CIO – Page 132 – CIO.works

EU AI Office Publishes Third Draft of EU AI Act-Related General-Purpose AI Code of Practice: Key Copyright Issues

EU AI Office's third draft of the General-Purpose AI Code of Practice outlines commitments for GPAI model providers regarding copyright compliance under the AI Act, effective August 2025. Key obligations include adhering to training data copyright laws, respecting opt-out requests from content creators, and limiting web crawling practices. The streamlined draft emphasizes transparency and governance measures, with a focus on mitigating copyright infringement risks. Differences in US and EU copyright practices, such as the lack of a “fair use” doctrine, are noted, highlighting the complexities of navigating AI copyright law in Europe. Finalization expected May 2025.

https://www.morganlewis.com/pubs/2025/04/eu-ai-office-publishes-third-draft-of-eu-ai-act-related-general-purpose-ai-code-of-practice-key-copyright-issues

Artificial Intelligence Liability Directive (AILD)

By CIO / A / regulation, AI

AILD: EU legislation on AI accountability; establishes liability rules for AI-related damages; aims to ensure safety and trust in AI technologies while fostering innovation.

Data Privacy Framework (DPF)

By CIO / D / GDPR, data protection

DPF: structure for protecting personal data, ensuring compliance, industry standards, fostering trust, mitigating risks, enhancing data security, and enabling safe data transfers.

Strengthening Email Ecosystem: Outlook’s New Requirements for High‐Volume Senders

By CIO / Blog / DNS, email, Microsoft

Outlook introduces stricter email authentication standards for domains sending over 5,000 emails daily, requiring SPF, DKIM, and DMARC compliance to enhance inbox security and reduce spoofing and spam. Non-compliance will lead to messages being routed to Junk and eventually rejected. Organizations are advised to audit their DNS records and implement transparent mailing practices. Enforcement begins in May 2025. These measures aim to protect users and improve deliverability for legitimate senders, encouraging industry-wide best practices.

https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/strengthening-email-ecosystem-outlook’s-new-requirements-for-high‐volume-senders/4399730

Urgent Need for Resilient Industrial Cybersecurity Professionals to Defend ICS/OT Systems From Rising Cyber Attacks

By CIO / Blog / operational technology, cybersecurity

Demand for resilient industrial cybersecurity experts is rising due to increased cyber threats against ICS/OT systems. Specialized knowledge is crucial, encompassing technical skills in network security, risk assessment, and incident response. Essential certifications include GICSP and CISSP. Career paths vary, requiring awareness of legacy systems and operational protocols. Professionals must engage in continuous learning and mentorship to stay updated on evolving threats. Networking and participation in industry conferences enhance career growth in this critical sector, supporting the defense of vital infrastructure against cyber attacks.

https://industrialcyber.co/features/urgent-need-for-resilient-industrial-cybersecurity-professionals-to-defend-ics-ot-systems-from-rising-cyber-attacks/

Key Cybersecurity Challenges In 2025—Trends And Observations

By CIO / Blog / trends, cybersecurity

In 2025, cybersecurity faces significant challenges amid rising threats like AI-driven attacks, ransomware, healthcare breaches, and DDoS attacks. Despite advanced technologies, organizations remain vulnerable, with a notable rise in cyber incidents. AI agents present both advantages and risks; while they can enhance threat detection, they also facilitate advanced cyberattacks. Additionally, quantum computing poses a potential risk to existing encryption methods. Escalating data breaches particularly challenge the healthcare sector. A comprehensive cybersecurity strategy is essential to protect sensitive data across industries.

https://www.forbes.com/sites/chuckbrooks/2025/04/05/key-cybersecurity-challenges-in-2025-trends-and-observations/

Data in the Balance: Political Influence on EU-U.S. Data Transfers

By CIO / Blog / GDPR, data protection, business objectives

EU-U.S. Data Privacy Framework (DPF) faces uncertainties due to political changes and actions like Trump’s Executive Order affecting oversight agencies. Over 2,800 U.S. firms rely on DPF for GDPR compliance; any invalidation would halt data transfers, forcing reliance on alternative mechanisms. Organizations must monitor regulatory shifts to avoid penalties and ensure compliance.

https://ogletree.com/insights-resources/blog-posts/data-in-the-balance-political-influence-on-eu-u-s-data-transfers/

Europe’s Regulatory Retreat on AI: a Free Lunch for Big Tech?

By CIO / Blog / regulation, EU, AI

EU's push for AI competitiveness led to withdrawal of AI Liability Directive (AILD), raising concerns about accountability in AI-related harms. Big Tech benefits from this retreat, avoiding liability for potential damages. Effective oversight becomes challenging due to AI's ‘black-box' nature, risking consumer protection. A call for reassessment of AI regulation instead of deregulation is essential for safeguarding citizens against harmful practices.

https://euobserver.com/digital/arcbd1284c

Europe’s GDPR Privacy Law Is Headed for Red Tape Bonfire Within ‘weeks’

By CIO / Blog / GDPR

EU plans to simplify GDPR, seen as complex and burdensome for businesses, aiming to boost competitiveness. Proposal expected within weeks aims to reduce compliance costs, especially for SMEs, while maintaining privacy protections. Risk of intense lobbying from tech and privacy advocates noted.

https://www.politico.eu/article/eu-gdpr-privacy-law-europe-president-ursula-von-der-leyen/

Can AI Improve Third-Party Risk Management (TPRM)

By CIO / Blog / AI, cybersecurity

AI can enhance Third-Party Risk Management (TPRM) by automating security questionnaires, enabling continuous monitoring, and providing real-time risk assessments.

Discussed during a CISO Series episode, experts highlighted the importance of integrating AI to better understand and manage cumulative risks from vendors, moving away from traditional checkbox exercises. Agile risk assessments, predictive analytics, and marrying threat intelligence with compliance data were seen as critical advancements. Concerns about false positives and accountability remain, emphasizing that while AI augments decision-making, it should not supplant human oversight.

https://cisoseries.com/can-ai-improve-third-party-risk-management-tprm/

Author name: CIO