The arrival of NIS2 is only one year away. With significantly enhanced requirements around cybersecurity management extending across the supply chain, increased reporting obligations in the case of cyber breach, and personal liability for senior management, working out whether or not an organisation will be in scope for NIS2 willContinue Reading The NIS2 Enigma: who will be caught by the EU’s updated cyber requirements?
In March, the European Union Agency for Cybersecurity (ENISA) released a report, “Cybersecurity of AI and Standardisation,” which details the landscape of existing, planned, and considered standards pertaining to the cybersecurity of artificial intelligence (AI). The report identifies several gaps in existing approaches to protection of digital infrastructure…Continue Reading ENISA identifies gaps in approaches to the cybersecurity of AI
EU – Publication of DORA
The EU Digital Operational Resilience Act (DORA) has now been published (on 27 December 2022) and entered into force on 16 January 2023.
There will be a 24 month implementation period. Therefore, DORA will apply from 17 January 2025 in all EU Member…Continue Reading Operational Resilience: Update
The technology sector faces a critical moment as economic signs continue to point to a possible downturn. Yet, despite this, our latest Technology Index findings show the industry has managed to remain optimistic thanks to forecasts of increased revenue and ESG opportunities.
As a firm, we launched this unique report…Continue Reading Tech Index 2022: Pathways to Growth in a Troubled World
On 28 September, the European Commission (“Commission”) announced that it had adopted two proposals aimed at bringing European liability rules into the digital age and addressing many of the new issues arising from novel technologies. The first, tasked with updating the existing regime under the Product Liability Directive…Continue Reading The EU readies its rules on liability for AI and the digital age
The proposed Cyber Resilience Act seeks to establish fundamental requirements for all products with digital elements and thereby ensure greater cybersecurity
On 15 September 2022, the European Commission presented its proposal for the Cyber Resilience Act (Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on horizontal…Continue Reading The European Commission’s proposal for the Cyber Resilience Act
The growth of the metaverse emphasizes the need to address the cybersecurity challenges posed by this new multimedia environment.
It is increasingly likely that the metaverse will be subject to cyberattacks that pose a real risk to both the companies that choose to be active in the metaverse and the…
Continue Reading Metaverse and cybersecurity, what are the challenges for the future?
In parallel to the proposal for a Regulation on Artificial Intelligence, the European Commission has also presented a proposal for the new Machinery Regulation 2021 (Machinery Regulation), that will replace the Machinery Directive currently in force (Directive 2006/42/EC).
In the first part of our analysis (available here…
Continue Reading The interplay between the new Machinery Regulation and Artificial Intelligence, IoT, cybersecurity and the human-machine relationship
On 10 November 2021, the UK Supreme Court in a unanimous judgment allowed Google’s appeal against the Court of Appeal decision granting Mr Lloyd permission to continue his representative claim (i.e. a US-style opt-out “class action”) against Google. The judgment brings very welcome clarification in a rapidly evolving area of…
Continue Reading Lloyd v Google – Supreme Court Judgment – report and impacts on data protection and mass claims in the UK
Since its inception 30 years ago, the Computer Misuse Act 1990 (CMA) has acted as the primary legislative sword and shield of the UK against a threatening, and ever-growing, cloud of cyber-enabled crime. It is no longer the case that those exploiting an organisation’s threat-vectors exist in dark basements wearing…
Continue Reading A Blunted Sword and a Chipped Shield: A call for development to the Computer Misuse Act 1990