Manage digital risk and stay compliant

• General Data Protection Regulation (GDPR) in the EU
• California Consumer Privacy Act (CCPA) and other state laws in the U.S.
• Consent, transparency, and rights of data subjects are key compliance areas.
• HIPAA  (U.S.) a federal law that sets standards for protecting sensitive patient health information.

• Cybersecurity regulations are increasing globally:
  
  • NYDFS Cybersecurity Regulation (U.S.)
  • Digital Operational Resilience Act (DORA) (EU, coming into force in 2025)

• Americans with Disabilities Act (ADA) – U.S. Lawsuits have increasingly targeted poorly designed or inaccessible websites and apps.
• Section 508 of the Rehabilitation Act – U.S. (Federal Agencies)
• Must follow WCAG 2.0 Level AA guidelines (Web Content Accessibility Guidelines).
• EN 301 549 – EU Accessibility Standard Based on WCAG 2.1 and includes broader ICT usability principles.
• WCAG (Web Content Accessibility Guidelines) Not a law by itself, but widely adopted in legal frameworks.

• EU AI Act (Europe) – The First Comprehensive AI Law.      Status: Finalized and adopted in 2024, with phased enforcement starting in 2025–2026.

• Risk-Based Approach:
• High-Risk Systems Must Meet Requirements:
  • Risk management system
  • High-quality datasets
  • Logging, traceability
  • Human oversight
  • Robustness, cybersecurity
  • Registration in an EU database
• Fines: Up to €35 million or 7% of global turnover

 Information Security Management System (ISMS)

A structured approach to managing data security, including:

• Policies
• Processes
• Roles and responsibilities
• Risk assessments
• Controls and objectives

Risk-Based Approach

Organizations must:

• Identify security risks to information assets
• Evaluate and prioritize them
• Implement appropriate controls to mitigate them