IRS Schedule 1-A for Tax Year 2025 Deductions

The IRS has published new Schedule 1-A and instructions for tax year 2025, detailing how taxpayers can claim new deductions for tips, overtime, car loans, and an enhanced deduction for seniors. These changes are part of the 'One, Big, Beautiful Bill' and aim to provide significant tax benefits to eligible individuals.

Proposed Rules for Electronic 1099-DA Statements for Digital Asset Brokers

The Treasury and IRS have issued proposed regulations to ease electronic furnishing of Form 1099-DA statements for digital asset brokers. These rules offer an optional process for obtaining customer consent for electronic statements, reducing burdens associated with paper delivery. The proposed changes are effective for statements required on or after January 1, 2027.

Proposed Regulations for Trump Accounts and Form 4547

The Department of the Treasury and IRS have issued proposed regulations for opening Trump Accounts, a pro-family initiative from the One, Big, Beautiful Bill. The regulations outline requirements for eligible individuals and the responsible parties, with a deadline for opening initial accounts by December 31st of the year the eligible individual turns 17.

FINRA Fines Firms for Rule Violations

FINRA has fined two firms, SG Americas Securities, LLC and Wedbush Securities Inc., a total of $240,000 for rule violations. The violations include inaccurate reporting of order handling and failure to maintain possession or control of customer securities. These actions were reported in FINRA's January 2026 disciplinary actions.

FINRA Fines Five Firms $585,000 for Reporting and Supervisory Violations

FINRA announced disciplinary actions against five firms in February 2026, imposing fines totaling $585,000. The actions address violations related to trade reporting accuracy, customer trade confirmations, and supervisory systems for employee outside brokerage accounts.

FINRA Disciplinary Actions for March 2026

FINRA has taken disciplinary actions against Independence Capital Co., Inc. and Dennis Clarence Twarogowski, resulting in fines, restitution, and suspensions for supervision failures and reporting errors. BNY Mellon Capital Markets, LLC was also fined for municipal securities reporting violations.

SEC Staff Accounting Bulletin 118 on Tax Cuts and Jobs Act Income Taxes

The SEC staff has published Staff Accounting Bulletin No. 118 to provide guidance on applying accounting standards for income taxes following the Tax Cuts and Jobs Act of 2017. This bulletin clarifies interpretations for registrants regarding ASC Topic 740, Income Taxes.

SEC Staff Accounting Bulletin 119 on Credit Loss Guidance

The SEC's Office of the Chief Accountant published Staff Accounting Bulletin 119 to update guidance on measuring credit losses on financial instruments. This update aligns SEC staff interpretations with the FASB's Accounting Standards Codification Topic 326, which introduces an expected credit loss model.

SEC Staff Accounting Bulletin 120: Fair Value Guidance for Share-Based Payments

The SEC's Office of the Chief Accountant and Division of Corporation Finance have issued Staff Accounting Bulletin (SAB) 120, updating guidance on estimating the fair value of share-based payment transactions when a company possesses material non-public information. This update aligns existing interpretive guidance with current accounting standards, specifically FASB ASC Topic 718.

SEC Rescinds Staff Accounting Bulletin No. 121

The SEC has rescinded Staff Accounting Bulletin No. 121, which provided guidance on the accounting for obligations to safeguard crypto-assets held for platform users. This rescission is effective April 11, 2022, and was done in conjunction with the publication of SAB No. 122.

SEC Rescinds SAB 121, Issues SAB 122 on Crypto-Asset Custody

The SEC has rescinded Staff Accounting Bulletin (SAB) 121 and issued SAB 122, which provides new guidance on accounting for crypto-asset custody obligations. This change affects how entities recognize and measure liabilities related to safeguarding crypto-assets for platform users.

EPA Extends PFOA/PFOS Drinking Water Compliance Deadlines to 2031

The EPA announced it will maintain existing Maximum Contaminant Levels (MCLs) for PFOA and PFOS in drinking water but will extend compliance deadlines for public water systems from 2029 to 2031. The agency also intends to rescind and reconsider regulations for other PFAS compounds.

