Regulation

Regulatory landscape and business impact

27 analyses

Regulation6 min

SEC and Cybersecurity: The New Disclosure Obligations that have Transformed the Role of the CISO

The SEC's rules on the disclosure of cyber incidents, effective from December 2023, require reporting of material incidents within four business days via Form 8-K. In May 2025, American banking associations petitioned the SEC to revoke the rule. The practical outcome: the CISO has become a direct interlocutor for the board and legal department in materiality decisions.

Read analysis →
Regulation7 min

PL 2338: Brazil Advances in AI Regulation and What Changes for Technology Companies

In December 2024, the Brazilian Senate approved PL 2338/2023, which establishes the regulatory framework for AI in the country. In March 2025, the text was forwarded to the Chamber of Deputies. The law adopts a risk-based approach, with three categories: excessive risk (prohibited), high risk (with stringent requirements), and other systems (general obligations). For developers and operators, the impacts are immediate and structural.

Read analysis →