In the second episode of our Global Regulation Tomorrow Plus mini-series on artificial intelligence in financial services, Matthew Gregory and Simon Lovegrove discuss the Mills Review.
Listen to this episode here.
Latest from Norton Rose Fulbright - Page 2
Privacy Day 2026: Why trust is the new competitive advantage
Every year, Privacy Day gives organizations a moment to pause and reflect on how rapidly the data landscape is shifting, but 2026 feels different. The conversation has moved beyond compliance checklists and breach headlines. Privacy is moving beyond legal, shaping customer expectations, regulatory strategy, and even the pace of innovation. Today, even business teams are…
Canada – Financial Services in Focus: Volume 1
Navigating change in financial services requires foresight and agility. As regulatory landscapes evolve and new technologies reshape risk and compliance, institutions must proactively assess how these developments affect their operations, governance, and growth strategies. Our latest insights explore critical developments, from Canada’s Federal Budget 2025 and its implications for operating models and tax strategies, to…
Germany: What to expect in 2026
In 2026, new legislation will be introduced into German employment law bringing significant changes for Human Resources Managers to be aware of.
New legislation coming into force
Social insurance calculation factors
The factors for calculating the levels in the social insurance system were updated on 1 January 2026. The updated rates and limits can be…
Agentic AI: the ICO’s early thoughts on the data protection implications
The ICO has kicked off 2026 with sharing its early thoughts on the data protection implications of agentic AI in its ICO tech futures: Agentic AI report. The report considers the novel data protection risks presented by agentic AI. It also considers how adoption could impact the risks and the effect that will have…
Keeping Hong Kong’s registered design system up to date with the modern world
In our previous blog posts here and here, we reported on the Hong Kong government’s efforts to update the Copyright Ordinance to align with the latest technological developments, especially in relation to artificial intelligence. This month, the government released a further public consultation to update the Registered Designs Ordinance (RDO) in view of global…
Happy e-Discovery Day
Happy e-Discovery Day! On December 4, 2025, legal professionals around the globe will unite to celebrate e-Discovery Day, a day where we honor the pivotal 2006 amendments to the Federal Rules of Civil Procedure (FRCP) that marked a turning point formally recognizing electronically stored information (ESI) as a central component of modern legal discovery.
As…
Update: CISA 2015 is reauthorized until January 2026
The Cybersecurity Information Sharing Act of 2015 (CISA 2015) has been temporarily reauthorized as part of the broader legislation passed on November 12, 2025, to reopen the federal government. Under the appropriation legislation, CISA 2015 is now reauthorized until January 30, 2026.
As previously discussed in details on this blog, CISA 2015 expired at…
Changes to EU and UK data protection law – a tale of two GDPRs?
The EU Commission recently held a call for evidence on “simplification” of legislation in the data, cybersecurity, and AI space, ahead of a “Digital Omnibus” Act. These changes look to make the EU’s digital rulebook more innovation-friendly, supporting the Commission’s Competitiveness Compass.
The Commission is due to present its simplification proposals on 19 November. Ahead…
NYDFS releases guidance on third-party service provider risks
On October 21, 2025, the New York Department of Financial Services (NYDFS) issued guidance to help licensees comply with its cybersecurity regulation. The non-exclusive checklists may be of interest to companies not licensed by NYDFS and even those not offering financial services, given NYDFS’ comment that the guidance is intended to “recommend industry best…