Tag Archives: Annabella M. Waszkiewicz

Recently Enacted AI Law in Colorado: Yet Another Reason to Implement an AI Governance Program

by Avi GesserErez Liebermann, Matt KellyMartha HirstAndreas Constantine PavlouCameron Sharp, and Annabella M. Waszkiewicz

Photos of the authors.

Top left to right: Avi Gesser, Erez Liebermann, Matt Kelly, and Martha Hirst. Bottom left to right: Andreas Constantine Pavlou, Cameron Sharp, and Annabella M. Waszkiewicz. (Photos courtesy of Debevoise & Plimpton LLP)

On May 17, 2024, Colorado passed Senate Bill 24-205 (“the Colorado AI Law” or “the Law”), a broad law regulating so-called high-risk AI systems that will become effective on February 1, 2026.  The law imposes sweeping obligations on both AI system deployers and developers doing business in Colorado, including a duty of reasonable care to protect Colorado residents from any known or reasonably foreseeable risks of algorithmic discrimination.

Continue reading

EU Digital Operational Resilience Act (“DORA”): Incident and Cyber Threat Reporting and Considerations for Incident Response Plans

by Robert MaddoxStephanie ThomasAnnabella M. Waszkiewicz, and Michiko Wongso 

Photos of the authors

Left to right: Robert Maddox, Stephanie Thomas, Annabella M. Waszkiewicz, and Michiko Wongso (photos courtesy of Debevoise & Plimpton LLP)

With the EU Digital Operational Resilience Act (“DORA”) implementation deadline set for January 2025, many financial services firms are spending 2024 preparing for the new regime. Amongst many operational resilience and management oversight requirements, DORA will require covered entities to monitor for, identify, and classify Information and Communications Technology (“ICT”)-related incidents (“incidents”) and cyber threats and report them under certain circumstances to regulators, clients, and the public.

In this post, we take a closer look at DORA’s ICT-related incident and cyber threat reporting obligations (which can require notifications as fast as four hours) and how covered entities can prepare to address them within their existing incident response plans (“IRPs”).

For a more general overview of DORA’s requirements, please see our previous blog post here, along with our coverage of management obligations for covered entities under DORA and how DORA will impact fund managers and the insurance sector in Europe.

Continue reading

Treasury’s Report on AI (Part 1) – Governance and Risk Management

by Charu A. Chandrasekhar, Avi Gesser, Erez Liebermann, Matt Kelly, Johanna Skrzypczyk, Michelle Huang, Sharon Shaji, and Annabella M. Waszkiewicz

Photos of the authors

Top: Charu A. Chandrasekhar, Avi Gesser, Erez Liebermann, and Matt Kelly
Bottom: Johanna Skrzypczyk, Michelle Huang, Sharon Shaji, and Annabella M. Waszkiewicz
(Photos courtesy of Debevoise & Plimpton LLP)

On March 27, 2024, the U.S. Department of Treasury (“Treasury”) released a report on Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector (the “Report”). The Report was released in response to President Biden’s Executive Order (“EO”) 14110 on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, which spearheaded a government-wide effort to issue Artificial Intelligence (“AI”) risk management guidelines consistent with the White House’s AI principles. Continue reading

NIST Releases Most Significant Update to Cybersecurity Framework Since 2014

by Avi Gesser, Erez Liebermann, Michael R. Roberts, HJ Brehmer, and Annabella M. Waszkiewicz

Photos of authors

Left to right: Avi Gesser, Erez Liebermann, Michael R. Roberts, HJ Brehmer, and Annabella M. Waszkiewicz

On February 26, 2024, the National Institute of Standards and Technology (“NIST”) announced the release of Version 2.0 of the Cybersecurity Framework (“Version 2.0” or the “Framework”). We previously wrote about proposed changes to the Framework, which has become an important industry standard for assessing cybersecurity maturity of organizations and managing cybersecurity risk. Version 2.0’s enhanced guidance, and particularly its additional governance section, should be interesting to counsel as a helpful tool for mapping to new legal requirements from regulators such as the Securities and Exchange Commission (“SEC”), New York Department of Financial Services (“NYDFS”), and the Commodity Futures Trading Commission (“CFTC”).

Continue reading