Data Privacy & Cybersecurity

PCI SSC Asia-Pacific Community Meeting on Payment Security

The PCI Security Standards Council (PCI SSC) is hosting its annual Asia-Pacific Community Meeting in Bangkok on November 5-6, 2025. The event will bring together payment security experts to discuss evolving threats, new technologies, and best practices for preventing cyberattacks and fraud in the region.

PCI Security Standards Council Publishes Inaugural Annual Report

The PCI Security Standards Council has released its first-ever Annual Report, detailing progress in payment security during 2025 and outlining its vision for 2026. The report highlights advancements in standards, global collaboration, and the adoption of a product-led operating model.

AI Training Compliance Guidance Post-SRB Ruling

This guidance analyzes the impact of the EU Court of Justice's Single Resolution Board ruling on AI training compliance for engineers. It outlines two pathways for compliance, emphasizing engineering choices in defining identifiability and data protection.

Maine Privacy Bill Advances, Oregon AI Chatbot Bill Clears Legislature

Maine's legislature has advanced a comprehensive privacy bill, the Maine Online Data Privacy Act, through both chambers. Oregon's Senate Bill 1546, an AI chatbot safety bill, has also cleared its state legislature and is heading to the governor. Both bills represent significant state-level regulatory developments.

EU AI Act Omnibus: New Compliance Deadlines and Deepfake Ban

Members of the European Parliament have reached a preliminary agreement on amendments to the EU AI Act, including extended compliance deadlines for high-risk systems and a ban on non-consensual deepfakes. The agreement aims to provide legal certainty and allow more time for technical standards and guidance development.

US House Committee Advances KIDS Act and Other Online Safety Bills

The U.S. House Committee on Energy and Commerce advanced the KIDS Act, Sammy's Law, and the App Store Accountability Act to a full House vote. These bills aim to enhance children's online safety by addressing issues like dangerous content, age verification, and app store policies.

South Korea Overhauls PIPA with 10% Turnover Fines and CEO Accountability

South Korea has significantly amended its Personal Information Protection Act (PIPA), introducing fines up to 10% of total turnover and assigning direct supervisory liability to CEOs. These changes, effective September 11, 2026, aim to strengthen deterrence and promote proactive data protection investment.

HITRUST CSF v11.7.0 Release Notes

HITRUST has released version 11.7.0 of its Common Security Framework (CSF), effective December 18, 2025. This update includes new authoritative sources, consolidation of requirement statements, and modifications to the e1 and i1 assessment baselines.

HITRUST 2025 H2 Threat Analysis on AI Tactics and Assessments

HITRUST released its 2025 H2 Cyber Threat Adaptive Report, indicating that its e1, i1, and r2 assessments effectively mitigate top attack techniques, including AI-driven tactics. The report analyzed threat indicators, intelligence articles, and breaches, mapping data to the MITRE ATT&CK framework.

HITRUST CSF v11.6 Assessment Creation Deadline

HITRUST has announced that effective August 22, 2025, all new e1 and i1 assessments must be created using CSF v11.6.0. Existing assessments using v11.5.1 can still be submitted, with a future deadline to be announced.