EU AI Regulation -- The EU enacted comprehensive legislation surrounding the use of AI. Under the regulation, certain applications of AI are prohibited. Examples are those that use manipulative techniques to distort behavior, those that classify individuals based on social behavior or personal traits, compiling facial recognition databases from the internet etc. It also mandates strict documentation the data sets used, their relevance and to demonstrate compliance. The intent is to make the models and test data transparent to the user. The state of Colorado in the U.S. also passed a similar law that protects consumers from high risk AI systems. The bill will go into effect from February 2026.
https://artificialintelligenceact.eu/ https://leg.colorado.gov/bills/sb24-205DORA – Digital Operational Resilience Act. The European Union introduced DORA in January of this year, as a measure to protect financial institutions from cyber attacks. It was introduced to cope with the increased dependence on IT in the financial sector and the risks associated with failures or breaches in the underlying technologies. Among others, it includes provisions for testing against vulnerabilities and better reporting of cyber attacks.
https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_enHIPAA – The Department of Health and Human Services has proposed changes to the Health Information Portability and Accountability Act, first passed in 1996. Among the changes are the removal of distinction between required and addressable security measures, making all security measures mandatory; increased reporting of security incidents, increased documentation requirements and testing of IT systems; comprehensive inventory and map of technology assets regarding their intersection with sensitive information.
https://www.taftlaw.com/news-events/law-bulletins/hipaa-security-rule-to-experience-major-updates-in-2025/