Despite the potentially sweeping impact of the proposed FAR CUI Rule (Proposed Rule), less than 30 comments have been filed to date during the comment period, which ends March 17, 2025.
Continue Reading Proposed FAR CUI Rulemaking Nears Comment Deadline
Six months after the SEC’s Cybersecurity Incident Disclosure Rule (SEC Rule) came into force, an April 2024 GT Alert summarized disclosure trends. The GT Alert identified that the companies who filed a mandatory form 8-K disclosing a cybersecurity incident had erred on the side of caution, hedged on whether the materiality threshold had been met
On Jan. 15, 2025, the Department of Defense (DoD), General Services Administration, and NASA, all members of the FAR Council, published a proposed FAR CUI Rule under Title 48 of the CFR. This proposed rule amends the Federal Acquisition Regulation (FAR) to implement the third and final piece of the National Archives and Records Administration’s
The European Data Protection Board (EDPB) has recently (re)positioned itself on several controversial topics and published three new guidelines and opinions. Although not legally binding, they do have a significant influence on proceedings before the supervisory authorities and courts. This GT Alert discusses the EDPB’s new guidelines and their implications for companies dealing with personal
On Oct. 21, 2024, the OMB Office of Information and Regulatory Affairs (OIRA) concluded its regulatory review of the long-awaited Federal Acquisition Regulation Controlled Unclassified Information Rule (FAR CUI Rule), clearing the proposed rule’s path for publication in the Federal Register in 2024.
The FAR CUI Rule is being issued pursuant to Executive Order 13556
On Oct. 14, 2024, the Department of Defense (DoD) published the final rule that would implement the Cybersecurity Maturity Model Certification 2.0 (CMMC) Program under 32 CFR Part 170 (Final Rule) to the Federal Register. The Final Rule comes less than 10 months after DoD published the proposed rule, which yielded approximately 361 submissions
On Aug. 15, 2024, the Department of Defense (DoD) published a proposed rule that would implement contract clauses under 48 CFR related to the Cybersecurity Maturity Model Certification (CMMC) Program (Proposed Rule). DoD previously published a related proposed rule that would implement the CMMC 2.0 Program under 32 CFR 170 and provided the relevant security
On Aug. 2, 2024, Illinois Gov. J.B. Pritzker signed SB 2979 into law, amending BIPA in two ways: significantly limiting potential damages and updating the Act’s definition of “written release” to include an “electronic signature.”
On May 16, 2024, the U.S. Securities and Exchange Commission finalized amendments to Regulation S-P (the Amendments) that largely adopt the proposed amendments the SEC issued in 2023. As discussed in further detail below, the Amendments will require broker-dealers, investment companies, SEC-registered investment advisers, funding portals, and transfer agents registered with the SEC or other
On Aug. 9, 2023, a tutoring company agreed to pay $365,000 to settle an artificial intelligence (AI) lawsuit with the Equal Employment Opportunity Commission (EEOC). The settlement comes on the heels of multiple EEOC warnings to employers about potential discrimination associated with the use of AI for hiring and workplace decisions.