News & Analysis as of

Cybersecurity Risk Management European Commission

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +
Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now.   less -
A&O Shearman

EC publishes draft delegated regulation on subcontracting RTS under DORA

A&O Shearman on

On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more

A&O Shearman

Zooming in on AI #18: Cybersecurity requirements for AI systems

A&O Shearman on

The Artificial Intelligence Act (AI Act) is the world's first comprehensive legal framework for AI regulation, which entered into force on August 1, 2024. The AI Act aims to ensure that AI systems are trustworthy, safe and...more

King & Spalding

EU & UK AI Round-up

King & Spalding on

The first EU & UK AI Round-up, published on 15 January 2025, discussed the important regulatory updates affecting the AI ecosystem in both the EU and the UK that occurred towards the end of 2024. Notably since that update,...more

A&O Shearman

European Commission adopts Delegated Regulation on RTS on threat-led penetration testing under DORA

A&O Shearman on

The European Commission (EC) has adopted a Commission Delegated Regulation supplementing the Digital Operational Resilience Act (DORA) with regard to RTS specifying the criteria used for identifying financial entities...more

Katten Muchin Rosenman LLP

European Commission Rejects Draft DORA RTS on Sub-contracting

Katten Muchin Rosenman LLP on

The European Commission (Commission) recently published a letter (Letter) that it sent to the European Supervisory Authorities (ESAs) rejecting certain draft regulatory technical standards (RTS) under the EU Digital...more

A&O Shearman

European Supervisory Authorities approve terms of reference for new EU systemic cyber incidence co-ordination framework forum...

A&O Shearman on

The European Supervisory Authorities have published the terms of reference for the EU systemic cyber incident co-ordination framework Forum established under the EU Digital Operational Resilience Act. The Forum will be...more

Katten Muchin Rosenman LLP

European Commission Clarifies Definition of “ICT Services” under DORA

Katten Muchin Rosenman LLP on

The European Insurance and Occupational Pensions Authority recently published the European Commission’s response (Q&A 2999) on the question of which services fall under the definition of “ICT services” under Article 3(21) of...more

Hogan Lovells

The European Commission rejects draft Regulatory Technical Standards on subcontracting under the Digital Operational Resilience...

Hogan Lovells on

What has happened: On 21 January 2025, the European Commission sent a letter to the Chair of the Joint Committee of the ESAs with its decision to reject the draft Regulatory Technical Standards (“RTS”) on subcontracting...more

Morgan Lewis - Tech & Sourcing

DORA European Commission Clarifies Scope of ICT Services

Morgan Lewis - Tech & Sourcing on

European regulators recently published clarifications on the scope of ICT services under the EU Digital Operational Resilience Act (DORA), prepared by the European Commission, which confirms previous guidance and enables...more

Hogan Lovells

European Commission confirms that financial services are not ICT services for DORA purposes

Hogan Lovells on

Firms involved in implementing changes to comply with new rules under the EU Digital Operational Resilience Act (DORA) have questioned whether financial services provided by other regulated firms may fall within the...more

Alston & Bird

D-Day for the EU Cyber Resilience Act

Alston & Bird on

Our Privacy, Cyber & Data Strategy Team discusses the new Cyber Resilience Act (CRA) that affects manufacturers and distributors of connected devices that are in use anywhere in the European Union....more

Mayer Brown

New EU Cyber Rules (NIS2) Take Effect; Implementing Rules Adopted

Mayer Brown on

On 17 October 2024, the European Commission adopted the first Implementing Regulation under the Network and Information Security 2 Directive (EU) 2022/2555 (NIS2), focusing on digital infrastructures and services. The...more

DLA Piper

EU: NIS2 Member State Implementation Deadline Has Arrived

DLA Piper on

The Network and Information Systems Directive II (“NIS2“), requires that Member States transpose measures into national law by today (17 October 2024). NIS2 is part of the EU’s Cybersecurity Strategy and repeals and replaces...more

Mayer Brown

New EU Cyber Rules: Implementation of NIS2 in the EU Member States

Mayer Brown on

The Network and Information Security 2 Directive (EU) 2022/2555 ("NIS2") entered into force on 16 January 2023. NIS2 sets cyber rules for organizations whose services are considered essential or important for maintaining...more

McDermott Will & Emery

European Commission Seeks Feedback on NIS2 Draft Cybersecurity Measures

McDermott Will & Emery on

WHAT HAPPENED: On June 27, 2024, the European Commission published for feedback a draft implementing act (draft implementing act) under the Network and Information Security 2 Directive (NIS2). It specifies cybersecurity...more

Ankura

The EU’s AI Act: Obligations of AI Users and GDPR Article 35

Ankura on

In December 2023, European Union (EU) lawmakers reached an agreement on the EU AI Act. In our article titled An Introduction to the EU AI Act, we focused on applicability, thresholds, timing, and penalties related to the EU...more

NAVEX

Key Regulatory Risks for Businesses to Navigate in 2024

NAVEX on

In the dynamic business landscape, regulatory legislation changes are constant. These alterations in laws often feel like an unrelenting force impacting senior leadership, compelling them to reassess and adjust existing...more

Faegre Drinker Biddle & Reath LLP

EU AI Act Agreed

Faegre Drinker Biddle & Reath LLP on

Late on Friday (December 8th), the European Union Commission, Parliament and Council concluded its “trilogue” negotiations for the EU Artificial Intelligence Act. The summary below is based on the information available to...more

Alston & Bird

What You Should Know About the EU Digital Operational Resilience Act

Alston & Bird on

The European Union’s (EU) new Digital Operational Resilience Act (DORA) will go into effect in January 2025. Our Privacy, Cyber & Data Strategy Team digs into DORA and discusses how the new law may impact businesses inside...more

Skadden, Arps, Slate, Meagher & Flom LLP

Privacy & Cybersecurity Update - July 2023

Skadden, Arps, Slate, Meagher & Flom LLP on

In this month’s Privacy & Cybersecurity Update, we examine the newly established data privacy framework between the EU and U.S. and new consumer privacy laws in Oregon and Texas. We also review a court ruling that delayed...more

A&O Shearman

European Parliament adopts its approach to the NIS2 Directive to strengthen cybersecurity obligations

A&O Shearman on

On 28 October 2021, the Committee on Industry, Research and Energy (ITRE) of the European Parliament agreed its approach to the text of the proposed revision to the Network and Information Systems (NIS) Directive (NIS2) and...more

Hogan Lovells

Data class actions in Europe and spotlights in Mexico, Russia and the U.S.

Hogan Lovells on

The General Data Protection Regulation 2016/679 (GDPR) provides means to enforce provisions related to personal data processing by you as a data controller or data processor. It introduces collective actions everywhere in...more

Orrick, Herrington & Sutcliffe LLP

Orrick's Financial Industry Week In Review

Orrick, Herrington & Sutcliffe LLP on

Financial Industry Developments - Agencies Issue Advanced Notice of Proposed Rulemaking on Enhanced Cyber Risk Management Standards - On October 19, 2016, the Federal Reserve Board, the Federal Deposit Insurance...more

23 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide