-
Aug 8, 2024 | 
lexology.com | Nicola Kerr-Shaw |Aleksander Aleksiev
Last month the new Labour government in the UK announced in the King’s Speech that it will introduce new artificial intelligence (AI) rules alongside cybersecurity and digital information bills. A brief overview of these developments is set out below. Artificial IntelligenceTo date, the UK has taken a principles-based, “pro-innovation” approach to AI that relied on the application of existing laws rather than introducing dedicated AI legislation.
-
Apr 18, 2024 | 
lexblog.com | Mark Young |Paul Maynard |Aleksander Aleksiev
In six months’ time, on 17 October 2024, Member State laws that transpose the EU’s revised Network and Information Systems Directive (“NIS2”) will start to apply. As described in more detail in our earlier blog post (here), NIS2 significantly expands the categories of organizations that fall within scope of EU cybersecurity legislation.
-
Apr 18, 2024 | 
lexblog.com | Kristof Van Quathem |Aleksander Aleksiev
In recent months, the European Court of Justice (“CJEU”) issued five judgments providing some clarity on the scope of individuals’ rights to claim compensation for “material and non-material damage” under Article 82 of the GDPR.
-
Apr 18, 2024 | 
lexology.com | Kristof Van Quathem |Aleksander Aleksiev
In recent months, the European Court of Justice (“CJEU”) issued five judgments providing some clarity on the scope of individuals’ rights to claim compensation for “material and non-material damage” under Article 82 of the GDPR.
-
Apr 18, 2024 | 
lexology.com | Mark Young |Paul Maynard |Aleksander Aleksiev
In six months’ time, on 17 October 2024, Member State laws that transpose the EU’s revised Network and Information Systems Directive (“NIS2”) will start to apply. As described in more detail in our earlier blog post (here), NIS2 significantly expands the categories of organizations that fall within scope of EU cybersecurity legislation.
-
Dec 5, 2023 | 
lexblog.com | Mark Young |Aleksander Aleksiev |Bart M.J. Szewczyk
Having served in senior advisory positions in the U.S. government, Bart Szewczyk advises on European and global public policy, particularly on technology, trade and foreign investment, business and human rights, and environmental, social, and governance issues, as well as conducts international arbitration. He also teaches grand strategy as an Adjunct Professor at Sciences Po in Paris and is a Nonresident Senior Fellow at the German Marshall Fund.
-
Dec 5, 2023 | 
lexology.com | Mark Young |Aleksander Aleksiev |Bart M.J. Szewczyk
The recently agreed Cyber Resilience Act isn’t the only new EU cybersecurity rule set to be published this December: by the end of the year, the European Commission is expected to adopt its draft regulations to establish a European cybersecurity certification scheme (“ECCS”). Once finalized, the ECCS will be issued under the European Union’s Cybersecurity Act which allows for voluntary accreditation against the ECCS.
-
Dec 4, 2023 | 
lexblog.com | Aleksander Aleksiev
Yesterday, the European Commission, Council and Parliament announced that they had reached an agreement on the text of the Cyber Resilience Act (“CRA”). As a result, the CRA now looks set to finish its journey through the EU legislative process early next year. As we explained in our prior post about the Commission proposal (here), the CRA will introduce new cybersecurity obligations for a range of digital products sold in Europe.
-
Dec 1, 2023 | 
lexblog.com | Mark Young |Aleksander Aleksiev
Yesterday, the European Commission, Council and Parliament announced that they had reached an agreement on the text of the Cyber Resilience Act (“CRA”). As a result, the CRA now looks set to finish its journey through the EU legislative process early next year. As we explained in our prior post about the Commission proposal (here), the CRA will introduce new cybersecurity obligations for a range of digital products sold in Europe.
-
Nov 20, 2023 | 
lexblog.com | Kristof Van Quathem |Aleksander Aleksiev |Allan Topol
EU advocate general Collins has reiterated that individuals’ right to claim compensation for harm caused by GDPR breaches requires proof of “actual damage suffered” as a result of the breach, and “clear and precise evidence” of such damage – mere hypothetical harms or discomfort are insufficient. The advocate general also found that unauthorised access to data does not amount to “identity theft” as that term is used in the GDPR.
