The European Council and European Parliament recently reached a provisional agreement on the text for the EU’s proposed Directive on minimum cybersecurity standards to be implemented across the EU (NIS2). The text is expected to be formally adopted in the coming months. NIS2 seeks to replace and strengthen the EU’s current Network and Information Society

In line with the government’s commitments in its 2022 National Cyber Strategy, the Department for Digital, Culture, Media & Sport (DCMS) launched a consultation on 19 January 2022 outlining its proposals for new measures to strengthen the cyber security of businesses in the UK.

The UK government acknowledges that a new legal framework needs

The UK Online Safety Bill was proposed by the UK government to establish a new regulatory framework to tackle harmful content online and usher in a new age of accountability for tech companies. The bill will impose a duty of care on companies that offer user-generated content, in addition to search engines, to protect users

On April 15, 2020, in line with its mandate to support and promote the European Union’s (“EU”) policy on cybersecurity certifications, the EU Agency for Cybersecurity (“ENISA”) released the study “Advancing Software Security in the EU – The Role of the EU Cybersecurity Certification Framework” (the “Study”).1 In the Study, ENISA stresses

As new technologies develop, the smart grid and smart devices become increasingly interconnected and exposed to security incidents. The critical nature of energy infrastructure (and the vital nature of energy supply) demands the attention of cybersecurity policies and initiatives. On April 3, 2019, the EU Commission issued its recommendations on cybersecurity in the energy sector—actions

Cybersecurity and data privacy presented some of the most complex legal questions and business risks that multinational companies faced in 2018. Businesses should expect continued growth in cyber and data privacy challenges in 2019.

Cyber attacks became even more sophisticated and severe in 2018, with incidents ranging from exfiltration and extortion schemes, to attacks on

A political agreement was reached between the European Parliament, the Council of the European Union (EU) and the European Commission on the EU Cybersecurity Act (Act) and announced on December 10, 2018. The pace of the adoption of the Act (with less than three months of discussions among the EU institutions) confirms that cybersecurity

The General Data Protection Regulation (“GDPR”) entered into force on May 25, 2018 (“GDPR Day”). Introducing a new regime for the protection of personal data in the European Union (“EU”), the GDPR imposes new obligations on organizations dealing with personal data.

Under the GDPR, a personal data breach is defined as “a breach of security

On June 8, 2018, a political agreement was reached in the European Union (“EU”) that paves the way to an EU framework that would set up certification schemes to apply to a range of online services and connected consumer devices, as well as the transformation of the mandate of the European Union Agency for Network

Efforts to coordinate and enhance cybersecurity across the European Union (“EU”) have taken a step forward with the publication on 19 July 2016 of the new Network and Information Security Directive (2016/1148/EU) (the “Directive”) in the Official Journal of the European Union.

Continue reading.