The Network and Information Security 2 Directive (EU) 2022/2555 (“NIS2”) entered into force on 16 January 2023. NIS2 sets cyber rules for organizations whose services are considered essential or important for maintaining critical societal and economic activities, such as ensuring the flow of energy or financial transactions. As a Directive, NIS2 must be transposed into
Oliver Yaros
Oliver Yaros is a partner in the Intellectual Property & IT Group as well as the Technology & IP Transactions and Cybersecurity & Data Privacy practices of the London office of Mayer Brown. He advises clients on technology and outsourcing transactions with a particular focus on fintech and digital transformation projects, as well as clients operating within a broad range of sectors on data protection matters and cybersecurity incidents, intellectual property transactions and related issues.
Changes to the UK GDPR Shelved (For Now)
With the announcement of UK General Election for Thursday 4 July 2024, the Data Protection and Digital Information Bill has not completed the legislative process before the end of the current parliamentary session and will therefore not become law.
The Bill would reform the UK’s data protection regime reducing some of the regulatory burden on…
UK GDPR and the Price of Non-Compliance: ICO Issues New Guidance on Calculating Fines
The Information Commissioner’s Office (the “ICO”) has clarified the methods it will use to calculate the fines it will issue for breaches of data privacy law in the UK by publishing its latest Data Protection Fining Guidance (the “Guidance“) on 18 March 2024.
The ICO oversees compliance with the UK data protection law,…
The UK Online Safety Regime: Five Months On
When the UK Online Safety Act (the “Act“) became law on 26 October 2023, it had established one of the most comprehensive online safety regulatory frameworks in the world. The Act’s intention is to make the use of online services for individuals in the United Kingdom, especially children, safer. It introduces a long…
Key Forthcoming EU Legislation on Cybersecurity, Artificial Intelligence, Data and Digital Markets
Cybersecurity, artificial intelligence, data and digital markets have been in the focus of the EU legislator, with several new pieces of legislation that will affect businesses in a wide range of sectors. All of these developments have extraterritorial effects and apply to any entity offering relevant services or goods in the EU, regardless of their…
EU Cyber Resilience Act Moves Closer to Adoption
On 13 September 2023, negotiations began between European institutions to adopt the text of the EU Cyber Resilience Act (the “CRA”). If adopted, the CRA will impose a set of software security, cybersecurity, and vulnerability management requirements on products with digital elements (i.e., software or hardware products and their remote data processing solutions) placed on…
Software Security: Recent Policy Actions Highlight Importance of Mitigating Legal Risks
Recent high-profile cyber incidents involving exploitation of software vulnerabilities—such as the SolarWinds and MOVEit incidents—have increased scrutiny of the security of the software upon which corporate and government customers rely. Though phishing and social engineering continue to be leading causes of cyber incidents, there is growing potential legal exposure for companies from security vulnerabilities in…
UK Government Announces New UK-US Data Bridge
Today, the UK Department for Science, Innovation and Technology announced further details on the new transatlantic data flow mechanism for UK-to-US personal data transfers. In particular, the UK Secretary of State for Science, Innovation, and Technology today laid new adequacy regulations before the UK Parliament to give effect to the proposed arrangement. The deal, announced…
India Passes Privacy Law
India—the fifth largest economy in the world—just passed a comprehensive privacy law. On August 11, 2023, the Digital Personal Data Protection Act, 2023 (the “DPDP”) was approved by the president of India, adding India to the list of global powers with a comprehensive privacy law. The law is expected to come into force in June…
Draft Technical Standards for DORA Now Available
The EU Digital Operational Resilience Act (“DORA”) entered into force in January 16, 2023, setting forth security requirements for network and information systems of organizations operating in the financial sector;
Obligations under DORA are to be further detailed by Regulatory Technical Standards (“RTS”) and Implementing Technical Standards (“ITS”), aimed at harmonizing requirements and facilitating implementation;…