Photo of Oliver Yaros

Oliver Yaros is a partner in the Intellectual Property & IT Group as well as the Technology & IP Transactions and Cybersecurity & Data Privacy practices of the London office of Mayer Brown. He advises clients on technology and outsourcing transactions with a particular focus on fintech and digital transformation projects, as well as clients operating within a broad range of sectors on data protection matters and cybersecurity incidents, intellectual property transactions and related issues.

Read Oliver's full bio.

The Network and Information Security 2 Directive (EU) 2022/2555 (“NIS2”) entered into force on 16 January 2023. NIS2 sets cyber rules for organizations whose services are considered essential or important for maintaining critical societal and economic activities, such as ensuring the flow of energy or financial transactions. As a Directive, NIS2 must be transposed into

With the announcement of UK General Election for Thursday 4 July 2024, the Data Protection and Digital Information Bill has not completed the legislative process before the end of the current parliamentary session and will therefore not become law.

The Bill would reform the UK’s data protection regime reducing some of the regulatory burden on

The Information Commissioner’s Office (the “ICO”) has clarified the methods it will use to calculate the fines it will issue for breaches of data privacy law in the UK by publishing its latest Data Protection Fining Guidance (the “Guidance“) on 18 March 2024.

The ICO oversees compliance with the UK data protection law,

When the UK Online Safety Act (the “Act“) became law on 26 October 2023, it had established one of the most comprehensive online safety regulatory frameworks in the world. The Act’s intention is to make the use of online services for individuals in the United Kingdom, especially children, safer. It introduces a long

Cybersecurity, artificial intelligence, data and digital markets have been in the focus of the EU legislator, with several new pieces of legislation that will affect businesses in a wide range of sectors. All of these developments have extraterritorial effects and apply to any entity offering relevant services or goods in the EU, regardless of their

On 13 September 2023, negotiations began between European institutions to adopt the text of the EU Cyber Resilience Act (the “CRA”). If adopted, the CRA will impose a set of software security, cybersecurity, and vulnerability management requirements on products with digital elements (i.e., software or hardware products and their remote data processing solutions) placed on

Recent high-profile cyber incidents involving exploitation of software vulnerabilities—such as the SolarWinds and MOVEit incidents—have increased scrutiny of the security of the software upon which corporate and government customers rely. Though phishing and social engineering continue to be leading causes of cyber incidents, there is growing potential legal exposure for companies from security vulnerabilities in

Today, the UK Department for Science, Innovation and Technology announced further details on the new transatlantic data flow mechanism for UK-to-US personal data transfers. In particular, the UK Secretary of State for Science, Innovation, and Technology today laid new adequacy regulations before the UK Parliament to give effect to the proposed arrangement. The deal, announced

India—the fifth largest economy in the world—just passed a comprehensive privacy law. On August 11, 2023, the Digital Personal Data Protection Act, 2023 (the “DPDP”) was approved by the president of India, adding India to the list of global powers with a comprehensive privacy law. The law is expected to come into force in June

The EU Digital Operational Resilience Act (“DORA”) entered into force in January 16, 2023, setting forth security requirements for network and information systems of organizations operating in the financial sector;

Obligations under DORA are to be further detailed by Regulatory Technical Standards (“RTS”) and Implementing Technical Standards (“ITS”), aimed at harmonizing requirements and facilitating implementation;