EPA Actions on PFAS: Drinking Water, CERCLA, and Water Quality

The EPA has finalized a national drinking water standard for PFAS, designated PFOA and PFOS as hazardous substances under CERCLA, and published water quality criteria for PFAS to protect aquatic life. These actions aim to reduce PFAS exposure and improve cleanup accountability.

EPA Highlights PFAS Actions and Proposed TSCA Rule

The EPA highlighted its first-year actions on PFAS, including $945 million for water contamination and proposed TSCA reporting changes. The agency detailed efforts in testing, community support, and regulation to address PFAS risks.

EPA Adds PFHxS-Na to Toxics Release Inventory

The EPA has finalized a rule adding sodium perfluorohexanesulfonate (PFHxS-Na) to the Toxics Release Inventory (TRI), bringing the total number of tracked PFAS to 206. Businesses in covered industries must now track and report releases of PFHxS-Na, with a reporting threshold of 100 lbs.

EPA Proposes Changes to PFAS Reporting Requirements

The EPA has proposed changes to its PFAS reporting requirements under the Toxic Substances Control Act (TSCA) to reduce regulatory burdens on businesses. The proposal aims to make reporting more practical and implementable, while still collecting essential use and safety information. The agency is seeking public comment on these proposed modifications.

OSHA Cites Florida Contractor $28,135 for Serious Violations After Fatality

The Occupational Safety and Health Administration (OSHA) has cited Hyvac Inc., a Florida contractor, for two serious violations after a worker fatality. The agency proposed $28,135 in penalties for exposing workers to struck-by hazards.

OSHA cites contractor after worker exposure to toxic chemicals

The U.S. Department of Labor's OSHA has cited PCE Petroleum Contractors Enterprises Inc. for 12 serious violations after a worker was fatally exposed to benzene and toluene. The agency proposed $60,242 in penalties.

OSHA Fines Grain Company $276,407 for Safety Violations After Worker Injury

The Occupational Safety and Health Administration has issued citations and proposed $276,407 in penalties to Alliance Grain Co. in Gibson City, Illinois. The citations stem from an inspection following a serious injury to a seasonal laborer, revealing violations related to machine guarding, lockout/tagout procedures, and grain bin entry safety.

Labor Department: Union Pacific Railroad wrongly terminated employee

The U.S. Department of Labor's OSHA found Union Pacific Railroad violated the Federal Railroad Safety Act by terminating an employee after they reported a work-related injury. OSHA ordered the company to reinstate the employee and pay over $315,000 in damages.

OSHA cites Adonel Concrete $58,604 for 9 serious violations after fatal injury

The U.S. Department of Labor's OSHA has cited Adonel Concrete Corp. for nine serious violations following a fatal injury to an employee. The company faces $58,604 in penalties for inadequate machine guarding and other safety failures.

OSHA Interim Enforcement Guidance on Handrail and Stair Rail Systems

OSHA has issued interim enforcement guidance regarding handrail and stair rail system requirements under 29 CFR 1910.28(b) and 1910.29(f). This guidance provides a temporary compliance path for employers until a final rule is issued, addressing a formatting error in Table D-2 of the 2016 Walking-Working Surfaces final rule.

OSHA Guidance on Recordability of Lithium-Ion Battery Injuries

OSHA issued guidance clarifying that workplace injuries resulting from employees improperly carrying personal rechargeable lithium-ion batteries (e.g., in e-cigarettes) are considered work-related and must be recorded under OSHA's recordkeeping regulation (29 CFR Part 1904). The guidance addresses a specific scenario involving unprotected batteries sparking in a pocket.

OSHA Clarifies Lead Contamination on Surfaces

OSHA has issued a clarification regarding the interpretation of "as free as practicable" for lead contamination on surfaces in its lead standard for construction. This guidance addresses employer responsibilities for maintaining clean work areas and lunchroom facilities to minimize lead exposure.

