EU extends the lighter insider-list format to all MAR issuers and replaces the 2022 standard
Issuers and their advisers must move all MAR insider lists to the alleviated format under the new Implementing Regulation before it applies
Data Privacy
42 briefs
FinCEN expands Section 314(b) safe harbour to cover real-time fraud information sharing
AML teams at BSA-regulated institutions can share fraud indicators in real time under the 314(b) safe harbour only if registered and verifying the counterpart is a registrant
HKMA requires multi-CRA resilience and Hong Kong data localisation for consumer credit data
Hong Kong retail and digital banks must engage multiple CRAs with 24-hour switch-over and annual drills, and keep all consumer credit data within Hong Kong
EU sets technical rules for automated cross-border police-records exchange via EPRIS
Member State police authorities and Europol must build and configure EPRIS to the Decision's technical, security and logging specifications to exchange police records
European Commission amends vehicle OBD and repair-information access rules (Delegated Regulation 2026/699)
Vehicle manufacturers must implement the Appendix X procedures for secure, standardised OBD and RMI access (authentication, pseudonymised traceability, API provision, server availability and cybersecurity checks) so independent operators obtain non‑discriminatory, machine‑readable diagnostic and repair data
FTC enforces 48-hour takedown rule for nonconsensual intimate images
Covered platforms must remove valid intimate-image abuse reports within 48 hours
Ofcom fines online forum £950,000 under UK Online Safety Act
Online platforms must prove UK illegal-content controls work in practice
FTC sets 19 May compliance deadline for Take It Down Act removals
Covered platforms must run 48-hour NCII takedown workflows by 19 May
European Commission recommends EU age-verification rollout by end-2026
Member States should file age-verification rollout plans by 30 June and deploy trusted solutions by year-end
California restricts General Motors driving-data sales to data brokers
General Motors data teams face a five-year broker-sale ban for consumer-driving data once the settlement is approved
US Congress extends Section 702 surveillance authority for 45 days
Electronic service providers must keep Section 702 intake and review live for 45 days
Ireland's Supreme Court keeps TikTok data-transfer stay in force
Privacy teams can keep current EU-to-China transfer workflows during the stay