EU's AI Code of Practice faces criticism for potential regulatory clashes with existing laws, raising compliance concerns. The third draft may overreach beyond the EU AI Act, complicating legal clarity and contradicting the EU's goal to simplify regulations.
https://www.mofo.com/resources/insights/250306-ai-compliance-or-bureaucratic-burden
TLDR: Identity is now the primary target for cyberattacks due to the fragmented nature of tech stacks and the rise in cloud services. Centralizing Identity can enhance visibility, automate threat response, and improve security integration across systems. Organizations must adopt an Identity-first security strategy to mitigate risks and streamline operations.
https://thehackernews.com/2025/03/identity-new-cybersecurity-battleground.html
ENISA's NIS360 2024 report assesses the cybersecurity maturity and criticality of NIS2 sectors in the EU, identifying improvement areas. Key findings highlight that electricity, telecoms, and banking are the most mature and critical, while digital infrastructures lag. Recommendations stress enhanced sector collaboration, development of specific guidance for NIS2 implementation, and cross-border cooperation. Other sectors like ICT, space, and health face unique challenges requiring tailored guidance and awareness to improve resilience. The report aims to inform national authorities and policymakers for effective strategy development.
EU AI Act prohibits harmful practices in AI systems with hefty fines for non-compliance. Key prohibitions include manipulation, exploitation of vulnerabilities, social scoring, and emotion recognition. Guidelines clarify ambiguous areas, such as applicability to ‘providers' and ‘deployers', AI definitions, and risks in targeted advertising. Violations can incur significant penalties, and there is no grandfathering for existing practices. Compliance requires careful assessment and governance integration to avoid breaches. Enforcement begins after the market surveillance authorities are designated by August 2025.
EU AI Act mandates compliance for AI use in the EU, starting Feb 2025. Noncompliance risks 35M euro fines, impacting all businesses using AI. Act categorizes AI systems by risk and prohibits harmful practices like deceptive AI, social scoring, and predictive policing. CTOs/CIOs must prioritize risk assessments and governance protocols to align with regulations and enhance innovation. Key steps: comprehensive audits, governance implementation, legal engagement, and vendor compliance checks.
Generative AI's workforce impacts vary geospatially compared to previous technologies, often affecting higher-skilled, higher-paid jobs more than lower-wage positions. Research predicts substantial task shifts in occupations linked to generative AI, particularly in white-collar roles. Areas previously insulated from automation are now seeing significant exposure to AI influence, particularly in tech-centric cities like San Francisco and New York. Conversely, rural regions are less susceptible to AI disruptions but may miss out on potential benefits. Policymakers must adapt to this changing landscape to mitigate disparities and address the unique skill needs of affected workers.
93% of organizations updated policies to address CISO liability risks due to regulatory shifts, including increased board involvement and enhanced legal support. Key incidents like the Uber CISO conviction prompted this change. However, a lack of clarity over accountability for cybersecurity incidents persists, with only 36% of firms clearly defining roles.
https://www.infosecurity-magazine.com/news/ciso-liability-risks-policy-changes/
EU AI Act combines fundamental rights with technical standards for AI system certification, raising concerns about due process as standardization bodies assume legislative roles. The Act allows self-certification or third-party assessment against harmonized standards, yet the standards are delayed, risking compliance gaps. This empowers conformity assessment bodies (CABs) to fill voids akin to “activist judges” on human rights issues, despite their lack of expertise in that area. While CABs must maintain objectivity and transparency, they might face challenges aligning with legal frameworks.
Podcast discusses EU AI Act, Colorado AI Act, EDPB guidance on AI and data protection, comparing acts and implications for AI's future.
ZTNA: Security model ensuring access control based on user identity. No trust by default; verifies each request regardless of location. Enforces least privilege, enhances endpoint security, and mitigates risks from breaches.