OSHA Interpretation on Respirator Medical Evaluations

OSHA has issued an interpretation clarifying its Respiratory Protection standard (29 CFR § 1910.134) regarding medical evaluations for respirator use. This interpretation addresses the extent of information employers must provide to healthcare professionals and the scope of the PLHCP's evaluation concerning an employee's ability to perform job tasks safely while using a respirator.

Accessible Deletion Mechanism for Data Brokers

The California Privacy Protection Agency has finalized regulations establishing an Accessible Deletion Mechanism (DROP) for data brokers, effective January 1, 2026. This system allows consumers to request the deletion of their personal information from registered data brokers through a single request to the agency.

California Adopts CCPA Regulations on Risk Assessments and Cybersecurity

The California Privacy Protection Agency has adopted final regulations updating the CCPA. These regulations implement requirements for risk assessments, annual cybersecurity audits, and consumers' rights regarding automated decision-making technology, effective January 1, 2026.

Data Broker Registration Fee Regulations

The California Privacy Protection Agency (CPPA) is now responsible for the state's data broker registry, effective January 1, 2024. Data brokers must pay an annual registration fee, which the CPPA may adjust. Final regulations for the fee structure have been published for 2024, 2025, and 2026 registrations.

CPPA Seeks Comments on Opt-out Preference Signals Rulemaking

The California Privacy Protection Agency (CPPA) is seeking preliminary public comments on potential rulemaking regarding Opt-out Preference Signals (OOPS). The agency is gathering information to explore whether regulatory changes are necessary to reduce friction in exercising privacy rights. Comments are due by April 6, 2026.

CPPA Seeks Comments on Reducing Privacy Rights Friction

The California Privacy Protection Agency (CPPA) is seeking preliminary comments on potential regulatory changes to reduce friction in how consumers exercise their privacy rights. The comment period is open from March 6, 2026, until April 6, 2026.

ENISA Seeks Feedback on Software Supply Chain Security Guidance

ENISA has launched public consultations on draft guidance for software supply chain security. Feedback is sought on an SBOM Landscape Analysis and a Technical Advisory for Secure Use of Package Managers, with a deadline of January 23, 2026.

ENISA Cybersecurity Exercise Methodology Guidance

ENISA has released a new cybersecurity exercise methodology to guide organizations in planning and executing effective cybersecurity exercises. The methodology provides a framework for simulating cyber crises, training response capabilities, and building resilience against cyber threats.

ENISA Report: EU Public Administrations Targeted by DDoS Attacks

ENISA has released a report detailing that EU public administrations are increasingly targeted by cyberattacks, primarily DDoS attacks, with central governments being the most affected. The report analyzes 586 incidents from 2024 and highlights the sector's developing cybersecurity resilience under the NIS2 Directive.

ENISA Report: Cybersecurity Investments and NIS2 Challenges

ENISA's 6th NIS Investments report reveals a shift in cybersecurity spending from personnel to technology and services across 1080 EU organizations. The report highlights persistent talent shortages and challenges in implementing the NIS2 Directive, despite compliance being a key investment driver.

ENISA Updates International Cybersecurity Strategy

ENISA has updated its International Strategy to enhance engagement with international partners and align with the EU's cybersecurity policies. The revised strategy focuses on cooperation with countries sharing EU values and includes specific working arrangements with Ukraine and the US, support for EU candidate countries, and operationalizing the EU Cybersecurity Reserve for third countries.

AI, 5G, Cybersecurity, and Data Interoperability in Connectivity

The IEEE Standards Association (IEEE SA) published a blog post discussing the future of connectivity, focusing on the integration of AI, 5G, cybersecurity, and data interoperability into intelligent infrastructure. The post highlights the evolving trends and the importance of consensus-based standards in shaping these advancements.

IEEE Medical Device Registry Enhances Healthcare Cybersecurity

The IEEE Standards Association has launched the IEEE Medical Device Registry, a public database of medical devices that have successfully completed cybersecurity certification under the IEEE 2621 framework. This initiative aims to enhance transparency and trust in healthcare by providing verifiable information on device cybersecurity performance.

