US Congress enacts significant new law mandating cyber incident and ransomware reporting on businesses

On March 15, 2022, US President Joe Biden signed the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA or the Act) into law.  Under its provisions, a broad range of private and public-sector entities operating in “critical infrastructure” sectors will for the first time have mandatory reporting obligations in connection with “cyber incidents” and ransomware attacks.  Specifically, “covered entities” are required to report certain “substantial” cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of the event, and to report ransomware payments within 24 hours of payment. Read more

Hong Kong, can you handle this? The HKMA proposes new standards for operational resilience

Following the HKMA’s 21 April 2021 circular highlighting the additional guidance issued by the BCBS on 31 March 2021, namely the Principles for Operational Resilience and the Revised Principles for Sound Management of Operational Risk, the HKMA launched a consultation on 22 December 2021 on a new proposed Supervisory Policy Manual module OR-2 (Operational Resilience) and proposed amendments to existing SPM modules TM-G-2 (Business Continuity Planning) and OR-1 (Operational Risk Management) in order to align with the BCBS’s operational resilience guidance. Read more

China Cyber Security and Data Protection Update – November 2020

In this bulletin we summarise recent updates relating to cybersecurity and data protection in China to keep you updated on developments. We focus on four areas: regulatory developments, enforcement developments, industry developments and international developments. For further detail, please see our update here.     Read more

UK Telecoms (Security) Bill: Stronger cyber security controls for the UK telecoms sector with a sting in their tail

Today the UK government introduced the Telecommunications (Security) Bill (the “Bill”) to Parliament, to more heavily regulate the UK telecoms sector and improve cyber security risk management, policy and enforcement. With significant sanctions for non-compliance, this “ground breaking” Bill is expected to provide the UK with “one of the toughest telecoms security regimes in the … Read more

China Cyber Security and Data Protection Monthly Update – October 2020

In this bulletin we summarise recent updates relating to cybersecurity and data protection in China to keep you updated on developments. We focus on four areas: regulatory developments, enforcement developments, industry developments and international developments. For further detail, please see our update here.   Read more

China Cyber Security and Data Protection Update – August 2020

In this bulletin we summarise recent updates relating to cybersecurity and data protection in China to keep you updated on developments. We focus on four areas: regulatory developments, enforcement developments, industry developments and international developments. For further detail, please see our update here.   Read more

China Cyber Security and Data Protection Update – July 2020

In this bulletin we summarise recent updates relating to cybersecurity and data protection in China to keep you updated on developments. We focus on four areas: regulatory developments, enforcement developments, industry developments and international developments. For further detail, please see our update here.   Read more

China Cyber Security and Data Protection Update – June 2020

In this bulletin we summarise recent updates relating to cybersecurity and data protection in China to keep you updated on developments. We focus on four areas: regulatory developments, enforcement developments, industry developments and international developments. For further detail, please see our update here.   Read more

New regulation strengthens cyber supply chain security in China

The Cyberspace Administration of China (CAC) and eleven other ministries jointly published the Cybersecurity Review Measures (Review Measures) on 13 April 2020. These replace the previous regulations on the security review of network products and services (click here for our comments on the previous regulations) and impose more stringent scrutiny over the cyber supply chain of critical information infrastructure … Read more