On June 3, 2026, the European Commission (EC) released its first draft of a proposed Cloud and AI Development Act (Proposal or CADA), marking a significant step forward in the EU’s efforts to strengthen its digital infrastructure and reduce strategic dependence on non-EU cloud providers.
Continue Reading European Commission Publishes Proposal for Act to Reduce Reliance on Foreign Cloud and AILaura Brodahl
YellowKey Zero-Day and the BitLocker Bypass: Compliance and Incident Response Implications
By Demian Ahn, Colin Black, Laura Brodahl & Tony Misher on
Posted in Uncategorized
Key Takeaway
A publicly disclosed and widely unpatched zero-day vulnerability, named YellowKey, permits anyone with physical access to a device running Windows 11 or Windows Server 2022/2025 to bypass BitLocker full-disk encryption (Microsoft’s built-in tool that acts like a digital vault for a computer’s entire hard drive) and read protected data without a password or recovery key. Organizations that rely on BitLocker as a primary or sole data-protection control should reassess their risk posture immediately.
Continue Reading YellowKey Zero-Day and the BitLocker Bypass: Compliance and Incident Response ImplicationsEU Data Act Enters into Force
By Laura De Boel, Laura Brodahl & Carol Evrard on
Posted in Privacy
Effective September 12, 2025, the EU Data Act introduced new rules on access to and sharing of data from certain products and services in business-to-consumer (B2C), business-to-business (B2B), and business-to-government (B2G) contexts. This alert highlights the key obligations. The EU Data Act applies to any business offering products or services in the EU, regardless of its location.
Continue Reading EU Data Act Enters into ForceEU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement
Posted in Privacy
On June 16, 2025, the Council of the EU (Council) and the European Parliament (EP) reached a provisional agreement on a new regulation (the Draft Regulation) to enhance enforcement of the General Data Protection Regulation…
Continue Reading EU Reaches a Deal on Rules for Swifter Cross-Border GDPR EnforcementEU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement
Posted in Privacy
On June 16, 2025, the Council of the EU (Council) and the European Parliament (EP) reached an agreement on a new regulation (the Draft Regulation) to enhance enforcement of the General Data Protection Regulation (GDPR). The Draft Regulation aims to improve cooperation between national data protection authorities (DPAs) to speed up their handling of cross-border GDPR complaints and related investigations.
Continue Reading EU Reaches a Deal on Rules for Swifter Cross-Border GDPR EnforcementUK Regulator Issues Three Million GBP Monetary Penalty in Connection with Ransomware Attack
Posted in Cybersecurity
On March 27, 2025, the Information Commissioner’s Office (ICO) announced a fine of 3 million GBP (3.9 million USD) against a software provider (the company) for security deficiencies following a ransomware incident (e.g., lack of multi-factor authentication (MFA)). This is the first time the ICO has fined a processor under the UK’s General Data Protection Regulation (GDPR). This post provides an overview of the decision and outlines the key points companies should consider, including the security measures the ICO expects them to implement.
Continue Reading UK Regulator Issues Three Million GBP Monetary Penalty in Connection with Ransomware AttackEU Data Act Imposes New Data Sharing Obligations
By Laura Brodahl & Laura De Boel on
Posted in Cybersecurity
As of September 12, 2025, the EU Data Act will impose new obligations concerning the sharing of, and access to, data generated by certain products and services offered in the EU. This alert highlights the data sharing obligations for providers of connected devices and related services.
Continue Reading EU Data Act Imposes New Data Sharing Obligations