On February 4, 2025, the European Union’s (EU) Cyber Solidarity Act (CSA) entered into force. The CSA aims to harmonize and strengthen the cooperation between EU authorities to improve their capacity to detect and address
Continue Reading Understanding the EU’s Cyber Solidarity Act: Key TakeawaysCédric Burton
Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements
On January 14, 2025, the UK government unveiled a proposed framework aimed at combating the rise of ransomware attacks by implementing a payment prevention and reporting regime. This would require companies to not only report all ransomware incidents, but also to declare whether they intend to pay a ransom. The government also announced that it proposes to ban public bodies and infrastructure providers from making ransom payments to cyber attackers. A public consultation is open until April 8, 2025.Continue Reading Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements
New EU Cyber Resilience Requirements for Financial Sector Enter into Force
As of January 17, 2025, financial entities and their critical information and communication technology (ICT) service providers need to comply with the new cybersecurity requirements in the Digital Operational Resilience Act (DORA). DORA introduces significant operational and ICT security requirements for a wide range of financial market participants, including banks, insurers, trading platforms, as well as for their ICT service providers.Continue Reading New EU Cyber Resilience Requirements for Financial Sector Enter into Force
EU Court Awards Damages for Breach of EU Data Transfer Rules
On January 8, 2025, the second highest court of the European Union (EU), the General Court of the Court of Justice of the EU (the Court), ordered (in Bindl v European Commission, Case T-354/22) the European Commission (EC) to pay EUR 400 in damages to an individual for transferring their personal data to the U.S. without having implemented a data transfer mechanism under EU law.Continue Reading EU Court Awards Damages for Breach of EU Data Transfer Rules
Increased Focus on the Protection of Minors and Age Verification in the EU and the UK
Legislators and regulators across the European Union (EU) and the United Kingdom (UK) are intensifying efforts to enhance the protection of minors online, responding to growing concerns about children’s safety in the digital space. Recent regulations (including the EU Digital Services Act) and guidance impose increasingly strict obligations for providers to restrict access to harmful content for children.Continue Reading Increased Focus on the Protection of Minors and Age Verification in the EU and the UK
EU Privacy Regulators Confirm That Legitimate Interest Is a Valid Legal Basis for AI Model Training and Deployment
On December 18, 2024, the European Data Protection Board (EDPB) published its much-anticipated Opinion on the processing of personal data in the context of AI models in light of the EU General Data Protection Regulation (GDPR).Continue Reading EU Privacy Regulators Confirm That Legitimate Interest Is a Valid Legal Basis for AI Model Training and Deployment
New EU Cybersecurity Obligations for Connected Devices: What You Need to Know
UPDATED: November 20, 2024
On November 20, 2024, the European Union officially published the Cyber Resilience Act (CRA), which introduces cybersecurity obligations for internet-connected hardware and software products offered in the EU (such as wearables). The CRA will enter into force on December 10, 2024 and companies have until September 11, 2026 to comply with the first wave of obligations.Continue Reading New EU Cybersecurity Obligations for Connected Devices: What You Need to Know