Greenberg Traurig is a sponsor of the 2025 Privacy + Security Forum Fall Academy taking place from November 12 – 14, at George Washington University in Washington, D.C.
Nov. 12-14 EVENT | 2025 Privacy + Security Forum Fall Academy
CHINA: Amendments to Cybersecurity Law Effective 1 January 2026
On 28 October 2025, China passed amendments to the Cybersecurity Law, marking the first update since its enactment in 2016. These amendments reflect China’s heightened focus on cybersecurity and AI governance and are scheduled to take effect on 1 January 2026.
Key Updates
The amendments primarily focus on the law’s enforcement provisions. Key updates include:
Insider Threat: Client Considerations and Justifications
The Threat
Malware usage by adversaries has reportedly declined. Partly due to sophisticated detection methods commonly deployed by medium to large organisations.
Conversely, insider threats (cybersecurity risks originating from within an organisation) are increasing, posing complex and costly challenges for businesses. CrowdStrike’s 2025 Global Threat Report indicates that insider threat operations accounted for 40% of
NYDFS Publishes Industry Guidance on Managing Cyber Risks Related to Third-Party Service Providers
On October 21, 2025, the New York State Department of Financial Services (“NYDFS”) issued an industry letter (the “Guidance”) highlighting the cybersecurity risks related to Covered Entities’ use of Third-Party Service Providers (“TPSPs”) and providing strategies to address these risks. The Guidance is addressed to all Covered Entities subject to NYDFS’s cybersecurity regulation codified at
NYDFS releases guidance on third-party service provider risks
On October 21, 2025, the New York Department of Financial Services (NYDFS) issued guidance to help licensees comply with its cybersecurity regulation. The non-exclusive checklists may be of interest to companies not licensed by NYDFS and even those not offering financial services, given NYDFS’ comment that the guidance is intended to “recommend industry best
Halloween Reminder – Don’t Get Haunted by Hacks
With Halloween lurking around the corner and as National Cybersecurity Awareness Month comes to a close, the McGuireWoods Data Privacy & Cybersecurity Practice Group reminds you to not wait to be spooked by a cybersecurity incident or haunted by the task of maintaining your cybersecurity program.
Today’s threat landscape is rapidly changing and accelerated evermore
EDPS Refines Generative AI Guidelines: A Blueprint for Lawful Innovation in the EU
October 29, 2025 — In a significant move toward harmonizing artificial intelligence with data protection principles, the European Data Protection Supervisor (EDPS) has released updated guidelines aimed at ensuring the lawful use of generative AI across EU institutions. These revisions come at a time when AI technologies are rapidly evolving, and regulatory clarity is more
China Amends Cybersecurity Law and Incident Reporting Regime to Address AI and Infrastructure Risks
Over the past few months, Chinese regulators have taken steps to update the country’s cybersecurity framework, with a particular focus on artificial intelligence (AI) safety and clarifying incident reporting obligations for onshore infrastructure. These developments reflect a broader trend toward more proactive AI and cyber governance and could signal priorities for the year ahead.
Why AI Risk Is Now Every Company’s Problem (and How to Manage It)
“We need someone to figure out our AI governance plan, and everyone thinks it should be you.”
If you work in privacy, or your role intersects with it, you’ve probably heard or had this conversation. Maybe it came from Legal after they realized the new vendor contract doesn’t address AI data processing. Perhaps it was
European Commission Publishes Apply AI Strategy to Accelerate Sectoral AI Adoption Across the EU
On 8 October 2025, the European Commission published its Apply AI Strategy (the “Strategy”), a comprehensive policy framework aimed at accelerating the adoption and integration of artificial intelligence (“AI”) across strategic industrial sectors and the public sector in the EU.
The Strategy is structured around three pillars: (1) introducing sectoral flagships to boost AI use