CIO.works – Page 141

Dun & Bradstreet: a Pyrrhic Victory for the Contestation of AI Under the GDPR — AI Summer School

CJEU ruling on Dun & Bradstreet clarifies GDPR's ‘right to an explanation,' balancing understandability with trade secrets. The court restricts detailed disclosures, potentially limiting individuals' ability to contest AI decisions, resulting in a ‘pyrrhic victory.' While explanations must be clear, they may not substantively empower individuals against problematic AI, and data controllers could misuse disclosure processes to evade accountability. Thus, the practice of contestation faces challenges despite the ruling's intent.

https://www.law.kuleuven.be/ai-summer-school/blogpost/Blogposts/dun-bradstreet-a-pyrrhic-victory-for-the-contestation-of-ai-under-the-gdpr

EU Lawmakers Warn Against Weakening AI Regulations

By CIO / Blog / regulation, EU, AI

EU lawmakers oppose weakening AI regulations to prevent exemptions for U.S. tech giants. Proposed changes could jeopardize compliance ensuring AI safety, transparency, and electoral integrity, raising concerns about risks like election manipulation and discrimination. Discussions ongoing on balancing enforcement and voluntary compliance amid U.S. lobbying, while EU aims to maintain a robust regulatory framework.

https://www.pymnts.com/cpi-posts/eu-lawmakers-warn-against-weakening-ai-regulations/

The EU AI Act Is Here. Are You Prepared for It?

By CIO / Blog / regulation, EU, AI

EU AI Act introduced; companies must prepare for compliance to avoid risks and enhance efficiency. Clear rules established for data and AI usage, impacting various industries, particularly automotive. Implementation begins February 2025, necessitating inter-departmental collaboration and robust compliance strategies. Effective organization and training are vital, and digital responsibility can offer competitive advantages.

https://www.cio.com/article/3852605/the-eu-ai-act-is-here-are-you-prepared-for-it.html

Next-Generation Antivirus (NGAV)

By CIO / N / cybersecurity

NGAV uses advanced techniques (machine learning, behavior analysis) for proactive threat detection, moving beyond traditional signature-based methods. Aims to stop modern malware, zero-day exploits with real-time response. Enhances endpoint security.

Automated Moving Target Defense (AMTD)

By CIO / A / cybersecurity

AMTD: Adaptive cybersecurity strategy; dynamically alters system vulnerabilities to mislead attackers, enhancing defense through unpredictability and automation.

Zero Trust Architecture (ZTA)

By CIO / Z / cybersecurity

Zero Trust Architecture: Security model assuming breach; verify users/devices before access. No default trust; continuous verification, segmentation, least privilege access. Focus on data protection and risk management.

The Evolution of Cybersecurity: From Zero Trust to Preemptive Cyber Defense

By CIO / Blog / cybersecurity

Cybersecurity has evolved from Zero Trust Architecture (ZTA), emphasizing strict access controls and verification, to a more proactive model known as Preemptive Cyber Defense. Traditional security solutions are insufficient against advanced threats like zero-day exploits and fileless malware, which is where Automated Moving Target Defense (AMTD) comes into play. AMTD continuously alters an organization's attack surface, making it challenging for attackers to exploit vulnerabilities. Integrating AMTD with ZTA enhances security posture by preventing credential theft, neutralizing zero-day threats, and reducing attack dwell time, marking a shift towards prevention over detection in cybersecurity.

https://www.morphisec.com/blog/the-evolution-of-cybersecurity-from-zero-trust-to-preemptive-cyber-defense/

Cross-Border Data Compliance: Navigating Public Security Regulations in a Connected World

By CIO / Blog / GDPR

Cross-border data compliance is increasingly influenced by national security concerns amid rising cyber threats. Governments are shifting focus from individual privacy to a balance with security needs, resulting in expanded access for law enforcement, data localization policies, and national security exemptions in regulations. The EU's GDPR is pivotal in cross-border data governance, but other regions lack unified frameworks. Data sovereignty, while necessary for national security, can hinder global innovation. Cooperation among nations and nuanced policies are essential for effective compliance and balanced data management.

https://www.tripwire.com/state-of-security/cross-border-data-compliance-navigating-public-security-regulations-connected

ECJ Ruling on Automated Decision-Making and Data Subject Access : Clyde & Co

By CIO / Blog / AI, GDPR

ECJ ruling (C-203/22) on GDPR access rights clarifies companies must provide “meaningful information” on automated decision-making. Key issues include balancing transparency with trade secrets. Data subjects can access pertinent details on decision-making processes while companies may protect sensitive information on a case-by-case basis. The ruling impacts AI-integrated industries, particularly in insurance, where transparency and regulatory compliance are emphasized.

https://www.clydeco.com/en/insights/2025/03/ecj-ruling-on-automated-decision-making-and-data-s

The Importance of Cyber Security Compliance

By CIO / Blog / regulation, EU, cybersecurity

EU cyber security laws, including NIS2, CRA, CER, DORA, GDPR, and AI Act, mandate compliance for organizations, emphasizing risk management, product safety, and digital resilience. Companies must adapt processes and ensure effective documentation to meet regulatory requirements. Legal advice is vital amid increasing complexity in legislation.

https://www.taylorwessing.com/en/global-data-hub/2025/digital-resilience-and-cyber-security/gdh—the-importance-of-cyber-security-compliance