On 2 July 2024, the Luxembourg law (“Law”) implementing the new EU framework for the effective and harmonized management of digital risks in the financial sector, namely the Digital Operational Resilience Act (DORA), was published in the Luxembourg official gazette. Like DORA, the Law will apply from 17 January 2025.
The Malaysia Cabinet has approved the proposed amendments to the Personal Data Protection Act 2010 (Act 709). These amendments are expected to be tabled in the current Parliamentary session taking place up until 18 July 2024.
The Hungarian Government has published a new draft decree, which, once adopted, will establish new fines for failure to provide data, either within the deadline or at all, that is necessary for the registration of organizations under Act XXIII of 2023 on Cybersecurity Certification and Cybersecurity Supervision (“Cyber-certification Act”), which is the Hungarian transposition of the NIS2 Directive [Directive (EU) 2022/2555]. For numerous organizations, the above-mentioned deadline was 30 June 2024.
Following the publication of the proposed Framework in January 2024 and the feedback received from various stakeholders, the finalized Model AI Governance Framework for Generative AI was released on 30 May 2024 by the Infocommunications Media Development Authority (IMDA) and AI Verify Foundation. The Framework expands upon the Model AI Governance Framework last updated in 2020.
On 11 June 2024, the minister of the Ministry of Science and Technology of Vietnam issued Decision 1290/QD-BKHCN providing guidance on principles for researching and developing responsible artificial intelligence (AI) systems (“Decision”). This Decision, which came into effect immediately upon issuance, is included with Version 1.0 of the Guide on Principles for Researching and Developing Responsible AI Systems (“Guide”). It is essential to highlight that the Guide is established as a voluntary standard rather than a mandatory rule.
Articles about artificial intelligence appear daily in many legal publications — including this one. But, on 28 May, US Circuit Judge Kevin Newsom of the US Court of Appeals for the Eleventh Circuit wrote a concurring opinion in Snell v. United Specialty Insurance Co. for the specific purpose of floating an idea about how judges might use generative AI.
In June 2024, the New York Assembly passed two bills that, if signed by the Governor, will impose extensive new requirements on companies operating in the state to enhance online protections for children. The first is the New York Child Data Protection Act, which imposes data minimization, consent and data processor agreement obligations on online services operators that actually know they collect minors’ personal information or target their services at minors. The second is the Stop Addictive Feeds Exploitation (SAFE) for Kids Act, which prohibits online service operators from providing minors with “addictive feeds” absent parental consent.
Samir Safar-Aly, Financial Regulatory Counsel and the firm’s MENA FinTech & AI Lead, recently spoke with Arabian Business regarding AI and deepfakes.
The National Privacy Commission issued a press release on 5 June 2024 to “sternly” warn businesses processing personal information that it will issue show cause orders in the case of non-compliance with the Data Privacy Act of 2012 and relevant NPC issuances, particularly NPC Circular No. 2022-04, which outlines the registration framework for data processing systems and data protection officers.
We are pleased to present the second edition in 2024 of Ukrainian Laws in Wartime: Guide for International and Domestic Businesses, a brief overview of the key features of wartime legislation.