This website uses cookies

Read our Privacy policy and Terms of use for more information.

CyberEyeQ Weekly Podcast — Episode 18

Date: April 24, 2026 | Duration: ~10 minutes

Speakers: Alex Chen (Host), Dr. Sarah Kim (Expert Commentator)

TOP 5 STORIES

  1. EU Digital Omnibus Trilogue — Political Agreement Deadline April 28
  2. FinCEN AML/CFT Program Reform — Comments Due June 9
  3. Colorado AI Act — June 30 Deadline
  4. COPPA Compliance — Now in Effect (April 22)
  5. Basel III Endgame Re-Proposal — Comments Due June 18

TRANSCRIPT

Alex: Welcome back to the CyberEyeQ Weekly Podcast. I'm Alex Chen, and this is your ten-minute briefing on the regulatory stories that actually matter for compliance teams. With me as always is Dr. Sarah Kim, our regulatory analyst. Sarah, we're exactly one week into the COPPA compliance deadline and looking ahead at some major legislative pushes. What should listeners focus on first?

Sarah: Alex, this week is defined by a confluence of critical deadlines and policy momentum, but the most immediate focus should be the EU Digital Omnibus trilogue happening April 28—that's literally four days from now. The trilogue is the final political negotiation session for the Digital Omnibus package, which extends the AI Act's high-risk implementation deadlines and introduces new prohibited practices, including a blanket prohibition on non-consensual AI-generated intimate imagery. The Parliament passed the directive with 569 votes in favor, which is a strong mandate.

Alex: What are the outstanding issues that could still move in the next four days?

Sarah: Four major ones. First, Annex III implementation deadlines. The key question is whether standalone AI systems get December 2, 2027, and embedded systems get August 2, 2028. Parliament, the Commission, and Council are largely aligned on this, so it's probably locked. Second, watermarking deadlines for generative AI. Parliament wants immediate watermarking for all generative output—text, images, audio, video. The Commission and Council prefer a phased approach with a technical-feasibility review period. This is still contested. Third, EU AI Office scope and powers. Parliament favors a broad scope with authority over non-EU AI systems operating in the EU. The Commission and Council prefer narrower scope. And fourth, the non-consensual synthetic intimate imagery prohibition. This is expected to pass with broad support across all three institutions. The trilogue outcome will reshape your 2026 and 2027 AI governance roadmap, so compliance teams should be monitoring press releases on April 28.

Alex: Let's move to FinCEN. We're now one week out from the start of the comment period on the AML overhaul. What's the key insight for listeners?

Sarah: FinCEN, OCC, FDIC, and NCUA released a proposed rule on April 7 that represents the largest anti-money laundering reform in decades. The shift is philosophical. For decades, US compliance has been measured against an existence standard—does your AML program exist, does it cover the required components. FinCEN's proposal replaces that with an effectiveness standard—does your program actually work at preventing, detecting, and disrupting money laundering and terrorist financing. That's a fundamentally different regulatory posture.

Alex: What does effectiveness mean in practice?

Sarah: That's the multimillion-dollar question, and it's why the comment period is so critical. Institutions will be asked to assess whether their transaction monitoring systems, customer due diligence processes, and suspicious activity reporting actually detect money laundering activity in real-time. The rule also includes an innovation safe harbor that explicitly encourages the use of AI and machine learning in AML compliance without additional enforcement risk. That's a first for US financial regulation. Comments are due June 9, so you have roughly 46 days. If you're a financial institution, your compliance team should be drafting comment letters now.

Alex: Let's pivot to Colorado. The state's AI Act is driving a lot of compliance planning right now. Where do we stand?

Sarah: Colorado's SB 24-205 takes effect June 30, which gives organizations exactly 67 days from today to achieve compliance. The law applies to any organization deploying high-risk AI systems that could affect Colorado residents. Covered entities must implement risk management policies, conduct bias audits, perform impact assessments, and disclose AI use to consumers. The Colorado Attorney General can fine up to $20,000 per violation per consumer. NIST AI RMF and ISO 42001 provide safe harbors for organizations that align with those frameworks.

Alex: How many organizations should be worried about Colorado exposure?

Sarah: Any organization deploying AI systems with potential Colorado user impact needs to audit now. That includes e-commerce platforms, hiring and employment platforms, healthcare platforms, financial services, and insurance platforms.

Alex: And COPPA—the deadline passed one week ago. Are there compliance gaps listeners should be aware of?

Sarah: COPPA is not negotiable at this point. Full compliance with the amended FTC rule became mandatory April 22. The requirement is threefold: a written information security program, a written data retention policy, and separate verifiable parental consent for any non-integral disclosure. The biggest area of non-compliance we're tracking is biometric data protection.

Alex: Let's close with Basel III. The endgame re-proposal comment deadline is June 18. How should compliance teams approach this?

Sarah: Basel III Endgame is a Federal Reserve proposal that fundamentally restructures capital requirements for banks under the Advanced Approaches framework. The comment deadline is June 18, so you have 55 days. Category I and II banks need to assess the operational impact of the proposed standardized approach for credit risk, revised internal ratings-based framework, and enhanced operational risk capital requirements.

Alex: Sarah, before we close, three takeaways for compliance teams leaving this podcast.

Sarah: First: the EU Digital Omnibus trilogue closes on April 28. Monitor the outcome closely and be prepared to update your AI Act implementation timeline. Second: Colorado AI Act enforcement begins June 30. Begin your risk management and bias audit documentation today. Third: if you're a financial institution, start drafting your FinCEN AML comment letter this week.

Alex: That's the briefing. Five stories, four urgent deadlines, one clear message: the regulatory velocity is not slowing down. Subscribe to the CyberEyeQ Weekly Newsletter for the full written briefing. Thanks for listening. I'm Alex Chen, she's Dr. Sarah Kim, and we'll see you next week.

Sarah: Thanks Alex. Stay compliant out there.

Episode sourced from CyberEyeQ Weekly Newsletter Issue #18, April 23, 2026.

Keep Reading

© 2026 CyberEyeQ Newsletter.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv