The Federal Trade Commission remains focused on children’s privacy and the Children’s Online Privacy Protection Act.
Continue Reading FTC Signals Relaxed COPPA Enforcement for Age-Verification Technologies
China’s Amended Cybersecurity Law Takes Effect
The amended Cybersecurity Law of China (CSL) entered into force on Jan. 1, 2026. These amendments, officially approved by China’s top legislature in October 2025, mark the first major changes to the law since it took effect in 2017.
Continue Reading China’s Amended Cybersecurity Law Takes Effect
NIS2 in Germany: The New BSI Act Makes Cybersecurity a Board-Level Issue
On Dec. 5, 2025, the German act implementing the EU NIS 2 Directive was published.
Continue Reading NIS2 in Germany: The New BSI Act Makes Cybersecurity a Board-Level Issue
NYDFS Final Cybersecurity Rules – MFA, Asset Inventory, and Third-Party Risk
The last remaining provisions of the amendments to the New York Department of Financial Services’ (DFS) cybersecurity regulation called Part 500 came into effect Nov. 1, 2025.
Continue Reading NYDFS Final Cybersecurity Rules – MFA, Asset Inventory, and Third-Party Risk
New DSK Guidelines Aim to Set the Standard for International Research Collaborations
The German data protection supervisory authorities have released their take on international data transfers in medical research.
Continue Reading New DSK Guidelines Aim to Set the Standard for International Research Collaborations
Preparing for a CMMC Audit: The System Security Plan
In September, DoD finalized the CMMC Program, along with the accompanying contract clauses, with an effective date of Nov. 10, 2025.
Continue Reading Preparing for a CMMC Audit: The System Security Plan
Recapping CMMC Level 3: Considerations for Government Contractors
On Sept. 10, 2025, the Department Defense (DoD) issued a final rule amending the Defense Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program for government contractors.
Continue Reading Recapping CMMC Level 3: Considerations for Government Contractors
Recapping CMMC Level 2: Considerations for Government Contractors
Starting Nov. 10, 2025, contractors and subcontractors handling controlled unclassified information (CUI) may be required to have a current CMMC Level 2 self-assessment for new contracts and option exercises involving CUI.
Continue Reading Recapping CMMC Level 2: Considerations for Government Contractors
Recapping CMMC Level 1: Considerations for Government Contractors
On Sept. 10, 2025, the Department Defense (DoD) issued a final rule amending the Defense Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program for government contractors. This final rule established a November 10, 2025 go-live date for the start of phase 1 of CMMC. As we covered in our prior
Software Bill of Materials Guidance for Government Contractors
In June 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued draft updated guidance for public comment on the Minimum Elements for a Software Bill of Materials (SBOM), which the National Telecommunications and Information Administration (NTIA) first published in 2021 for federal agencies in response to Executive Order 14028 on Improving the Nation’s Cybersecurity.
Continue Reading Software Bill of Materials Guidance for Government Contractors