5) EU AI act
Yes, more AI regulation. The world seems to be showing a unified front… by setting off in its own direction. This regulation is still being finalised, but this act is looking at prohibiting certain types of AI considered ‘high risk, regulating others and mandating various measures. Requirements are expected to include model evaluations, assessing, and mitigating systemic risks, conducting adversarial testing, reporting to the European Commission on serious incidents, ensuring cyber security and reporting on energy efficiency.
6) CP26/23 - Operational resilience: Critical third parties to the UK financial sector
A catchy title, for sure. This is building on previous regulation that seeks to bring critical IT providers into the scope of financial regulators. As above, it will be interesting to see how this impacts third parties.
7) Bermuda Personal Information Protection Act (PIPA)
Now, it’s been around a while, for sure. But the regulator has said they are getting round to implementing this in 2024. The requirements are pretty GDPR-ish, but there’s still work to do for in-scope organisations if you haven’t picked up on GDPR yet.
8) SEC Cyber security rules
Technically due in mid-December 2023, but important as it’s going to have a big impact. Requirements cover notification of breaches, disclosure of cyber security risk management and governance information, including board proficiency and oversight of cybersecurity risks. As with all the other rules and regulations we’ve noted, this will spread to the supply chain, so even if you’re not SEC listed, you need to be aware.
Well, that’s eight rules from around the world that are going to have an impact in 2024. We haven’t mentioned US AI executive orders or anything the UK plans to do on AI. We haven’t mentioned US federal data privacy shenanigans. You may think they won’t impact you, and unless you’re in scope, or deliver services to someone that is in scope, you may be right. But read the above and you might just see a poorly hidden trend. If you’re not regulated now, you may well be soon.