The CRA will affect a broad range of digital products placed on the EU market (including by those based outside the EU), including connected hardware/devices, software and remote data processing solutions. The EU has adopted...more
4/16/2025
/ Cybersecurity ,
Data Processors ,
Digital Operational Resilience Act (DORA) ,
Distributors ,
EU ,
General Data Protection Regulation (GDPR) ,
Hardware ,
Importers ,
Manufacturers ,
New Legislation ,
Popular ,
Regulatory Requirements ,
Risk Assessment ,
Software ,
Supply Chain
The UK’s Online Safety Act 2023 (OSA) is a comprehensive piece of legislation designed to regulate social media companies and search services and to increase protections for individuals online. It draws comparisons to the...more
2/19/2025
/ Data Privacy ,
Data Protection ,
Enforcement Actions ,
New Legislation ,
Online Platforms ,
Online Safety for Children ,
Risk Assessment ,
Risk Management ,
Social Media ,
Transparency ,
UK
The first binding obligations of the European Union’s landmark AI legislation, the EU AI Act (the Act), came into effect on February 2, 2025. Essentially, from this date, AI practices which present an unacceptable level of...more
2/4/2025
/ Artificial Intelligence ,
Biometric Information ,
Data Privacy ,
Data Protection ,
EU ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management
The NIS 2 Directive requires a wide range of in-scope organizations to adopt robust cybersecurity measures and incident response plans....more
11/5/2024
/ Compliance ,
Cyber Threats ,
Cybersecurity ,
Employee Training ,
Enforcement ,
EU ,
European Commission ,
Fines ,
General Data Protection Regulation (GDPR) ,
Incident Response Plans ,
Penalties ,
Reporting Requirements ,
Supply Chain
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
10/15/2024
/ CNIL ,
Consent ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Data Retention ,
Enforcement Actions ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Sensitive Personal Information
In a landmark moment for global AI governance, the United States, European Union and United Kingdom have signed the Council of Europe’s framework convention on artificial intelligence and human rights, democracy, and the rule...more
9/17/2024
/ Artificial Intelligence ,
Ethics ,
EU ,
Human Rights ,
Innovative Technology ,
International Treaties ,
Machine Learning ,
Regulatory Agenda ,
Treaties ,
UK ,
United States
The agreed text of the AI Act was published on July 12, 2024, essentially starting the clock on the legal deadlines contained in it. Its obligations will apply in tiered phases, with the first key obligations being enforced...more
7/22/2024
/ Artificial Intelligence ,
Compliance ,
Corporate Counsel ,
Cybersecurity ,
Distributors ,
EU ,
Exemptions ,
Imports ,
Information Governance ,
Machine Learning ,
Manufacturers ,
Recordkeeping Requirements ,
Risk Assessment ,
Supply Chain
On 24 June 2024, the EU adopted its 14th package of sanctions against Russia. The latest measures include: The designation of 116 additional individuals and entities across a number of industries for their responsibility in...more
7/10/2024
/ Asset Freeze ,
Corporate Counsel ,
Economic Sanctions ,
Energy Sector ,
EU ,
Export Controls ,
Exports ,
Financial Services Industry ,
Foreign Policy ,
Importers ,
Imports ,
Natural Gas ,
Russia ,
Ukraine ,
Vessels
In May 2024 the UK passed the new Digital Markets, Competition and Consumers Act (DMCC). Amongst other changes, the DMCC grants the UK Competition and Markets Authority (CMA) new powers to directly impose fines of up to 10%...more
A new report issued in May 2024 by the Centre for European Policy Studies (CEPS), an independent thinktank, is the latest installment to cast concerns over the EU-U.S. Data Privacy Framework (DPF), predicting that it will...more
The FCC’s recent introduction of a new Voluntary Cybersecurity Labelling Program for consumer Internet of Things (IoT) products reflects the continued desire by U.S. regulators to bolster the security of the ever-increasing...more
4/10/2024
/ Compliance ,
Cybersecurity ,
Data Security ,
Distributors ,
EU ,
Imports ,
Internet ,
Internet of Things ,
Manufacturers ,
Regulatory Standards ,
Telecommunications ,
UK
Electronic identification and trust services (eIDAS) refer to a range of services that include verifying the identity of individuals and businesses online and verifying the authenticity of electronic documents. Since 2014,...more
On March 13, 2024, the EU Parliament voted to pass the EU’s much-discussed AI Act (with 523 votes in favor, 46 against and 49 abstentions). For an insight into the AI Act’s progression through the EU lawmaking system, see our...more
The United Kingdom (“UK”) introduced new sanctions against Russia on December 14, 2023 with the European Union (“EU”) also adopting its 12th package of sanctions against Russia on December 18, 2023....more
The Council of the European Union and the European Parliament reached a provisional agreement on a new comprehensive regulation governing AI, known as the “AI Act,” late on Friday night (December 8, 2023). While the final...more
The UK and U.S. Governments have now formalized the UK-U.S. Data Bridge. The U.S. Attorney General designated the UK as a “qualifying state” for the purposes of the Executive Order 14086 on September 18, 2023, and the UK...more
U.S. companies can now self-certify to permit personal data to freely flow from the Europe to the United States.
U.S. organizations can now self-certify their compliance with the EU-U.S. Data Privacy Framework (DPF) to...more
7/27/2023
/ BCRs ,
Data Integrity ,
Data Privacy ,
Data Security ,
Department of Transportation (DOT) ,
Enforcement ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Self-Certification ,
Standard Contractual Clauses ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
There will be additional compliance obligations and mandatory contractual provisions introduced for financial entities and outsourced IT service providers.
The new DORA seeks to strengthen the resilience of financial...more
7/21/2023
/ Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Financial Institutions ,
Financial Services Industry ,
General Data Protection Regulation (GDPR) ,
Information and Communication Technology (ICT) ,
Information Technology ,
Internet Service Providers (ISPs) ,
New Legislation ,
New Regulations ,
Third-Party Service Provider
The European Union (EU) has made steady progress in shaping its proposed AI law, known as the “AI Act.” With the European Parliament approving its preferred version, the AI Act has now entered the final stage of the...more
This post marks the third entry in our Year-in-Review series. For prior posts, click here. Many of the first measures that the United States, European Union and United Kingdom collectively took against Russia in 2022 related...more
This post marks the second entry in our Year-in-Review series. For prior posts, click here. Few sectors have been more affected by the sanctions on Russia than the energy industry....more
On February 24, 2022, the United States (U.S.), European Union (EU), United Kingdom (UK), and other countries issued a barrage of sanctions against the Russian financial sector, cutting off many major banks from the global...more
U’s Ninth Package - On Friday 16 December 2022 the EU issued its ninth package of sanctions against Russia. Under the new package: Asset freezes have been imposed against 174 new individuals and entities including National...more
The EU has published its eighth package of measures and the UK has published a number of new regulations to implement previously announced measures. Split across four regulations, the EU’s eighth package: Introduces new...more
In the final few days of September, the U.S. and global allies issued a number of sanctions and export controls against actors who have supported Russia’s referendums in Ukraine and related attempts to annex four Ukrainian...more