On February 11, 2025, the European Data Protection Board (EDPB) adopted a statement (Statement) on age assurance. The Statement comes at a formative time in the development of age assurance practices, as EU and UK regulatory frameworks increasingly require companies to take steps to identify and protect child users of online services. The Statement outlines key privacy principles that should be followed when developing and deploying age assurance processes, together with the risks to individuals’ rights that can arise.Continue Reading European Privacy Regulators Issue Guidance on Age Assurance
Tom Evans
Upcoming Reporting Obligations Under the EU Digital Services Act
By Laura De Boel, Tom Evans & Claudia Chan on
Posted in Privacy
Services subject to the EU’s Digital Services Act (DSA) will be required to publish their annual transparency report by February 16, 2025. This includes providers of hosting services, online platforms, very large online platforms (VLOP)…
Continue Reading Upcoming Reporting Obligations Under the EU Digital Services ActRansomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements
Posted in Cybersecurity
On January 14, 2025, the UK government unveiled a proposed framework aimed at combating the rise of ransomware attacks by implementing a payment prevention and reporting regime. This would require companies to not only report all ransomware incidents, but also to declare whether they intend to pay a ransom. The government also announced that it proposes to ban public bodies and infrastructure providers from making ransom payments to cyber attackers. A public consultation is open until April 8, 2025.Continue Reading Ransomware Attacks: UK Government Proposes Ransom Payment Ban and Mandatory Notification Requirements
The UK’s Online Safety Regime Is Coming into Force: Steps to Take Now
Posted in Privacy
In the last month, Ofcom, the regulator tasked with enforcing the UK’s Online Safety Act (OSA), has published guidance enacting requirements under the OSA to carry out illegal harms risk assessments and children’s access assessments. Providers of in-scope services must document an illegal harms risk assessment by March 16, 2025, and a children’s access assessment by April 16, 2025. This alert outlines the steps that in-scope services must take to prepare for these deadlines. For more information on the OSA and its phased implementation, refer to our previous blog post here. Continue Reading The UK’s Online Safety Regime Is Coming into Force: Steps to Take Now
Increased Focus on the Protection of Minors and Age Verification in the EU and the UK
Posted in Privacy
Legislators and regulators across the European Union (EU) and the United Kingdom (UK) are intensifying efforts to enhance the protection of minors online, responding to growing concerns about children’s safety in the digital space. Recent regulations (including the EU Digital Services Act) and guidance impose increasingly strict obligations for providers to restrict access to harmful content for children.Continue Reading Increased Focus on the Protection of Minors and Age Verification in the EU and the UK
Preparing for the UK’s New Online Safety Regime: Timeline and Key Phases
By Nikolaos Theodorakis, Tom Evans & Matthew Nuding on
Posted in Cybersecurity
The UK’s Online Safety Act (OSA) is a landmark law that will require companies to make online services “safe by design” for all individuals, with a particularly high standard of protection required for children. The OSA was enacted in 2023, and its obligations will come into force in phases throughout 2025 and 2026. This blog post explains how the law will be brought into force, and what companies can do to prepare.Continue Reading Preparing for the UK’s New Online Safety Regime: Timeline and Key Phases