Search for:
Category

Cybersecurity, Data and Tech

Category
In AML & Financial Services Regulatory

Taiwan: Amendment to Personal Data Protection Act

by and 5 Mins Read

On 17 October 2025, Taiwan’s Legislative Yuan passed amendments to the Personal Data Protection Act (PDPA), establishing the Personal Data Protection Commission (PDPC) as the new supervisory authority for personal data matters.
These changes respond to a 2022 Constitutional Court ruling and aim to strengthen independent oversight while enhancing data protection standards across both public and private sectors.
Key updates include mandatory appointment of Data Protection Officers (DPOs) for government agencies, new breach notification and reporting obligations for non-government entities, expanded inspection powers for the PDPC, and a six-year transition period for certain supervisory functions.
The PDPC will also issue baseline security regulations and serve as the appeals body for administrative decisions. The effective date will be set by the Executive Yuan, with implementation expected in 2026.

Read More
In Cybersecurity, Data and Tech

Canada: Clarifying compliance – Canadian enforcement trends in youth privacy and age assurance

by , and 3 Mins Read

Canadian privacy regulators are intensifying scrutiny of platforms used by minors, emphasizing age assurance and youth privacy. Investigations reveal that self-declared age gates and adult-oriented consent language are inadequate. Platforms must adopt layered age verification, youth-friendly privacy communications, and contextual data practices. Enforcement is shaping standards ahead of formal guidance, urging proactive compliance measures.

In Tax

United States: White House publishes plan for the taxation of cryptocurrencies and other digital assets

by , and 1 Min Read

Earlier this summer, the US Administration’s Working Group on Digital Asset Markets published a report, entitled Strengthening American Leadership in Digital Financial Technology. The Report contains recommendations for revising existing legislation and IRS guidance regarding trusts engaged in cryptocurrency staking, Code provisions that may deny recognition of gains or losses by active securities traders, and reporting requirements for participants in digital asset transactions and for the exchanges that facilitate such activities

Read More
In Cybersecurity, Data and Tech

Vietnam: Releasing draft AI Law for comprehensive AI governance framework

by , , and 3 Mins Read

Vietnam’s draft AI Law, released for public consultation, aims to establish a comprehensive governance framework by January 2026. It introduces phased implementation, risk-based classification, role-driven accountability, and obligations for general-purpose AI. The law promotes innovation through incentives and sandboxes, and enforces strict penalties for violations, including revenue-based fines. Businesses in high-risk sectors like finance and health will face increased scrutiny. Stakeholders are urged to submit feedback before the National Assembly’s session on 20 October 2025.

In Cybersecurity, Data and Tech

Brazil: Data Protection Authority becomes a regulatory agency and assumes new responsibilities for the digital protection of children and adolescents

by , , and 3 Mins Read

The Brazilian Data Protection Authority (ANPD) has become an autonomous regulatory agency with expanded powers under Provisional Measure No. 1.317/2025 and Decree No. 12.622/2025. It now oversees digital protections for children and adolescents, including enforcing court orders, setting security standards, and coordinating with other agencies. The ANPD can issue regulations, supervise entities, and ensure proportional obligations for tech providers, prioritizing children’s rights and data protection in digital environments.

In Cybersecurity, Data and Tech

Colombia adopts the first certifiable international standard for AI systems: ISO/IEC 42001:2023

by , , and 2 Mins Read

Organizations domiciled in Colombia can now adopt the international standard ISO/IEC 42001:2023, which will make them among the first organizations in Latin America to have a certifiable standard for the responsible management of artificial intelligence (AI) systems.

Read More
In AML & Financial Services Regulatory

Australia: Australian Government moves to regulate digital asset and tokenised custody platforms

by , , and 6 Mins Read

On 25 September 2025, the Australian Government released draft legislation to regulate Digital Asset Platforms (DAPs) and Tokenised Custody Platforms (TCPs). The proposed law requires operators of these platforms to hold an Australian Financial Services Licence and comply with tailored disclosure, conduct, and licensing obligations. It aims to close regulatory gaps, enhance investor protection, and position Australia as a credible hub for digital asset innovation. Consultation on the draft closes on 24 October 2025.

In Cybersecurity, Data and Tech

Colombia adopts the first certifiable international standard for AI systems

by , , and 2 Mins Read

Colombia has adopted ISO/IEC 42001:2023, becoming the first country in Latin America to implement a certifiable international standard for AI systems. This standard promotes responsible AI governance, transparency, and risk management. It aligns with Colombia’s national AI strategy and offers competitive advantages for organizations, including global recognition and regulatory compliance. The standard covers AI-specific risk assessment, operational controls, and integration with other ISO standards.

In Cybersecurity, Data and Tech

Brazil and European Union: Adequacy Decision – EU Drafts Data Transfer Deal with Brazil

by , , and 3 Mins Read

On 5 September 2025, the European Commission published the Draft Adequacy Decision recognizing Brazil as a country that ensures an adequate level of protection for personal data, pursuant to Article 45 of the General Data Protection Regulation (GDPR). This proposal marks the beginning of the formal procedure to authorize the transfer of personal data from the European Union to Brazil without the need for additional safeguards, effectively treating such transfers as equivalent to those occurring within the EU.

Read More
Load More