On 13 September 2023, negotiations began between European institutions to adopt the text of the EU Cyber Resilience Act (the “CRA”). If adopted, the CRA will impose a set of software security, cybersecurity, and vulnerability management requirements on products with digital elements (i.e., software or hardware products and their remote data processing solutions) placed on
Livia Crepaldi Wolf
UK Government Announces New UK-US Data Bridge
Today, the UK Department for Science, Innovation and Technology announced further details on the new transatlantic data flow mechanism for UK-to-US personal data transfers. In particular, the UK Secretary of State for Science, Innovation, and Technology today laid new adequacy regulations before the UK Parliament to give effect to the proposed arrangement. The deal, announced…
Draft Technical Standards for DORA Now Available
The EU Digital Operational Resilience Act (“DORA”) entered into force in January 16, 2023, setting forth security requirements for network and information systems of organizations operating in the financial sector;
Obligations under DORA are to be further detailed by Regulatory Technical Standards (“RTS”) and Implementing Technical Standards (“ITS”), aimed at harmonizing requirements and facilitating implementation;…
EU Commission Adopts Adequacy Decision for EU-US Data Privacy Framework
On July 10, 2023, the European Commission (“Commission”) adopted an adequacy decision for the EU-US Data Privacy Framework (“DPF”). The DPF is the successor to the EU-US Privacy Shield, which the Court of Justice of the European Union (“CJEU”) declared invalid in 2020.
This adequacy decision reflects agreement by the Commission that the DPF offers…
European Data Protection Board Issues Opinion on EU-US Data Transfers
On February 28, 2023, the European Data Protection Board (“EDPB”) issued its opinion on the draft adequacy decision of the European Commission (the “Commission”) on the new EU-US Data Privacy Framework (“DPF”). The EDPB expressed reservations in connection with the DPF, which will now undergo scrutiny by other European institutions.
Who Should Read This Legal…
European Commission Publishes U.S. Draft Adequacy Decision
On 13 December 2022, the European Commission published its draft adequacy decision for EU-U.S. data transfers. The draft decision follows the EU-U.S. announcement of an agreement on a new EU-U.S. Data Privacy Framework (“DPF”) in March 2022 as well as the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (“Executive Order”) signed…