The NIS 2 Directive (Directive 2022/2555) on measures for a high common level of cyber security across the EU has now entered into force. Member states must now incorporate the provisions into their national law by October 2024. NIS 2 will replace its predecessor – NIS (Directive 2016/1148), which was the first cross-sector cyber security law in the EU. NIS 2 has been necessary because the speed at which network and information systems have developed into a central feature of everyday life has led to greater interconnectedness, including in cross-border exchanges and, with this, has come an expansion of the cyber threat landscape. The number, magnitude, sophistication, frequency and impact of incidents are increasing, and can impede the pursuit of economic activities in the internal market, generating financial loss, undermining user confidence and causing major damage to the Union’s economy and society. Cyber security preparedness and effectiveness are therefore now more essential than ever to the proper functioning of the internal market; "adapted, coordinated and innovative responses" are required in all member states, says the EU. NIS was not implemented consistently across member states with, for example, some services being categorised as "essential" in some countries but not in others. Read more

New security assessment rules, which are applicable to the transfer of both important data and personal information outside of China, have been issued for public consultation. Read more

In this bulletin we summarise recent updates relating to cybersecurity and data protection in China to keep you updated on developments. We focus on four areas: regulatory developments, enforcement developments, industry developments and international developments. For further detail, please see our update here.   Read more

In this bulletin we summarise recent updates relating to cybersecurity and data protection in China to keep you updated on developments. We focus on four areas: regulatory developments, enforcement developments, industry developments and international developments. For further detail, please see our update here.   Read more

In this bulletin we summarise recent updates relating to cybersecurity and data protection in China to keep you updated on developments. We focus on four areas: regulatory developments, enforcement developments, industry developments and international developments. For further detail, please see our update here.   Read more

Cryptocurrency exchanges are a significant target for hackers, and there are numerous well-documented examples of significant amounts of cryptocurrency being taken in attacks.  This frequently gives rise to issues of liability and recovery for the individuals who were holding their cryptocurrency with the exchange in question, and the precise basis on which the exchange is … Read more

On 4 November 2019, the UK Government’s Department for Digital, Culture, Media & Sport (“DCMS“) issued the Cyber Security Incentives and Regulation Review 2020: Call for Evidence (the “Review“). The aims of the Review are to: understand the barriers which prevent organisations from improving their cyber security; understand the effectiveness of existing regulations and guidance … Read more

The new Encryption Law, China’s first national law on encryption, was published on 26 October 2019 and will come into force on 1 January 2020. It broadens the current regulatory scope of encryption, liberalises commercial encryption at national-law level and proposes a market-oriented regulatory regime for the commercial encryption industry. Foreign and foreign-invested enterprises are given … Read more