Perhaps the most significant promise of the roadmap was a change in rules around custody of customer crypto assets. Hong Kong’s existing 98% onshore cold wallet storage requirement — arguably the strictest in the world — has been a bugbear for many industry players. This was reinforced by the government’s July 2025 Policy Statement 2.0 on the Development of Digital Assets in Hong Kong, which added to the SFC’s work with additional initiatives on RWA tokenization and stablecoins. In March, the regulator published the long-awaited draft of its Virtual Assets Services Act.
EU regulation on cross-border EU GDPR enforcement in force
- Licensing criteria for crypto platforms include local incorporation, minimum capital of VND 10 trillion (USD 380 million), and majority local ownership.
- By anchoring digital payments to the UAE dirham, the CBUAE reaffirmed monetary sovereignty and prohibited the use of foreign currency or algorithmic stablecoins.
- The PDPL applies to processing of personal data by controllers and processors established in the UAE mainland and to certain extraterritorial processing relating to UAE data subjects, excluding processing exclusively under DIFC or ADGM regimes.
- With SentinelOne, businesses have a reliable partner that makes compliance easier, data protection stronger, and their standing stronger in the current data-centric world.
- Energy suppliers are subject to regulations for safety and environmental protection purposes.
- The report on the outcome of that action is expected to be adopted in the coming months.
By limiting the amount of information stored, organizations can reduce their exposure to risks and enhance compliance with privacy regulations. Demonstrating compliance with regulations like GDPR or CCPA reassures customers that their privacy is respected. Organizations that prioritize data protection foster trust, which translates into customer loyalty and brand reputation.
GDPR requirements include controls for restricting unauthorized access to stored data and access control measures, such as the principle of least privilege, role-based access and MFA. Here’s how to start better demonstrating that your organization’s risk management and regulatory compliance approach is the most effective it can be. When choosing a data governance tool, key factors include AI-enabled automation, scalability, seamless integration with existing systems, ease of use, customizability, robust vendor support and cost considerations. Data governance is a set of principles, standards and practices to help ensure your data is reliable, consistent, and trustworthy.
What is the FTC’s role in data privacy laws?
In the absence of existing comprehensive federal regulatory oversight, states have implemented a spectrum of laws to specifically regulate the use of AI-powered chatbots in mental healthcare. Some states have http://www.familiesforexcellentschools.org/privacy-policy taken a hard stance virtually prohibiting mental health chatbots, while other states have adopted a variety of protections designed to enhance transparency and user safety. For example, Illinois prohibits providing, advertising, or otherwise offering therapy or psychotherapy services to the public, including through the use of AI, unless the therapy or psychotherapy services are conducted by a licensed professional. Nevada prohibits AI systems from representing themselves as a doctor, mental health provider, or therapist or furnishing services that a user would consider to be professional mental health services.
Key Takeaways
For firms, France offers regulatory certainty — so long as they can meet its higher bar for compliance and governance. France began 2025 navigating the transition from its national regime to the EU’s MiCA framework. By early January, eight CASPs had secured MiCA authorization in France, reflecting a deliberate pace by the AMF, which prioritized the orderly conversion of existing firms over rapid expansion.
Key Takeaways:
- Implementation of the data compliance policy accelerates the pace of data integrity, confidentiality, and availability, adding to a robust and reliable cybersecurity framework.
- This gets complex with global cloud computing because you’re dealing with different legal requirements simultaneously.
- If your business deploys GenAI tools that interact with consumers, you now have specific transparency requirements about how those systems work and what data they use.
- Complying with these guidelines helps companies minimize the risk of being sued or fined and mitigate the effects of negative customer fallout and reputational damage.
- For example, in July, OJK applied fit and proper requirements for key persons, and in August, it added cybersecurity guidelines.
Regulatory compliance, on the other hand, refers to the adherence to laws, regulations, guidelines, and specifications relevant to the organization’s industry. The intersection of these two concepts is critical, as effective data governance is a cornerstone of achieving and maintaining regulatory compliance. Most data compliance frameworks also require you to document how data is collected, accessed, retained, and disposed of across its lifecycle. All of this is done to help ensure the protection of regulated and/or sensitive data from unauthorized use. Another key piece of data compliance is tracking what kind of and how much data is being stored, and how that stored data is being managed through its lifecycle.
All existing VASPs who had not submitted an application by December 31, 2024 were required to cease operations. Nine VASPs remain under assessment, and no licenses have been granted,4 underscoring a cautious approach to licensing. In the meantime, the FSA is taking a firm stance on unlicensed activity, issuing more than 20 public warnings to unauthorized entities, including large multinational service providers.
E-money licenses are especially useful for digital asset businesses that offer wallet services or stablecoins that act like e-money. Federal Decree-Law No. 26 of 2025 on Child Digital Safety places obligations on internet service providers to activate content filtering systems and support safer and supervised access for children, including parental control measures and compliance support. AI systems must comply with data protection rules, sectoral fairness and transparency requirements, content restrictions on national symbols and figures, and cybersecurity obligations for critical infrastructure.
It also stressed the importance of international cooperation and information sharing to promote technical assistance and mutual understanding. IOSCO plans to develop a full assessment methodology in 2026, for regular consistency assessments by its Assessment Committee thereafter. For example, citing TRM Labs’ findings on the use of virtual assets by groups such as ISIL-Khorasan, the report highlighted that virtual assets had become a more important element of ISIL’s financial tradecraft.
California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
Discover, monitor and protect sensitive data across hybrid and multicloud environments with IBM’s unified security, real-time threat detection and automated risk reduction. Copy data management (CDM) helps organizations better manage and control duplicate data, thereby reducing storage costs and enhancing data accessibility. CDM is an essential part of information lifecycle management (ILM) because it helps to maximize data value while minimizing redundancy and storage inefficiencies. The evolving nature of these attacks requires organizations to implement proactive security measures such as regular backups, real-time threat detection and employee training to mitigate the impact of ransomware and protect sensitive information. Like the GDPR, it places the onus on businesses to be transparent about their data practices and empowers individuals to have more control over their personal information. Under the CCPA, California residents can request details about the data collected on them by businesses, opt out of data sales and request data deletion.
Organizations must also adopt some specific data protection measures, like appointing a data protection officer to oversee data handling. If your organization handles consumer, employee, or government data, 2026 is shaping up to be a year that demands closer attention to privacy and security compliance. The biggest pressure points come from expanding state privacy laws, expanding AI-related obligations, updated children’s privacy rules, and evolving international frameworks. This update highlights the most important legal and regulatory changes businesses should be tracking now. It also offers a practical checklist to help teams tighten privacy hygiene before enforcement risk grows.
