What’s Behind Europe’s Push to “Simplify” Tech Regulation?

EU's push to “simplify” tech regulation aims to streamline its complex laws, raising concerns about diluting hard-won protections like GDPR and the AI Act. Amid geopolitical competition with the US and China, 13 member states advocate for deregulation, arguing it hampers innovation. Experts warn this may benefit dominant tech firms rather than smaller businesses and stress the need for a coherent strategy rather than unfocused deregulation. Fragmentation and ineffective regulation hinder innovation in Europe, signaling that reform should focus on coordination and support for startups, not dismantling existing protections.

https://www.techpolicy.press/whats-behind-europes-push-to-simplify-tech-regulation/

EU Commission Clarifies Definition of AI Systems

EU Commission clarifies AI definition: The Commission published guidelines detailing the definition of AI systems under the AI Act, outlining seven components, including machine-based systems, autonomy, adaptability, objective-driven outputs, inference capability, environmental interaction, and influence over environments. The guidelines help companies assess AI Act applicability. However, the guidelines are non-binding and not yet formally adopted.

https://www.orrick.com/en/Insights/2025/04/EU-Commission-Clarifies-Definition-of-AI-Systems

Biometrics in the EU: Navigating the GDPR, AI Act

Biometrics in the EU are regulated by the GDPR and the AI Act, which address the use of biometric technologies beyond security into areas like emotion recognition and employee monitoring. The GDPR governs the processing of biometric data as personal and, in some cases, “special category” data requiring consent. The AI Act categorizes biometric systems by risk, with real-time remote identification largely prohibited, and specific rules for emotion recognition and categorization. Organizations face complex compliance challenges due to overlapping regulations, requiring a nuanced understanding of technology and legal responsibilities.

https://iapp.org/news/a/biometrics-in-the-eu-navigating-the-gdpr-ai-act

AI Employees With ‘memories’ and Company Passwords Are a Year Away, Says Anthropic Chief Information Security Officer

Anthropic's CISO, Jason Clinton, predicts AI virtual employees with memories and credentials could emerge in a year, enhancing workplace integration but introducing new cybersecurity risks. AI agents promise cost savings and efficiency but raise concerns about job losses, as illustrated by companies like Klarna and Shopify prioritizing AI over hiring.

https://fortune.com/article/anthropic-jason-clinton-ai-employees-a-year-away/

Cynomi Cinches $37M for Its AI-based ‘virtual CISO’ for SMB Cybersecurity

Cynomi raises $37M for its AI-driven virtual CISO targeting SMB cybersecurity amid rising attacks. Co-led by Insight Partners and Entrée Capital, the funding positions Cynomi as a market leader with a valuation over $140M. The company offers automated security management services via third-party resellers, aiming to fill a gap for budget-constrained SMBs. CEO David Primor emphasizes that the virtual CISO can perform various security tasks efficiently, tripling annual revenue recently. Funds will support R&D to expand cybersecurity solutions, as the industry lacks a comprehensive operating system.

https://techcrunch.com/2025/04/23/cynomi-cinches-37m-for-its-ai-based-virtual-ciso-for-smb-cybersecurity/

CIOs Increasingly Dump In-house POCs for Commercial AI

CIOs are shifting from in-house AI proof-of-concept (POC) projects to commercial AI solutions due to high failure rates of internal efforts and low returns. A Gartner survey revealed that the percentage of companies creating their own AI tools dropped from 50% to 20% in just a year. Many organizations are overwhelmed by the demands of building AI systems, often lacking the necessary expertise and resources. The trend is now towards smaller, niche applications of AI, utilizing proprietary data to derive greater value, while software vendors increasingly promote their AI offerings.

https://www.cio.com/article/3965387/cios-increasingly-dump-in-house-pocs-for-commercial-ai.html

Latest PCI DSS Standards: Use Third Parties

PCI DSS 4.0 allows merchants to use third-party services but holds them fully responsible for any security risks. Effective March 31, 2025, this standard mandates rigorous evaluations of third-party vendors and regular compliance checks. Merchants must implement controls like network segmentation and encryption to mitigate risks but ultimately cannot outsource liability for data breaches. The choice remains: outsource with due diligence or manage security in-house.

https://www.tripwire.com/state-of-security/latest-pci-dss-standards-use-third-parties-your-own-risk

The PCI DSS Reset: a Guide to Embracing Version 4.0

PCI DSS 4.0 Compliance Guide: Integral for developers integrating payment systems; security protocols evolved from PCI DSS 3.2.1. Key requirements (6.4.3, 11.6.1) focus on authorization, verification of client-side scripts due to rising attacks. Security must be embedded from development's start to prevent vulnerabilities; managing script dependencies and real-time monitoring is essential for protecting payment data and ensuring compliance.

https://www.devprojournal.com/technology-trends/payment-processing/the-pci-dss-reset-a-guide-to-embracing-version-4-0/

Scroll to Top