The European Union Cloud Services Scheme (“EUCS”) is a certification framework for cloud services introduced under the EU Cybersecurity Act. Currently still under consultation, the EUCS, once finalised, will be implemented by...more
Aside from the AI Act’s final blessing by the European Parliament earlier in March (extensively covered by our previous Monthly Notes), the past month was dominated by legislative activities across the globe in the field of...more
To help organizations stay on top of the main developments in European digital compliance, Morrison Foerster’s European Digital Regulatory Compliance team reports on some of the main digital regulatory and compliance...more
Montana and Tennessee on Verge of Joining Other States in Passing Comprehensive Privacy Laws - On April 21, 2023, the state legislatures of Montana and Tennessee passed comprehensive privacy legislation bills. To become...more
On September 15, 2022, the European Commission published its Proposal for a Cyber Resilience Act (CRA) which sets out new requirements for hardware and software products in the EU. The CRA applies to hardware and...more
The European Data Protection Supervisor (EDPS) has issued an opinion on the European Union Agency for Cybersecurity’s (ENISA) use of the explicit consent derogation as a legal basis for cross border transfers to the US...more
In the Connected and Automated Mobility (CAM) ecosystem, cybersecurity … should be seen as a core enabler that protects safety and provides value to products and services, and is integrated in the lifecycles of products’ and...more
The European Union Agency for Cybersecurity (ENISA) and the Joint Research Centre of the European Commission (JRC) have issued a joint guidance on “Cybersecurity Challenges in the Update of Artificial Intelligence in...more
On 28 January 2021, the European Union Agency for Cybersecurity (ENISA) released a report on data pseudonymisation techniques (the Report)....more
The European Commission has published a proposed Regulation on digital operational resilience within the financial services sector in the EU. This will replace and harmonise existing guidance in relation to ICT and security...more
On June 27, 2019, the EU Regulation on Information and Communication Technology (Cybersecurity Act or Act) became effective introducing, for the first time, EU-wide rules for the cybersecurity certification of products and...more
The Situation: The European Union's Cybersecurity Act becomes effective on June 27, 2019. The Result: The Act will strengthen the ability of the European Union Agency for Network and Information Security ("ENISA") to help...more
In this month's Privacy & Cybersecurity Update, we examine several recent U.K.-related cybersecurity developments and the SEC's risk alert reminding investment advisers and broker-dealers to follow through on implementing...more
JONES DAY CYBERSECURITY, PRIVACY & DATA PROTECTION ATTORNEY SPOTLIGHT: Richard Martinez - Europe's new General Data Protection Regulation ("GDPR") is driving an evolution in corporate privacy practices globally. As...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - United States and China Renew Promise Not to Hack - On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
The European Union Agency for Network and Information Security (ENISA), along with three semiconductor companies, recently released a position paper proposing a position for the European Commission (EC) on security and...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
The first European Union-wide rules on cybersecurity have been adopted by the European Parliament. Approved on July 6, 2016, the Directive on Security of Network and Information Systems (NIS Directive) creates new risk...more
European authorities reached a provisional agreement on the Network and Information Security Directive, the first-ever EU-wide cybersecurity standards. Press releases from the European Parliament, European Commission, and...more