The EU Digital Operational Resilience Act (“DORA”) entered into force in January 16, 2023, setting forth security requirements for network and information systems of organizations operating in the financial sector;

Obligations under DORA are to be further detailed by Regulatory Technical Standards (“RTS”) and Implementing Technical Standards (“ITS”), aimed at harmonizing requirements and facilitating implementation;

On July 10, 2023, the European Commission (“Commission”) adopted an adequacy decision for the EU-US Data Privacy Framework (“DPF”). The DPF is the successor to the EU-US Privacy Shield, which the Court of Justice of the European Union (“CJEU”) declared invalid in 2020.

This adequacy decision reflects agreement by the Commission that the DPF offers

On 25 May 2022, the European Commission published Questions and Answers for the New  Standard Contractual Clauses to provide practical guidance on the use of standard contractual clauses (SCCs) and help organisations with their General Data Protection Regulation (GDPR) compliance efforts. The Commission confirmed that the Q&A document will be regularly updated.

Continue reading.

In the 2022 edition of our long-running annual podcast, partners in Mayer Brown’s Technology Transactions practice will discuss trends that will drive and shape technology transactions. This year’s program will focus on convergence of cloud, AI and data; innovation through new and complex collaborations; continued change in cybersecurity and privacy laws and priorities; increasing focus

This article is part three of a four-part series by Mayer Brown on the latest trends in digital transformation. Read part one here and part two here.

The rapid advancement of AI technologies in recent years means that regulators are engaged in a game of catch up. While the existing regulatory landscape is sparse

In this National Cybersecurity Awareness Month conversation, Mayer Brown lawyers from our global practice will discuss the latest legal trends and developments relating to cybersecurity in China, Europe and the UK. Topics will include:

  • The implications for international businesses seeking to comply with China’s new Data Security Law and Personal Information Protection Law in combination

Today, 28 June 2021, the European Commission formally adopted two adequacy decisions with respect of transferring personal data from the European Economic Area (the “EEA”) to the United Kingdom (the “UK”): one under the EU General Data Protection Regulation and one under the EU Law Enforcement Directive. The two decisions come into

On 21 April 2021, the European Commission proposed a new, transformative legal framework to govern the use of artificial intelligence (AI) in the European Union. The proposal adopts a risk-based approach whereby the uses of artificial intelligence are categorised and restricted according to whether they pose an unacceptable, high, or low risk to human safety

On 13 April 2021, the European Data Protection Board (“EDPB“) adopted two opinions  (“Opinions“) concerning draft UK adequacy decisions published by the European Commission  which would permit the free flow of personal data from the European Economic Area (“EEA“) to the UK in the post-Brexit world.

The Opinions largely

On 24 September 2020, the European Commission published a proposal for a new regulation – the Digital Operational Resilience Act (“DORA”) – and an accompanying directive to harmonise digital operational resilience rules for financial organisations in the EU.

Digital operational resilience

Digital operational resilience is the ability to build, assure and review the