Podcast: Digital Taxation—Implications for EU Technology Companies
Compliance into the Weeds-Episode 39, Disclosure of Ransomware Attacks
Since its announcement during the King’s Speech on 17 July 2024, there has been much anticipation over the contents of the Cyber Security and Resilience Bill (“CS&R Bill“) and in particular the extent to which it will bring...more
The EU’s Digital Operational Resilience Act (DORA) comes into force from 17 January 2025. Under DORA, in-scope regulated financial services (FS) businesses operating in the EU (Firms) face new cybersecurity requirements and...more
FCC Welcomes Comment Regarding BIAS Providers’ Use of Data Caps for Fixed and Mobile Broadband Internet Service: In this Notice of Inquiry (NOI), the Federal Communications Commission (FCC or Commission) seeks comment...more
On 17 October 2024, the European Commission (EC) adopted the final version of the Implementing Regulation concerning cybersecurity risk management measures and further specification of cases in which an incident is considered...more
The European Network and Information Security 2 Directive aims to mitigate threats to network and information systems and ensure the continuity of services in the event of cybersecurity incidents. Member States must pass...more
When the UK Online Safety Act (the "Act") became law on 26 October 2023, it had established one of the most comprehensive online safety regulatory frameworks in the world. The Act's intention is to make the use of online...more
The Corporate Transparency Act (CTA), which became effective on January 1, requires that U.S. and foreign companies authorized to do business in the U.S. (each, a Reporting Company) report specific personal information...more
The European Parliament approved the Network and Information Security 2 Directive (“NIS 2”) last year, expanding the scope of the Network and Information Security Directive (“NIS”). Now Germany has introduced the draft of the...more
Texas has joined Arkansas and Utah as the third state to impose requirements on social media accounts for those under 18. Namely, with the Securing Children Online through Parental Empowerment Act (“SCOPE Act”), Texas will...more
As a former Special Agent for the Federal Bureau of Investigation who investigated cybercrimes involving children, I know from experience that the topic of increasing online protections for minors provoked intense debates...more
The Cybersecurity Administration of China ("CAC") and six other agencies jointly promulgated Interim Measures for the Administration of Generative Artificial Intelligence Services ("Generative AI Measures" or "Rules"), that...more
Updated June 2023 - The BCLP Data Privacy & Security team is tracking EU law developments relevant to data and cyber security. This tracker summarizes the effect and status of the following: the Digital Services Act, the...more
Europe is in the midst of a transformation of its regulatory strategy for digital technologies. The EU has passed or proposed a number of laws affecting digital service providers in a broad range of legal areas and sectors....more
The plenary session of the European Parliament adopted the final versions of the Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) and of the Digital Operational Resilience Act...more
“Digital regulation” is a legislative concept and trend which has grown exponentially in recent years and looks set to develop for many more years to come....more
Nearly a year after issuing the notice of proposed rulemaking, the FDIC, OCC, and Federal Reserve have issued a final rule setting new notification requirements for banks and their third-party service providers in the event...more
A group of Dutch regulators announced the establishment of the Digital Regulation Collaboration Platform (Samenwerkingsplatform Digitale Toezichthouders, or Platform). The Dutch Data Protection Authority (Autoriteit...more
On July 19, 2021, the Federal Bureau of Investigations issued a Private Industry Notification to service providers and “entities associated with the Tokyo 2020 Summer Olympics that cyber actors who wish to disrupt the event...more
Colorado just became the third state to pass a comprehensive data privacy law, creating more challenges for businesses trying to navigate a variety of state, federal, and international privacy regimes. The Colorado Privacy...more
Last week, we posted on the guidance issued by the US Department of Labor (DOL) for plan sponsors, plan fiduciaries, recordkeepers, and plan participants on cybersecurity best practices. Last week’s post focused on the...more
On April 14, 2021, the Department of Labor (“DOL”) issued three documents that provide cybersecurity guidance for plan sponsors, fiduciaries, recordkeepers, and plan participants. Cybersecurity has become an increasingly...more
On 16 December 2020, the EU released its proposed revisions to the existing Directive 2016/1148 on the security of network and information systems (NIS2)....more
On March 11, The California Attorney General (CA AG) released a second set of modifications to the proposed regulations implementing the California Consumer Privacy Act (CCPA)....more
On February 7, 2020, and again on February 10, 2020, California Attorney General Xavier Becerra released modified proposed regulations (“Modified Proposed Regulations”) to the California Consumer Privacy Act of 2018, Cal....more
On October 10, 2019, the California Attorney General added to the complexity of the California Consumer Privacy Act of 2018 (“CCPA”) by releasing long-awaited proposed regulations that provide guidance on various elements of...more