-
1 week ago | 
jdsupra.com | Mark Booth |Steven A. Farmer |Johanna Lipponen
The CRA will affect a broad range of digital products placed on the EU market (including by those based outside the EU), including connected hardware/devices, software and remote data processing solutions. The EU has adopted Regulation (EU) 2024/2847 (Cyber Resilience Act or CRA), which introduces new cybersecurity requirements for connected products, software and their remote data processing solutions.
-
Dec 10, 2024 | 
openlegalblogarchive.org | Lee L. Rubin |Johanna Lipponen
Skip to content
-
Nov 25, 2024 | 
pillsburylaw.com | Lee L. Rubin |Johanna Lipponen
The ESAs announced on November 15, 2024, that the registers of information must be submitted by competent authorities (i.e., national EU financial services regulators) to the ESAs by April 30, 2025, to assist the ESAs with identifying and designating critical ICT Providers (CTPPs). Our overview of the registers of information and compliance obligations to be undertaken by financial entities can be found here.
-
Nov 5, 2024 | 
jdsupra.com | Mark Booth |Steven Farmer |Johanna Lipponen
The NIS 2 Directive requires a wide range of in-scope organizations to adopt robust cybersecurity measures and incident response plans. Takeaways The NIS 2 Directive widens the scope of the original “NIS 1” Directive to cover more sectors, aiming for stronger EU-wide resilience against cyber threats.
-
Oct 16, 2024 | 
jdsupra.com | Johanna Lipponen |Lee L. Rubin
With the DORA compliance deadline on the horizon at the start of 2025, EU financial entities should be engaging in both internal and external preparations to meet their new regulatory obligations. Takeaways The EU Digital Operational Resilience Act (DORA) Regulation (EU) 2022/2554 becomes effective on January 17, 2025. To ensure compliance by the deadline, financial entities must prepare registers of information and align internal policies and processes with DORA requirements.
-
Jul 26, 2024 | 
pillsburylaw.com | Lee L. Rubin |Johanna Lipponen
As part of the process for completing the registers of information, financial entities should review their existing contracts with ICT Providers to ensure that they contain the mandatory provisions specified by DORA. In parallel, financial entities should be considering necessary updates to their standard form agreements for the outsourcing and/or procurement of ICT services to streamline contractual negotiations with any new ICT Providers.
-
Jun 24, 2024 | 
jdsupra.com | Steven A. Farmer |Johanna Lipponen |Lee L. Rubin
In light of the increasing organizational use of and reliance on software and the concerns raised regarding the malicious use of the same, the UK Government has published a response to its call for views on software resilience and security for businesses and organizations.
-
Mar 28, 2024 | 
jdsupra.com | Mark Booth |Steven A. Farmer |Johanna Lipponen
Electronic identification and trust services (eIDAS) refer to a range of services that include verifying the identity of individuals and businesses online and verifying the authenticity of electronic documents. Since 2014, such services provided in the EU have been subject to the eIDAS Regulation, which aimed to create a predictable regulatory environment across the EU and ensure that interoperability across different EU Member States.
-
Mar 27, 2024 | 
lexblog.com | Steven P. Farmer |Scott Morton |Johanna Lipponen |Mark Booth
Electronic identification and trust services (eIDAS) refer to a range of services that include verifying the identity of individuals and businesses online and verifying the authenticity of electronic documents. Since 2014, such services provided in the EU have been subject to the eIDAS Regulation, which aimed to create a predictable regulatory environment across the EU and ensure that interoperability across different EU Member States.
-
Nov 30, 2023 | 
jdsupra.com | Johanna Lipponen |Lee L. Rubin
The Competition and Markets Authority (CMA), the UK’s competition regulator, announced this month that it plans on publishing an update in March 2024 to its initial report on AI foundation models (published in September 2023). The update will be the result of the CMA launching a “significant programme of engagement” in the UK, the United States and elsewhere to seek views on the initial report and proposed competition and consumer protection principles.