2026 Healthcare Trends: AI, Medical Device Cybersecurity, Digital Therapeutics

The IEEE Standards Association has identified key healthcare and life sciences trends for 2026, focusing on AI-driven health delivery, medical device cybersecurity, and digital therapeutics. The notice highlights opportunities and challenges associated with these evolving technologies.

Joint Advisory on SD-WAN Appliance Exploitation

The NSA, CISA, and international cybersecurity agencies have issued a joint advisory regarding the exploitation of Cisco SD-WAN appliances. Threat actors are exploiting a specific vulnerability (CVE-2026-20127) to gain root access and establish persistence. The advisory includes a threat hunt guide and mitigation recommendations.

NIST CSF 2.0 Cybersecurity Risk Management Guidance

The National Institute of Standards and Technology (NIST) has released version 2.0 of its Cybersecurity Framework (CSF). This updated guidance provides a comprehensive taxonomy for organizations of all sizes and sectors to manage cybersecurity risks, offering a flexible approach to assessing and communicating cybersecurity efforts.

NIST Cybersecurity Framework 2.0 Implementation Resources

The National Institute of Standards and Technology (NIST) has released quick start guides and implementation resources for the Cybersecurity Framework (CSF) 2.0. These resources aim to help organizations of all sizes, including small businesses, understand and implement the updated framework.

NIST Cybersecurity Framework 2.0 Profiles and Resources

The National Institute of Standards and Technology (NIST) has released updated resources for its Cybersecurity Framework (CSF) 2.0, including organizational profile templates and community profiles. These resources aim to help organizations assess and improve their cybersecurity posture.

NIST Cybersecurity Framework (CSF) 2.0 Anniversary and Updates

NIST is celebrating the two-year anniversary of the Cybersecurity Framework (CSF) 2.0. The blog post highlights updates and resources released over the past two years, including expanded guidance on governance and informative references to other standards, emphasizing the framework's widespread adoption and ongoing development.

Apple Use-After-Free Vulnerability Fixed in iOS/iPadOS 17

CISA has added a use-after-free vulnerability (CVE-2023-41974) affecting Apple iOS and iPadOS to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, which could allow an app to execute arbitrary code with kernel privileges, has been fixed by Apple in iOS 17, iPadOS 17, iOS 15.8.7, and iPadOS 15.8.7.

SolarWinds Web Help Desk RCE Vulnerability CVE-2025-26399

CISA has added CVE-2025-26399, a critical remote code execution vulnerability in SolarWinds Web Help Desk, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions 12.8.7 and below and allows unauthenticated attackers to run commands on the host machine.

VMware Workspace ONE UEM SSRF Vulnerability CVE-2021-22054

CISA has added VMware Workspace ONE UEM console versions to the Known Exploited Vulnerabilities (KEV) catalog due to an SSRF vulnerability (CVE-2021-22054). This vulnerability may allow a malicious actor to gain access to sensitive information.

Ivanti EPM Authentication Bypass Vulnerability

CISA has added a vulnerability (CVE-2026-1603) in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, an authentication bypass allowing credential data leakage, affects versions before 2024 SU5.

n8n RCE Vulnerability CVE-2025-68613

CISA has added CVE-2025-68613, a critical Remote Code Execution vulnerability in n8n's workflow evaluation system, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions prior to 1.120.4, 1.121.1, and 1.122.0 and allows authenticated attackers to execute arbitrary code.

WHO Expert Committee on Specifications for Pharmaceutical Preparations 57th Report

The WHO Expert Committee on Specifications for Pharmaceutical Preparations has released its 57th report, recommending new and revised guidance texts for pharmaceutical quality assurance. These include updated GMP for excipients, new GMP for radiopharmaceutical cold kits, revised lab quality control practices, and updated biowaiver guidelines.

WHO Expert Committee Adopts New Pharmaceutical Guidance

The WHO Expert Committee on Specifications for Pharmaceutical Preparations has adopted nine new guidance texts aimed at ensuring the quality assurance of medicines. These texts cover areas such as nitrosamine prevention, good manufacturing practices for excipients, and bioequivalence assessments, and are recommended for implementation.