On February 11, 2025, the European Data Protection Board (EDPB) adopted a statement (Statement) on age assurance. The Statement comes at a formative time in the development of age assurance practices, as EU and UK regulatory frameworks increasingly require companies to take steps to identify and protect child users of online services. The Statement outlines key privacy principles that should be followed when developing and deploying age assurance processes, together with the risks to individuals’ rights that can arise.
Continue Reading European Privacy Regulators Issue Guidance on Age AssuranceLaura Brodahl
Understanding the EU’s Cyber Solidarity Act: Key Takeaways
By Cédric Burton, Demian Ahn, Laura Brodahl & Matthew Nuding on
Posted in Cybersecurity
On February 4, 2025, the European Union’s (EU) Cyber Solidarity Act (CSA) entered into force. The CSA aims to harmonize and strengthen the cooperation between EU authorities to improve their capacity to detect and address…
Continue Reading Understanding the EU’s Cyber Solidarity Act: Key TakeawaysRansomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements
Posted in Cybersecurity
On January 14, 2025, the UK government unveiled a proposed framework aimed at combating the rise of ransomware attacks by implementing a payment prevention and reporting regime. This would require companies to not only report all ransomware incidents, but also to declare whether they intend to pay a ransom. The government also announced that it proposes to ban public bodies and infrastructure providers from making ransom payments to cyber attackers. A public consultation is open until April 8, 2025.
Continue Reading Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification RequirementsNew EU Cyber Resilience Requirements for Financial Sector Enter into Force
Posted in European Union
As of January 17, 2025, financial entities and their critical information and communication technology (ICT) service providers need to comply with the new cybersecurity requirements in the Digital Operational Resilience Act (DORA). DORA introduces significant operational and ICT security requirements for a wide range of financial market participants, including banks, insurers, trading platforms, as well as for their ICT service providers.
Continue Reading New EU Cyber Resilience Requirements for Financial Sector Enter into ForceNew EU Cybersecurity Obligations for Connected Devices: What You Need to Know
By Cédric Burton, Laura Brodahl & Jessica O'Neill on
Posted in Cybersecurity
UPDATED: November 20, 2024
On November 20, 2024, the European Union officially published the Cyber Resilience Act (CRA), which introduces cybersecurity obligations for internet-connected hardware and software products offered in the EU (such as wearables). The CRA will enter into force on December 10, 2024 and companies have until September 11, 2026 to comply with the first wave of obligations.
Continue Reading New EU Cybersecurity Obligations for Connected Devices: What You Need to KnowRegulators in Europe Signal Increased Scrutiny of Online Platforms
In recent months, politicians and regulators across a number of jurisdictions have called on operators of online platforms to take seriously their legal obligations to promote a safe online environment. The safety of children online has continued to dominate this conversation, with a recent joint UK-U.S. statement (Statement) declaring that online platforms should “go further and faster in their efforts to protect children.”
This alert sets out the regulatory focus areas of the European Commission (EC), the Irish Coimisiún na Meán (CNAM), and the UK’s online safety regulator Ofcom.
Continue Reading Regulators in Europe Signal Increased Scrutiny of Online Platforms