On January 14, 2025, the UK government unveiled a proposed framework aimed at combating the rise of ransomware attacks by implementing a payment prevention and reporting regime. This would require companies to not only report all ransomware incidents, but also to declare whether they intend to pay a ransom. The government also announced that it proposes to ban public bodies and infrastructure providers from making ransom payments to cyber attackers. A public consultation is open until April 8, 2025.Continue Reading Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements
Laura Brodahl
New EU Cyber Resilience Requirements for Financial Sector Enter into Force
Posted in European Union
As of January 17, 2025, financial entities and their critical information and communication technology (ICT) service providers need to comply with the new cybersecurity requirements in the Digital Operational Resilience Act (DORA). DORA introduces significant operational and ICT security requirements for a wide range of financial market participants, including banks, insurers, trading platforms, as well as for their ICT service providers.Continue Reading New EU Cyber Resilience Requirements for Financial Sector Enter into Force
New EU Cybersecurity Obligations for Connected Devices: What You Need to Know
By Cédric Burton, Laura Brodahl & Jessica O'Neill on
Posted in Cybersecurity
UPDATED: November 20, 2024
On November 20, 2024, the European Union officially published the Cyber Resilience Act (CRA), which introduces cybersecurity obligations for internet-connected hardware and software products offered in the EU (such as wearables). The CRA will enter into force on December 10, 2024 and companies have until September 11, 2026 to comply with the first wave of obligations.Continue Reading New EU Cybersecurity Obligations for Connected Devices: What You Need to Know
Regulators in Europe Signal Increased Scrutiny of Online Platforms
In recent months, politicians and regulators across a number of jurisdictions have called on operators of online platforms to take seriously their legal obligations to promote a safe online environment. The safety of children online has continued to dominate this conversation, with a recent joint UK-U.S. statement (Statement) declaring that online platforms should “go further and faster in their efforts to protect children.”
This alert sets out the regulatory focus areas of the European Commission (EC), the Irish Coimisiún na Meán (CNAM), and the UK’s online safety regulator Ofcom.Continue Reading Regulators in Europe Signal Increased Scrutiny of Online Platforms
Cybersecurity: A Critical Element in Your 2025 Business Forecast
By Cédric Burton, Demian Ahn & Laura Brodahl on
Posted in Privacy
As cyberattacks become more sophisticated, cybersecurity remains a top concern for regulators, consumers, business partners, and investors. Weak security can cause substantial harm to a company and lead to litigation, reputational damage, and hefty fines. Against that background, the EU is introducing stricter regulations that require robust cyber resilience, mandate board oversight on cybersecurity strategy, and hold board members personally liable for weak security practices.Continue Reading Cybersecurity: A Critical Element in Your 2025 Business Forecast
NIS2: Preparing for EU’s New Cybersecurity Rules
Posted in Cybersecurity
The European Union (EU) has revised its Cybersecurity Directive (NIS2). The new rules will apply to a wide range of companies in many sectors, create new cybersecurity obligations, and impose high fines for noncompliance. EU countries have until October 17, 2024, to transpose the new rules. As the deadline approaches, companies should assess the impact on their cybersecurity strategy. This alert summarizes the key obligations for businesses.Continue Reading NIS2: Preparing for EU’s New Cybersecurity Rules