Alston & Bird Privacy, Cyber & Data Strategy Blog

European Commission Publishes Guidance For Companies Implementing the EU Cyber Resilience Act

January 29, 2026 By Paul Greaves, Kelly Hagedorn and Wim Nauwelaerts

On December 3, 2025, the European Commission published its first set of technical FAQs on the EU Cyber Resilience Act (‘CRA’). The CRA is an EU-wide law which lays down cybersecurity requirements for ‘products with digital elements’ (‘PDEs’), including IoT devices, hardware components, and certain software. It becomes fully applicable on December 11, 2027, with reporting obligations (for actively exploited vulnerabilities and significant incidents) kicking in earlier - from September 11, … [Read more] about European Commission Publishes Guidance For Companies Implementing the EU Cyber Resilience Act

New York Regulates Large Artificial Intelligence Models

January 21, 2026 By Kim Peretti, Jennifer Everett, Scott Hilsen, Dorian Simmons and Santi Villar

On December 19, 2025, just eight days after President Trump issued an executive order titled “Ensuring a National Policy Framework for Artificial Intelligence” to challenge burdensome state laws that regulate artificial intelligence (the “December … [Read more] about New York Regulates Large Artificial Intelligence Models

DOJ Cybersecurity Enforcement Pace Shows No Signs of Slowing Down Going Into 2026

January 20, 2026 By Kim Peretti, Andrew Liebler, Lance Taubin and Andrew Rice

As 2025 drew to a close, the United States Department of Justice (DOJ) announced significant developments in cases relating to the allegedly deficient cybersecurity practices of two Department of Defense (DoD) contractors. These two cases suggest … [Read more] about DOJ Cybersecurity Enforcement Pace Shows No Signs of Slowing Down Going Into 2026

Spanish DPA Highlights Privacy Risks in GenAI Content Creation

January 19, 2026 By Alice Portnoy and Wim Nauwelaerts

Earlier this month, the Spanish Data Protection Authority (Agencia Española de Protección de Datos, or AEPD) issued new guidance on the privacy and data protection risks associated with uploading images or photos - whether directly or indirectly … [Read more] about Spanish DPA Highlights Privacy Risks in GenAI Content Creation

Texas Court Blocks Smart TV Data Collection

January 5, 2026 By Jennifer Everett, David Keating and Lili Song

A Texas state court has issued a temporary restraining order (“TRO”) blocking Hisense, a major Chinese smart TV manufacturer, from collecting data on the content viewers watch via Automatic Content Recognition (“ACR”) technology. Background The … [Read more] about Texas Court Blocks Smart TV Data Collection