Legislative Developments in Cybersecurity and Privacy

This document is a report detailing significant legislative developments and enforcement actions related to cybersecurity and privacy in the United States as of March 2025. It outlines the implementation guidelines released by the DOJ and CISA for Executive Order 14117, which restricts the transfer of sensitive personal data to foreign adversaries. The report also discusses state-level actions, including bans on the Chinese-owned DeepSeek AI application due to data security concerns. Furthermore, it highlights proposed consumer data privacy bills across several states aimed at enhancing user rights and data protection measures. The report notes the establishment of the SEC's Cyber and Emerging Technologies Unit to address cyber-related misconduct and fraud, as well as significant enforcement actions against organizations for cybersecurity negligence. Additionally, it addresses the implications of nation-state-backed cyber threats and vulnerabilities in medical devices, emphasizing the need for organizations to adapt their cybersecurity strategies in response to evolving threats.