With its Russmedia judgment (C-492/23, Grand Chamber, 2 December 2025), the Court of Justice of the European Union (CJEU or Court) fundamentally reshapes how online marketplaces and other platforms hosting user-generated content must approach data protection compliance.
Continue Reading CJEU’s Russmedia Decision Expands Platform Controller Duties Under GDPR
Cybersecurity incidents pose a fundamental challenge: How do you reassure stakeholders while acknowledging that many facts remain unknown early in forensic investigations?
Continue Reading How to Reassure Stakeholders When Facts Are Still Unknown During Cyber Incidents
On Dec. 5, 2025, the German act implementing the EU NIS 2 Directive was published.
Continue Reading NIS2 in Germany: The New BSI Act Makes Cybersecurity a Board-Level Issue
The last remaining provisions of the amendments to the New York Department of Financial Services’ (DFS) cybersecurity regulation called Part 500 came into effect Nov. 1, 2025.
Continue Reading NYDFS Final Cybersecurity Rules – MFA, Asset Inventory, and Third-Party Risk
The German data protection supervisory authorities have released their take on international data transfers in medical research.
Continue Reading New DSK Guidelines Aim to Set the Standard for International Research Collaborations
In September, DoD finalized the CMMC Program, along with the accompanying contract clauses, with an effective date of Nov. 10, 2025.
Continue Reading Preparing for a CMMC Audit: The System Security Plan
On Sept. 10, 2025, the Department Defense (DoD) issued a final rule amending the Defense Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program for government contractors.
Continue Reading Recapping CMMC Level 3: Considerations for Government Contractors
Starting Nov. 10, 2025, contractors and subcontractors handling controlled unclassified information (CUI) may be required to have a current CMMC Level 2 self-assessment for new contracts and option exercises involving CUI.
Continue Reading Recapping CMMC Level 2: Considerations for Government Contractors
On Sept. 10, 2025, the Department Defense (DoD) issued a final rule amending the Defense Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program for government contractors. This final rule established a November 10, 2025 go-live date for the start of phase 1 of CMMC. As we covered in our prior
In June 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued draft updated guidance for public comment on the Minimum Elements for a Software Bill of Materials (SBOM), which the National Telecommunications and Information Administration (NTIA) first published in 2021 for federal agencies in response to Executive Order 14028 on Improving the Nation’s Cybersecurity.
Continue Reading Software Bill of Materials Guidance for Government Contractors