Incident Notification Obligations

Subscribe to Incident Notification Obligations

NIS2 Directive New Cybersecurity Rules Expected in the EU

By Ana Hadnes Bruder, David A. Simon & Reece Randall on October 6, 2022

The European Council and European Parliament recently reached a provisional agreement on the text for the EU’s proposed Directive on minimum cybersecurity standards to be implemented across the EU (NIS2). The text is expected to be formally adopted in the coming months. NIS2 seeks to replace and strengthen the EU’s current Network and Information Society…

US National Futures Association Adopts Notification Requirement for Certain Cybersecurity Incidents

By Jeffrey P. Taft & Matthew Bisanz on January 18, 2019

Posted in Breaches & Incident Response, Financial Services, Regulation, United States

On January 7, 2019, the US self-regulatory organization the National Futures Association (“NFA”) announced that it had adopted amendments to its information security requirements that include a cybersecurity incident notification obligation.¹ As discussed below, the NFA’s amendments represent the continued maturation of information security in the US financial services sector and are incremental, rather…