Internet of Things (IoT)

Earlier this month the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released its Draft NISTIR 8267, Security Review of Consumer Home Internet of Things (IoT) Products, for public comment. NIST will accept public comments on the report through November 1, 2019.
Continue Reading IoT Update: NIST Seeks Public Comment on Security Review of Smart Home IoT Devices

On 19 September 2019, the European Parliamentary Research Service (“EPRS”)—the European Parliament’s in-house research service—released a briefing paper that summarizes the current status of the EU’s approach to developing a regulatory framework for ethical AI.  Although not a policymaking body, the EPRS can provide useful insights into the direction of EU policy on an issue.  The paper summarises recent calls in the EU for adopting legally binding instruments to regulate AI, in particular to set common rules on AI transparency, set common requirements for fundamental rights impact assessments, and provide an adequate legal framework for facial recognition technology.

The briefing paper follows publication of the European Commission’s high-level expert group’s Ethics Guidelines for Trustworthy Artificial Intelligence (the “Guidelines”), and the announcement by incoming Commission President Ursula von der Leyen that she will put forward legislative proposals for a “coordinated European approach to the human and ethical implications of AI” within her first 100 days in office.

Continue Reading European Parliamentary Research Service issues a briefing paper on implementing EU’s ethical guidelines on AI

As policymakers weigh the implications of artificial intelligence (“AI”) and the Internet of Things (“IoT”), members of Congress have introduced a handful of measures focusing on Government support for and adoption of these emerging technologies.

In May, Senators Deb Fischer (R-NE), Brian Schatz (D-HI), Cory Gardner (R-CO), and Cory Booker (D-NJ) reintroduced the Developing and

On April 8, 2019, the EU High-Level Expert Group on Artificial Intelligence (the “AI HLEG”) published its “Ethics Guidelines for Trustworthy AI” (the “guidance”).  This follows a stakeholder consultation on its draft guidelines published in December 2018 (the “draft guidance”) (see our previous blog post for more information on the draft guidance).  The guidance retains many of the same core elements of the draft guidance, but provides a more streamlined conceptual framework and elaborates further on some of the more nuanced aspects, such as on interaction with existing legislation and reconciling the tension between competing ethical requirements.

According to the European Commission’s Communication accompanying the guidance, the Commission will launch a piloting phase starting in June 2019 to collect more detailed feedback from stakeholders on how the guidance can be implemented, with a focus in particular on the assessment list set out in Chapter III.  The Commission plans to evaluate the workability and feasibility of the guidance by the end of 2019, and the AI HLEG will review and update the guidance in early 2020 based on the evaluation of feedback received during the piloting phase.
Continue Reading EU High-Level Working Group Publishes Ethics Guidelines for Trustworthy AI

The European Commission (“Commission”) has published a Recommendation on cybersecurity in the energy sector (“Recommendation”).  The Recommendation builds on recent EU legislation in this area, including the NIS Directive and EU Cybersecurity Act (see our posts here and here).  It sets out guidance to achieve a higher level of cybersecurity taking into account specific characteristics of the energy sector, including the use of legacy technology and interdependent systems across borders.

Continue Reading EU Commission Issues Recommendation on Cybersecurity in the Energy Sector

On March 29, 2019, the ICO opened the beta phase of the “regulatory sandbox” scheme (the “Sandbox”), which is a new service designed to support organizations that are developing innovative and beneficial projects that use personal data.  The application process for participating in the Sandbox is now open, and applications must be submitted to the ICO by noon on Friday May 24, 2019. The ICO has published on its website a Guide to the Sandbox, which explains the scheme in detail.

The purpose of the Sandbox is to support organizations that are developing innovative products and services using personal data and develop a shared understanding of what compliance looks like in particular innovative areas.  Organizations participating in the Sandbox are likely to benefit from having the opportunity to liaise directly with the regulator on innovative projects with complex data protection issues.  The Sandbox will also be an opportunity for market leaders in innovative technologies to influence the ICO’s approach to certain use cases with challenging aspects of data protection compliance or where there is uncertainty about what compliance looks like.

The beta phase of the Sandbox is planned to run from July 2019 to September 2020.  Around 10 organizations from private, public and third sectors will be selected to participate.  In the beta phase, the ICO is focusing on data processing that falls within the remit of UK data protection law.  
Continue Reading ICO opens beta phase of privacy “regulatory sandbox”

Following a political agreement at the end of 2018, earlier this week the European Parliament approved a new cybersecurity regulation known as the EU “Cybersecurity Act” This forms part of the EU’s Cyber Package, first announced in September 2017 (which we blogged about here).

In addition to reinforcing the mandate of ENISA — now to be known as the EU Agency for Cybersecurity — the new regulation establishes an EU cybersecurity certification framework. This framework is intended to increase the transparency of the cybersecurity assurance of ICT products, services and processes, and thereby improve trust and help end users make informed choices.  Another key reason for the framework is to avoid the multiplication of conflicting or overlapping national certifications and thus reduce costs.

Under the regulation, the Commission is empowered to adopt European cybersecurity certification schemes, prepared by ENISA, concerning specific groups of ICT products, services and processes.  The schemes could cover, for example, ICT products, services and processes that are used in cars, airplanes, power plants, medical devices, as well as Internet-connected consumer devices.

Among many other details, each certification scheme will set out the subject matter and scope of the scheme, including the type or categories of ICT products, services and processes covered; a clear description of the purpose of the scheme; references to the international, European or national standards applied in the evaluation or other technical specifications; information on assurance levels (explained in more detail below); and an indication of whether conformity self-assessment is permitted under the scheme (also explained in more detail below).
Continue Reading European Parliament Approves EU Cybersecurity Act

On March 11, 2019, a bipartisan group of lawmakers including Sen. Mark Warner and Sen. Cory Gardner introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2019. The Act seeks “[t]o leverage Federal Government procurement power to encourage increased cybersecurity for Internet of Things devices.” In other words, this bill aims to shore up cybersecurity requirements for IoT devices purchased and used by the federal government, with the aim of affecting cybersecurity on IoT devices more broadly.

Continue Reading Senate Reintroduces IoT Cybersecurity Improvement Act

On February 27, 2019, Covington hosted its first webinar in a series on connected and automated vehicles (“CAVs”).  During the webinar, which is available here, Covington’s regulatory and public policy experts covered the current state of play in U.S. law and regulations relating to CAVs.  In particular, Covington’s experts focused on relevant developments in: (1) federal public policy; (2) federal regulatory agencies; (3) state public policy; (4) autonomous aviation; and (5) national security.

Highlights from each of these areas are presented below.

Continue Reading Covington Hosts First Webinar on Connected and Automated Vehicles

One week from today, Covington will host its first webinar in a series on connected and automated vehicles (“CAVs”). The webinar will take place on February 27 from 12 to 1 p.m. Eastern Time. During the webinar, Covington’s regulatory and legislative experts will cover developments in U.S. law and regulations relating to CAVs. Those topics