CIO – Page 17 – CIO.works

GPAI Code of Practice

GPAI Code of Practice: EU's AI Act mandates GPAI providers, like GPT and Llama, to comply with copyright laws and create a Code of Practice for adherence. The 3rd Draft simplifies requirements, stressing proportional compliance based on provider size. Key areas include: establishing a copyright policy, responsible web crawling practices, identifying TDM opt-outs, mitigating copyright infringement risks, and appointing a copyright contact. The finalized Code is expected by May 2025, and stakeholder feedback is open until March 30, 2025.

https://www.taylorwessing.com/en/insights-and-events/insights/2025/03/gpai-code-of-practice

EIOPA Publishes Consultation on Opinion on AI Governance and Risk Management

By CIO / Blog / regulation, EU, AI

EIOPA released a consultation on AI governance and risk management for insurance. The Opinion guides insurance entities on AI use, emphasizing risk assessment, proportional governance, ethics, data management, and accountability. It highlights the importance of fairness, transparency, and documentation, while encouraging a customer-centric approach and regular review of AI strategies. Adequate data governance and redress mechanisms are mandated, not introducing new laws but clarifying existing regulations. Feedback is due by May 12, 2025.

https://datamatters.sidley.com/2025/03/14/eiopa-publishes-consultation-on-opinion-on-ai-governance-and-risk-management/

Improving Cybersecurity By 1% At a Time

By CIO / Blog / cybersecurity

Cybersecurity improvement doesn't require huge investments, just consistent, incremental changes. Focus on 1% enhancements like regular system updates, strong password policies, employee training, network segmentation, and reliable data backups. These small steps collectively provide substantial protection against threats, promoting a culture of persistence over perfection.

https://www.forbes.com/councils/forbestechcouncil/2025/03/13/improving-cybersecurity-by-1-at-a-time/

Encryption, AI Risks and Policy Chaos: What’s Next for Cybersecurity?

By CIO / Blog / trends, cybersecurity

Cybersecurity faces rapid evolution due to disruptive technologies, regulations, and geopolitical factors. Key issues include U.S. government agency restructuring affecting security, the UK seeking backdoor access to encrypted data, and the impending threats of quantum computing on encryption. While AI offers benefits, it also raises risks like advanced cyberattacks. Organizations must prioritize proactive security measures and adaptability to thrive amidst these challenges.

https://www.morphisec.com/blog/encryption-ai-risks-policy-chaos-future-of-cybersecurity/

NIS2: a Game-Changer for Senior Management and Boards

By CIO / Blog / NIS2

NIS2 transforms senior management and boards' approach to cybersecurity.

https://www.williamfry.com/knowledge/nis2-a-game-changer-for-senior-management-and-boards/

5 Questions to Ask Before Deploying Agentic AI

By CIO / Blog / AI

CIOs must consider five key questions before deploying agentic AI:

What specific problem will it solve?
Is there sufficient and suitable data to support it?
How will data security be ensured?
How does it align with the company's overall tech strategy?
What monitoring processes will be in place to maintain its effectiveness?

These considerations are crucial for successful AI integration, particularly regarding security and relevance.

https://www.ciodive.com/news/5-questions-agentic-AI-CIO/742296/

AI Act’s New GPAI Code Out… Finally, Natalie Donovan

By CIO / Blog / regulation, AI, EU

EU's new GPAI Code, delayed but published on March 11, aims to aid compliance under the AI Act for General Purpose AI providers. While it includes streamlined commitments and user-friendly documentation, concerns remain from tech bodies about copyright and risk evaluation requirements. Further guidance on GPAI models is forthcoming. Finalization is due by May; if not completed by August 2025, common rules may be established by the Commission. The success of this voluntary Code is crucial for practical implementation of the AI Act.

https://thelens.slaughterandmay.com/post/102k49e/ai-acts-new-gpai-code-out-finally

Joint Report on Publicly Available Hacking Tools

By CIO / Blog / cybersecurity

The NCSC report details publicly available hacking tools used by cybercriminals and nation-state actors, highlighting their accessibility and impact. It examines tools for credential theft, network exploitation, and persistence and urges organizations to strengthen defenses against these threats.

https://www.ncsc.gov.uk/report/joint-report-on-publicly-available-hacking-tools

CJEU Issues Judgment on Balancing the Right of Access and Protecting Trade Secrets in Automated Decision-making Processes

By CIO / Blog / GDPR

CJEU's Feb 27, 2025 judgment in CK v Dun & Bradstreet clarifies GDPR provisions on access to personal data and automated decision-making. It mandates that data subjects must receive meaningful, concise explanations without full algorithm disclosure. Controllers must balance transparency with trade secret protection, sharing relevant information with supervisory authorities for cases involving trade secrets. The ruling rejects blanket legal exclusions for access rights based on trade secrets, requiring case-by-case assessments.

https://www.aoshearman.com/en/insights/ao-shearman-on-data/cjeu-issues-judgment-on-balancing-the-right-of-access-and-protecting-trade-secrets

The CISO as Business Resilience Architect

By CIO / Blog / cybersecurity, CISO

CISOs must adapt to rising regulatory pressures and evolving cyber threats, leading the way in resilience strategies while managing compliance. Their roles may evolve from purely cybersecurity to overseeing overall business resilience, integrating AI, and collaborating closely with IT and senior management. The CISO's focus will shift towards designing security architectures that support growth and adaptability, making them essential in the boardroom.

https://www.darkreading.com/vulnerabilities-threats/ciso-business-resilience-architect

Author name: CIO