On 12 May, Ofcom launched a consultation on proposed updates to its General statement of policy under section 105Y of the Communications Act 2003 (the “Statement of Policy”) in respect of how it will assess compliance by public telecommunications operators with their security obligations under the UK telecommunications

Continue Reading UK telecommunications security regulation: Proposed updates to Ofcom incident reporting and enforcement approach and new Security Code of Practice

On 10 June 2026, the Italian Council of Ministers approved, at a preliminary stage, two draft legislative decrees on artificial intelligence.

The first draft concerns the powers of national authorities, supervision, sanctions, testing environments and training, and also contains provisions relating to employment.

The second draft regulates the use of

Continue Reading AI: Italian Government gives initial approval to national implementing decrees

Quantum computing is poised to profoundly reshape the cybersecurity landscape, with significant legal and regulatory implications. By introducing fundamentally different computational methods, enabling the simultaneous processing of multiple possibilities, quantum computing has the potential to undermine and ultimately render many traditional encryption techniques ineffective. The result is a significant systemic

Continue Reading Quantum Computing and the Future of Cyber Security

The KRITIS Umbrella Act (Dachgesetz zur Stärkung der physischen Resilienz kritischer AnlagenKRITISDachG) has been in effect since March 17, 2026. For operators of critical infrastructure in Germany, this means: new obligations, tight deadlines, and hefty fines require swift action. For the first time, the law establishes

Continue Reading KRITIS Umbrella Act Now in Effect: What Critical Infrastructure Operators Need to Know and Do

Organisations increasingly use AI-enabled tools throughout the recruitment process. These tools screen CVs, score suitability, run online assessments, and analyse behaviour. They can speed up hiring and may help reduce the human bias found in traditional recruitment. However, their use often clashes with data protection rules that limit decisions based

Continue Reading UK: ICO Report on Automated Decision-Making in Recruitment

Providers of online coaching services take note: The German Federal Court of Justice (BGH) has recently provided clarity on which coaching offerings qualify as “distance learning” and thus, fall under the approval requirement of the German Distance Learning Act (FernUSG).

Anyone offering digital coaching models without the required official approval

Continue Reading Notable Decision for Digital Coaching Models

On 10 February 2026, the Federal Government adopted its official government draft (Regierungsentwurf) for the AI Market Surveillance and Innovation Promotion Act (KI-Marktüberwachungs- und Innovationsförderungs-GesetzKI-MIG), setting out Germany’s supervisory architecture, enforcement powers, and penalty regime for AI systems under the EU AI Act (

Continue Reading Germany’s AI Implementation Act (KI-MIG): Who are the responsible supervisory authorities?

NIS2, the EU’s second Network and Information Systems Directive, is not going anywhere. While the swathe of organisations newly in scope of the EU’s hallmark cybersecurity directive may have hoped that the EU’s recent announcements on regulatory simplification (including the Digital Omnibus) might have reduced their compliance burden, in

Continue Reading NIS2’s extended scope takes a deep dive: Unpacking the EU Commission’s proposed expansion to Submarine Data Transmission Infrastructure

Conceptually, you think of IoT devices, but the CRA has a far broader scope of application. In this article we examine one of the tricky nuances – distinguishing between a digital product and SaaS under the CRA.

The EU’s Cyber Resilience Act (CRA) looks to reshape product cybersecurity

Continue Reading Cyber Resilience Act: the fine line between SaaS and digital products

Any cloud service provider seeking to offer cloud services to the German public sector will inevitably have to deal with the Supplementary Contractual Conditions for the Procurement of IT Services (Ergänzende Vertragsbedingungen für die Beschaffung von IT-Leistungen – “EVB-IT”). The EVB-IT were developed by the Federal/State/Local Cooperation

Continue Reading EVB-IT Cloud – Standard Contract with Leeway for Cloud Providers

The European Commission has just unveiled its proposal for the Digital Networks Act (DNA). The DNA marks a fundamental shift from regulating traditional “electronic communications” to a broader, cloud-integrated ecosystem of “digital networks”.

In a nutshell: The DNA replaces the fragmented framework of the 2018 Electronic Communications Code (EECC)

Continue Reading From Telecoms to “Digital Networks”: Navigating the EU’s New Digital Networks Act (DNA)