Today’s compliance intelligence digest highlights critical developments in regulatory and third-party risk landscapes. Lapsus$ has resurfaced, threatening Salesforce customers, while new US Commerce Department rules expand export controls. California’s AI safety legislation sets a precedent, and the expiration of cybersecurity information-sharing protections marks a significant shift in policy.
Top 5 Critical Compliance Alerts
- Lapsus$ Returns With Salesforce Leak Site : The cybercriminal collective Lapsus$ has reemerged and is threatening to publish stolen data from Salesforce customers by Oct. 10 if their demands are not met. Read more
- New US Commerce Department Global License Requirements : BIS released the Affiliates Rule, drawing unnamed entities into entity-specific controls to close paths of diversion to blacklisted entities. Read more
- BIS Expands Export Controls to Affiliates : BIS issued an interim final rule expanding export controls to foreign affiliates of parties already subject to restrictions. Read more
- California AI Safety Legislation : California Governor Gavin Newsom signed into law Senate Bill 53 (SB 53), known as the Transparency in Frontier Artificial Intelligence Act (TFAIA). Read more
- Cybersecurity Protections Expire : The legal protections for sharing of cyber threat information among private sector entities and with the federal government were not renewed by Congress and have expired. Read more
Regulatory Updates
- New US Commerce Department Global License Requirements : BIS released the Affiliates Rule, drawing unnamed entities into entity-specific controls to close paths of diversion to blacklisted entities. Read more
- BIS Closes Loophole: New Rule Expands Export Controls to Affiliates : BIS issued an interim final rule expanding export controls to foreign affiliates of parties already subject to restrictions. Read more
- Broadcast Station Filings Due on October 10, 2025 : All radio and television broadcast stations must prepare a list of important issues facing their communities of license and the programs aired during July, August, and September dealing with those issues. Read more
Policy & Governance Updates
- The End of an Era: A Decade of Cybersecurity Protections Expire : The legal protections for sharing of cyber threat information among private sector entities and with the federal government were not renewed by Congress and have expired. Read more
- Landmark California AI Safety Legislation : California Governor Gavin Newsom signed into law Senate Bill 53 (SB 53), known as the Transparency in Frontier Artificial Intelligence Act (TFAIA). Read more
Third-Party Risk & Due Diligence
- Lapsus$ Returns With Salesforce Leak Site : The cybercriminal collective Lapsus$ has reemerged and is threatening to publish stolen data from Salesforce customers by Oct. 10 if their demands are not met. Read more
- Dutch Authorities Arrest Two Teens for Alleged Pro-Russian Espionage : Dutch Prime Minister Dick Schoof described the incident as part of a broader pattern of Russian hybrid attacks against Europe. Read more
