The Data Chronicles

Cybersecurity regulation in Europe has entered a period of rapid expansion and fragmentation, moving well beyond traditional data protection into a complex framework governing enterprise security, product security, sector specific obligations, and supply chain risk. 

In this episode of The Data Chronicles, we examine how evolving regimes such as NIS2, the Cyber Resilience Act, DORA, and proposed reforms to the EU Cybersecurity Act are reshaping legal and operational expectations for organizations operating across borders. 

The discussion explores why global “one size fits all” security programs and reliance on baseline standards like ISO and NIST are no longer sufficient on their own, how post Brexit divergence between the EU and U.K. is creating material compliance challenges, and why cybersecurity has shifted from a best practice exercise to enforceable law – requiring tighter integration between legal, IT, and information security teams to execute compliance at scale.

AI enforcement in the United States is emerging through legacy laws, creative pleading theories, and increasing regulatory scrutiny rather than a single statute or regulator.

In this episode of The Data Chronicles, we examine how AI-related risk materializes once it moves into litigation and enforcement — from copyright and privacy class actions to consumer protection claims, product liability, and employment disputes — and why unsettled standards of care, evolving case law, and regulator focus areas are driving uncertainty for companies deploying AI systems.

Cybersecurity enforcement is entering a new phase – one where technical failures are increasingly reframed as fraud risk.

 

This episode of The Data Chronicles explores how the U.S. Department of Justice is using the False Claims Act to pursue alleged misrepresentations about cybersecurity controls, compliance, and incident disclosure in government contracts and grants.

 

We examine emerging enforcement patterns, practical risk signals for contractors, and what organizations should be doing now to reduce exposure, with further insights available in our 2026 False Claims Act Guide.

AI regulatory enforcement is accelerating – often under laws that were conceived well before the unstoppable emergence of AI. This episode of The Data Chronicles examines how regulators and courts across Europe and beyond are applying existing frameworks, from the GDPR to consumer and competition law, to AI development and deployment.

We explore emerging enforcement patterns, including scrutiny of AI training data, transparency obligations, data subject rights, and the growing use of urgent regulatory measures. The discussion also looks ahead to how enforcement may evolve as AI-specific regulation advances, and what these developments signal for organizations operating globally.

AI and intellectual property are evolving fast – and creating real uncertainty for companies building with or around AI. 

This episode of The Data Chronicles breaks down the key IP claims emerging today, from copyright and DMCA theories to right of publicity, trademark, and output based risks. 

We look at how early court decisions are treating AI training and outputs, why plaintiffs are pivoting toward DMCA and misattribution claims, and where regulators like the FTC may (and may not) step in. 

We close with a practical checklist for organizations using or developing AI, as the landscape continues to shift.