Topic: Data and cybersecurity

The Data (Use and Access) Act (DUAA) received Royal Assent on 19 June 2025. The DUAA enacts the changes to the UK’s data protection regime that have been contemplated since the Data: a new direction consultation in 2021.

Regulated financial services sector firms in the Abu Dhabi Global Market (ADGM) have six months to comply with the new Cyber Risk Management Framework announced by the Financial Services Regulatory Authority (FSRA) on 29 July 2025.

On 29 July 2025, the Financial Services Regulatory Authority (FSRA) of the Abu Dhabi Global Market (ADGM) announced the implementation of a new Cyber Risk Management Framework that will apply to financial sector firms under its supervision.

The European Banking Authority (EBA) is currently consulting on its draft guidelines on the sound management of third party risk (Draft Guidelines), which are intended to replace the 2019 guidelines on outsourcing arrangements (2019 Guidelines).

The financial services sector is becoming increasingly reliant on cloud service providers (CSPs) to fulfil its growing data processing and storage needs. Financial services providers in the United States have reportedly had the highest levels of adoption, operating 54% of their workloads in the cloud; and according to the European Central Bank, banks spent 13.5% more on cloud outsourcing in 2024 than in 2023.

The biggest AI privacy problems no one is talking about: Installment 1: The Agent2Agent (“A2A”) Protocol
In the privacy world, everyone is focused on fairness, bias, and data scraping. These issues, however, are not even among the top 3 AI privacy issues. And it’s not even close.

Most incidents handled by our Norton Rose Fulbright cyber team originate from the customer’s service provider. In many cases it is the service provider’s systems, infrastructure and environment which proves to be the most vulnerable to cyber breaches and security issues.

The California Privacy Protection Agency (CPPA) just issued its second enforcement action under the CCPA and the message is clear: the CPPA is looking at your digital properties and tallying up the violations. Your website is more than a marketing tool; it is a compliance obligation.

The Fifth Annual Report issued May 19, 2015, by the Financial Stability Oversight Council (FSOC), established under the Dodd-Frank Wall Street Reform and Consumer Protection Act to oversee risks to the U.S. financial system. Themes discussed in the report included cybersecurity, market structure, reference rates and data collection.

Businesses investing in, financing or operating data centres face a complex matrix of laws and regulatory requirements. Ensuring compliance is important for lender and investor due diligence and is crucial to avoiding fines, penalties and contractual or regulatory breaches that can significantly impact the business and any investment in, or financing of, data centres.