Legal News and Events

Agentic Artificial Intelligence (AI) is transforming not only business and security operations but also advancing a new phase in the evolution of AI systems. By extending traditional machine learning (ML) and large language models (LLMs) with autonomy and decision-making capabilities, agentic AI introduces both powerful new opportunities and important considerations for organizations adopting these technologies.

Under the Digital Operational Resilience Act (Regulation (EU) 2022/2554), there are two criticality criteria:

1. Criticality of the function using the information and communication technology (ICT) service: article 8.5 of DORA, as determined by financial entities; and
2. Criticality of the ICT service provider: article 31 of DORA, as determined by the European Supervisory Authorities (ESAs).

Regulation SP Requires registered broker-dealers, investment companies, and investment advisers to adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information.

CPS 234 is an Australian Prudential Standard designed to ensure APRA-regulated entities can effectively prevent, detect, respond to, and recover from information security incidents, including cyberattacks.

CPS 230 is an Australian Prudential Standard designed to strengthen operational risk management and resilience across the Australian financial sector. The regulation took effect on July 1, 2025.

The Network and Information Security Directive 2022/2555, otherwise known as NIS2, is a European Union (EU) directive designed to improve the security of network and information systems in the EU.

The Digital Operational Resilience Act (“DORA”) was adopted on 27 December 2022. It is a European Union regulation designed to increase the cybersecurity requirements for financial institutions (“FSIs”- Financial Services Industries) and their information and communication technology (“ICT”) service providers.

IRAP is an Australian Government initiative managed by the Australian Signals Directorate (ASD) designed to help ensure that information and communications technology (ICT) systems meet the requirements of the Australian Government Information Security Manual (ISM).  By meeting IRAP control requirements, organizations can have confidence that Proofpoint maintains the security controls necessary to securely protect government systems and information.

The Digital Operational Resilience Act (“DORA”) was adopted on 27 December 2022. It is a European Union regulation designed to increase the cybersecurity requirements for financial institutions (“FSIs”- Financial Services Industries) and their information and communication technology (“ICT”) service providers.

On October 30, 2023, the Biden administration issued an Executive Order (EO) on the Safe, Secure and Trustworthy Development and Use of Artificial Intelligence (AI) (“Order”).