On October 22, the National Institute of Standards and Technology (“NIST”) Internet of Things (“IoT”) Advisory Board released the Internet of Things Advisory Board Report, which concludes that IoT development has progressed more slowly than anticipated and identifies 26 findings that explain the slower pace of development and growth. The Report offers 104 recommendations on how the government can help foster IoT development. The Advisory Board provided this report to the IoT Federal Working Group emphasizing that an IoT transformation will boost U.S. economic growth, increase public safety and national resilience, create a more sustainable planet, individualize healthcare, foster equitable quality of life and well-being, and facilitate autonomous operations of our national infrastructure. For background, the IoT Federal Working Group was established by Congress in 2020 and was charged with identifying policies and statutes inhibiting IoT development and consider recommendations of the Advisory Board. Continue Reading NIST Report and Recommendations on Fostering Development of the Internet of Things
Internet of Things (IoT)
Data Act Becomes Law: What Next?
By Dan Cooper & Laura Somaini on
On November 27, 2023, the Council of the EU formally adopted the Data Act, following the European Parliament’s endorsement of November 9, which concludes the EU legislative process. As noted below, the Data Act will shortly be published in the Official Journal and become enforceable in 2025.
The Data Act is designed to require entities to make data, including non-personal data, accessible to other parties, so that it can be re-used for new purposes. The Data Act’s obligations are broad and may require significant engineering work to re-design products to ensure compliance.
We provide below a brief overview of key takeaways and timelines.Continue Reading Data Act Becomes Law: What Next?
EU cyber regulation wave quietly rolls on – Commission set to finalize new cyber standards
By Mark Young, Bart Szewczyk & Elżbieta Bieńkowska on
The recently agreed Cyber Resilience Act isn’t the only new EU cybersecurity rule set to be published this December: by the end of the year, the European Commission is expected to adopt its draft regulations to establish a European cybersecurity certification scheme (“ECCS”). Continue Reading EU cyber regulation wave quietly rolls on – Commission set to finalize new cyber standards
The EU’s Cyber Resilience Act Has Now Been Agreed
By Mark Young on
Yesterday, the European Commission, Council and Parliament announced that they had reached an agreement on the text of the Cyber Resilience Act (“CRA”). As a result, the CRA now looks set to finish its journey through the EU legislative process early next year. As we explained in our prior post about the Commission proposal, the CRA will introduce new cybersecurity obligations for a range of digital products sold in Europe. We’ll provide a more detailed summary of the agreed text once it is finalized and published but in this post we set out a brief summary of key provisions. In terms of timing, the CRA will come into force over a phased transition period starting in late 2025.
Continue Reading The EU’s Cyber Resilience Act Has Now Been Agreed
European Parliament and Council Release Agreed Text on Data Act
On June 27, 2023, the European Parliament and the Council of the EU reached a political agreement on the Data Act (see our previous blog post here), after 18 months of negotiations since the tabling of the Commission’s proposal in February 2022 (see our previous blog post here). EU lawmakers bridged their differences on a number of topics, including governance matters, territorial scope, protection of trade secrets, and certain defined terms, among others.
The Data Act is a key component of the European strategy for data. Its objective is to remove barriers to the use and re-use of non-personal data, particularly as it relates to data generated by connected products and related services, including virtual assistants. It also seeks to facilitate the ability of customers to switch between providers of data processing services.
We’ve outlined below some key aspects of the new legislation.Continue Reading European Parliament and Council Release Agreed Text on Data Act
Political Agreement Reached on the European Data Act
By Lisa Peets, Dan Cooper & Sam Jungyun Choi on
Late yesterday, the EU institutions reached political agreement on the European Data Act (see the European Commission’s press release here and the Council’s press release here). The proposal for a Data Act was first tabled by the European Commission in February 2022 as a key piece of the European Strategy for Data (see our previous blogpost here). The Data Act will sit alongside the EU’s General Data Protection Regulation (“GDPR”), Data Governance Act, Digital Services Act, and the Digital Markets Act.Continue Reading Political Agreement Reached on the European Data Act
U.S. AI, IoT, CAV, and Privacy & Cybersecurity Legislative & Regulatory Update – First Quarter 2023
This quarterly update summarizes key legislative and regulatory developments in the first quarter of 2023 related to Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and autonomous vehicles (“CAVs”), and data privacy and cybersecurity.Continue Reading U.S. AI, IoT, CAV, and Privacy & Cybersecurity Legislative & Regulatory Update – First Quarter 2023
U.S. AI, IoT, CAV, and Privacy Legislative Update – Fourth Quarter 2022
This quarterly update summarizes key legislative and regulatory developments in the fourth quarter of 2022 related to Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and autonomous vehicles (“CAVs”), and data privacy and cybersecurity.Continue Reading U.S. AI, IoT, CAV, and Privacy Legislative Update – Fourth Quarter 2022
U.S. AI, IoT, CAV, and Privacy Legislative Update – Third Quarter 2022
This quarterly update summarizes key legislative and regulatory developments in the third quarter of 2022 related to Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and autonomous vehicles (“CAVs”), and data privacy and cybersecurity. Continue Reading U.S. AI, IoT, CAV, and Privacy Legislative Update – Third Quarter 2022
Artificial Intelligence & NYC Employers: New York City Seeks Public Comment on Proposed Rules That Would Regulate the Use of AI Tools in the Employment Context
Many employers and employment agencies have turned to artificial intelligence (“AI”) tools to assist them in making better and faster employment decisions, including in the hiring and promotion processes. The use of AI for these purposes has been scrutinized and will now be regulated in New York City. The New York City Department of Consumer and Worker Protection (“DCWP”) recently issued a Notice of Public Hearing and Opportunity to Comment on Proposed Rules relating to the implementation of New York City’s law regulating the use of automated employment decision tools (“AEDT”) by NYC employers and employment agencies. As detailed further below, the comment period is open until October 24, 2022.Continue Reading Artificial Intelligence & NYC Employers: New York City Seeks Public Comment on Proposed Rules That Would Regulate the Use of AI Tools in the Employment Context