The European Council and European Parliament recently reached a provisional agreement on the text for the EU’s proposed Directive on minimum cybersecurity standards to be implemented across the EU (NIS2). The text is expected to be formally adopted in the coming months. NIS2 seeks to replace and strengthen the EU’s current Network and Information Society
NIS Directive
UK Government Launches Consultation on Adopting a New Comprehensive Framework Aimed at Enhancing Cyber Security of Businesses
In line with the government’s commitments in its 2022 National Cyber Strategy, the Department for Digital, Culture, Media & Sport (DCMS) launched a consultation on 19 January 2022 outlining its proposals for new measures to strengthen the cyber security of businesses in the UK.
The UK government acknowledges that a new legal framework needs…
Top Developments to look out for in 2022 in Intellectual Property, Information Technology and Data Protection
The UK Online Safety Bill was proposed by the UK government to establish a new regulatory framework to tackle harmful content online and usher in a new age of accountability for tech companies. The bill will impose a duty of care on companies that offer user-generated content, in addition to search engines, to protect users…
“Advancing Software Security in the EU – The Role of the EU Cybersecurity Certification Framework”: ENISA Puts Another Brick Towards a Wall of Cybersecurity Certification Schemes
On April 15, 2020, in line with its mandate to support and promote the European Union’s (“EU”) policy on cybersecurity certifications, the EU Agency for Cybersecurity (“ENISA”) released the study “Advancing Software Security in the EU – The Role of the EU Cybersecurity Certification Framework” (the “Study”).1 In the Study, ENISA stresses…
One Size Does Not Fit All: EU Commission Recommendations on Cybersecurity in the Energy Sector
As new technologies develop, the smart grid and smart devices become increasingly interconnected and exposed to security incidents. The critical nature of energy infrastructure (and the vital nature of energy supply) demands the attention of cybersecurity policies and initiatives. On April 3, 2019, the EU Commission issued its recommendations on cybersecurity in the energy sector—actions…
2019 Outlook: Cybersecurity and Data Privacy
Cybersecurity and data privacy presented some of the most complex legal questions and business risks that multinational companies faced in 2018. Businesses should expect continued growth in cyber and data privacy challenges in 2019.
Cyber attacks became even more sophisticated and severe in 2018, with incidents ranging from exfiltration and extortion schemes, to attacks on…
The EU Cybersecurity Act is (Almost) There
A political agreement was reached between the European Parliament, the Council of the European Union (EU) and the European Commission on the EU Cybersecurity Act (Act) and announced on December 10, 2018. The pace of the adoption of the Act (with less than three months of discussions among the EU institutions) confirms that cybersecurity…
5 Lessons Learned on Data Breach Management after 2 Months of GDPR: Friday Is Calling
The General Data Protection Regulation (“GDPR”) entered into force on May 25, 2018 (“GDPR Day”). Introducing a new regime for the protection of personal data in the European Union (“EU”), the GDPR imposes new obligations on organizations dealing with personal data.
Under the GDPR, a personal data breach is defined as “a breach of security…
Toward An Enhanced EU Cybersecurity Framework: Political Agreement Reached on EU Cybersecurity Act
On June 8, 2018, a political agreement was reached in the European Union (“EU”) that paves the way to an EU framework that would set up certification schemes to apply to a range of online services and connected consumer devices, as well as the transformation of the mandate of the European Union Agency for Network…
A new EU framework on cybersecurity: the Network and Information Security Directive
Efforts to coordinate and enhance cybersecurity across the European Union (“EU”) have taken a step forward with the publication on 19 July 2016 of the new Network and Information Security Directive (2016/1148/EU) (the “Directive”) in the Official Journal of the European Union.