Insights

Washington – February 23, 2021: Chambers and Partners has ranked three Crowell & Moring practice groups and ten individual lawyers in the Chambers Global 2021 guide. The rankings are driven by independent interviews of clients and members of the legal community.

Washington – April 23, 2020: Chambers and Partners has ranked 53 Crowell & Moring lawyers in 62 rankings across 33 categories in the Chambers USA 2020 guide. In addition, 21 practice areas were also ranked in the guide. The regional and national rankings are driven by independent interviews of clients and lawyers.

The National Institute of Standards and Technology (“NIST”) recently released draft guidelines for applying NIST’s Cybersecurity Framework to organizations adopting artificial intelligence. NIST requests public comments on its “Initial Preliminary Draft” Cybersecurity Framework Profile for Artificial Intelligence (the “Cyber AI Profile”) by midnight on January 30, 2026. 

In an important first, the yearly defense policy law, the National Defense Authorization Act (NDAA) for Fiscal Year 2026, directs the Department of Defense (DoD)  to develop and implement a framework addressing the cybersecurity and physical security of artificial intelligence and machine learning technologies (AI/ML) acquired by the Pentagon.

The California Privacy Protection Agency (“CPPA”) is intensifying its oversight of data brokers with a new dedicated Data Broker Enforcement Strike Force within its Enforcement Division. The strike force will monitor and investigate data brokers’ compliance with their legal obligations under California’s Delete Act and the California Consumer Privacy Act (“CCPA”).

The Asia-Pacific (APAC) region witnessed a rapid digital transformation in 2024, powered by its connectivity and technological innovations. However, these advancements have introduced new vulnerabilities into the region’s digital ecosystem, which more sophisticated and nuanced cyber threats are already exploiting. In Q2 2024 alone, the APAC region experienced an average of 2,510 weekly cyberattacks per organization, marking a 23 percent increase compared to the same period in 2023.

The People’s Republic of China’s data protection laws have evolved rapidly in recent years, reflecting the global trend towards greater data privacy and security. The cornerstone of this legal framework has been a trio of measures: the Cybersecurity Law (CSL), the Data Security Law (DSL), and the Personal Information Protection Law (PIPL). These three laws collectively govern the whole lifecycle of data processing.

The Department of Defense (DoD) has released the highly anticipated second final rule for the Cybersecurity Maturity Model Certification Program (CMMC), ushering in its mandatory implementation that begins on November 10. CMMC is a unified assessment model released by the DoD in response to the growing threat of cyberattacks on and data theft from the Defense Industrial Base.  This program requires every DoD contractor that handles sensitive government data to certify compliance with certain cybersecurity controls.  CMMC brings greater scrutiny to contractors’ cybersecurity compliance and greater risks associated with compliance failures. To achieve certification, contractors must prove that their organizations can meet a myriad of security control obligations, a process that can be daunting without familiarity with the policies, procedures, and practices that will be required when the program is finalized.

Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this episode, Kate Growley overviews Medium Assessments and the importance of them for defense contractors.

Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this episode, hosts Evan Wolff and Kate Growley talk through some key elements that are no longer expected under CMMC 2.0.

Crowell & Moring’s “Byte-Sized Q&A” podcast takes the complex world of government contracts cybersecurity and breaks it down into byte-sized pieces. In this episode, host Kate Growley is joined by Yuan Zhou to talk through how to determine if you’re providing a commercial off-the-shelf – or “COTS” – item and what that means for your contractual cybersecurity obligations.