Between January 2023 and June 2024, cyber threats targeting Europe’s financial sector escalated, posing risks to banks, financial service providers, and regulatory bodies. According to the ENISA Threat Landscape: Finance...more
The EU’s Digital Operational Resilience Act (DORA) comes into force from 17 January 2025. Under DORA, in-scope regulated financial services (FS) businesses operating in the EU (Firms) face new cybersecurity requirements and...more
The Cyber Resilience Act (CRA) is a groundbreaking piece of legislation designed to enhance the cybersecurity of digital products and services made available in the EU. Published last week in the Official Journal of the...more
On October 10, 2024, the EU Cyber Resilience Act ("CRA") was adopted by the Council of the European Union....more
The European Union Cloud Services Scheme (“EUCS”) is a certification framework for cloud services introduced under the EU Cybersecurity Act. Currently still under consultation, the EUCS, once finalised, will be implemented by...more
Aside from the AI Act’s final blessing by the European Parliament earlier in March (extensively covered by our previous Monthly Notes), the past month was dominated by legislative activities across the globe in the field of...more
To help organizations stay on top of the main developments in European digital compliance, Morrison Foerster’s European Digital Regulatory Compliance team reports on some of the main digital regulatory and compliance...more
On September 15, 2022, the European Commission published its Proposal for a Cyber Resilience Act (CRA) which sets out new requirements for hardware and software products in the EU. The CRA applies to hardware and...more
In a joint letter this summer, the UK’s data protection regulator (the ICO) and the UK’s National Cyber Security Centre (the NCSC) sought to convey some key messages to the legal profession relevant to advising clients...more
Best Practices for the Virginia Consumer Data Protection Act - The Virginia Consumer Data Protection Act (VCDA) Working Group of the Joint Commission on Technology and Science released its final report on best practices...more
The European Data Protection Supervisor (EDPS) has issued an opinion on the European Union Agency for Cybersecurity’s (ENISA) use of the explicit consent derogation as a legal basis for cross border transfers to the US...more
In the Connected and Automated Mobility (CAM) ecosystem, cybersecurity … should be seen as a core enabler that protects safety and provides value to products and services, and is integrated in the lifecycles of products’ and...more
The Situation: The health care sector is currently going through a digital transformation phase with the promise of achieving improved patient care and higher efficiency—and the implementation of cloud-based services is a...more
The European Union Agency for Cybersecurity (ENISA) and the Joint Research Centre of the European Commission (JRC) have issued a joint guidance on “Cybersecurity Challenges in the Update of Artificial Intelligence in...more
On 28 January 2021, the European Union Agency for Cybersecurity (ENISA) released a report on data pseudonymisation techniques (the Report)....more
The European Commission has published a proposed Regulation on digital operational resilience within the financial services sector in the EU. This will replace and harmonise existing guidance in relation to ICT and security...more
On June 27, 2019, the EU Regulation on Information and Communication Technology (Cybersecurity Act or Act) became effective introducing, for the first time, EU-wide rules for the cybersecurity certification of products and...more
The Situation: The European Union's Cybersecurity Act becomes effective on June 27, 2019. The Result: The Act will strengthen the ability of the European Union Agency for Network and Information Security ("ENISA") to help...more
In this month's Privacy & Cybersecurity Update, we examine several recent U.K.-related cybersecurity developments and the SEC's risk alert reminding investment advisers and broker-dealers to follow through on implementing...more
JONES DAY CYBERSECURITY, PRIVACY & DATA PROTECTION ATTORNEY SPOTLIGHT: Richard Martinez - Europe's new General Data Protection Regulation ("GDPR") is driving an evolution in corporate privacy practices globally. As...more
The Hogan Lovells’ Corporate Insurance Newsletter for November has been published. This provides a round-up of UK, EU and international regulatory developments relevant to UK based insurance market participants. ...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - United States and China Renew Promise Not to Hack - On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
The European Union Agency for Network and Information Security (ENISA), along with three semiconductor companies, recently released a position paper proposing a position for the European Commission (EC) on security and...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more