quantumcomputing #NIST #letscrackthiscodeandprotectoursecurity #privacylaw

*CA Legal Update* -- Newsom vetoed SB 1047, but other AI bills (described below) passed. Pay close attention to the Nov. 8 CPPA meeting, where proposed AI risk assessment, cybersecurity, and audit rules are on the agenda. Our guess is that the CPPA held off rulemaking on these substantial requirements, to see if the CA legislature would act. Now that SB 1047 is off the table, there will be more public pressure to initiate rulemaking on the new AI risk assessment rules. -- AB 1008: Neural data added as "sensitive personal information -- AB 1824: Businesses must honor opt-out rights for M&A activity -- SB 2013: Covered Gen AI systems need to provide training data disclosures -- SB 942: Covered Gen AI systems need to include AI transparency and technically allow AI detection -- AB 3030: Gen AI disclosures and additional requirements for covered health facilities -- AB 1836/ 2602: Prohibitions on creating digital replicas of entertainers and similar professionals, absent consent and other requirements -- AB 2355/2655/2839: Disclosure and liability requirements for deepfakes/ removal of deepfake election content from platforms. More information on the bills here: https://lnkd.in/g25jrkJb ** Edited to reflect the CPPA rescheduling the Oct. 4 meeting to Nov. 8.**

Tune in to Arthur’s virtual AI Fest event this Thursday where I’ll be speaking about legal considerations for enterprise use of AI. Want to take bets on how many times the word *risk* is used? From an enterprise perspective, ranking high-risk uses of AI is critical for determining whether written risk assessment, safety protocols, and reporting will apply. If you’re passionate about AI and its impact on both business and society, this is an event you won’t want to miss! 🎟️ Learn more and save your spot: https://bit.ly/3XuljgY #AI #governance #riskmanagement #enterpriserisk #startrekreference

Legal alert for AI developers! Today, Gov. Newsom signed a landmark CA bill, requiring generative AI systems to embed AI watermarking into their content. This goes one step further than written privacy & transparency notices, and requires changes at the product level. Newsom's signature continues the trend of CA AI rulemaking. Earlier this week, Governor Newsom also signed bills protecting actors' digital likenesses and combating deepfake election content. https://lnkd.in/g5FrZJkM

Thank you to the newest member of our team, Emma Wallace, for this roundup of California's latest data privacy & AI bills. We will update this page as Governor Newsom reviews and signs. These updates include: ** Significant AI safety obligations for certain highly complex AI systems, requiring written safety protocols submitted to the AG ** Generative AI training data transparency ** AI detection/ watermarking features for generative AI developers ** Age limits for CCPA opt-ins to selling/sharing from 16 to 18 ** Browsers to enable recognition of opt-out signals by default ** Inclusion of neural data into the definition of sensitive information California legislatures are not waiting for federal legislation on AI --- they are pressing forward now on AI safety, transparency, and children's data. What do you think of this development? A gut check in the face of ever-increasing AI technology? Or a state-by-state compliance nightmare for companies? #bothmightbetrue #keepreadingfaster #privacylaw #AI https://lnkd.in/gpDvsnk6

I am speaking at the #Risk Digital UK/EU global livestream next week for two sessions: “A New Era of AI Governance” and “The Role of Technology in Modern Governance, Risk and Compliance.”    My presentations will include an overview about artificial intelligence risks and discuss the latest developments in European Union and United States AI legislation and regulations. Major developments in the US include: -- NY and Illinois AI bias legislation in employment -- Colorado comprehensive AI legislation -- California AI bills that have recently passed the legislature. I will also touch on how the results of U.S. presidential election could impact the AI landscape, either through changes in FTC priority and state legislation, and the need for AI risk management and governance programs.   The law in this area is developing very quickly and will affect businesses in almost every industry. Keeping up with these changes is critical as business deploy and integrate AI into everyday operations.   You can register for the event by clicking on the link: https://lnkd.in/gvWyzWqv   #Risk Digital is one of a number of conferences organized by GRC World Forums, a producer of in-person and livestream educational events for governance, risk and compliance professionals. #AIgovernance #dataprivacy #HR #employmentlaw #SorryCaliforniansthisisonUKtime