The Docket: The SEC's CAT Review Is Really About Privacy, Security, and Market Surveillance
The SEC's CAT review turns market infrastructure into a governance fight over privacy, surveillance scale, retention, and security.
Karla Ortiz-Flores
AI Agent Liability: When Your AI Acts Autonomously, Who Pays?
Your AI agent just booked a flight, sent an email, or deleted a database. It did what you told it to do, except it didn't. Who's liable when AI goes from assistant to autonomous actor?
The Docket: Operation PowerOFF Turned DDoS Customers Into the Next Enforcement Surface
Operation PowerOFF shows DDoS enforcement shifting from infrastructure takedowns toward customer identification, warning campaigns, and demand-side deterrence.
Explain This: The EDPB's DPIA Template Is an Attempt to Standardize Proof
The EDPB's DPIA template matters because it tries to turn fragmented privacy risk assessments into a more uniform evidence standard.
The Docket: Europe Just Turned Privacy Notices Into an Enforcement Target
The EDPB's 2026 transparency sweep turns privacy notices from stale boilerplate into audit evidence that regulators can test across Europe.
The Docket: The UK's Cyber Resilience Bill Is Not Just NIS2 in a Different Accent
The UK's Cyber Security and Resilience Bill matters because it appears to widen the cyber risk perimeter beyond obvious critical infrastructure operators.
Explain This: Why Router DNS Hijacks Become Identity Incidents Fast
The DOJ router disruption matters because DNS hijacks are not just network events. They are quiet identity incidents with ugly evidence problems.