Susanne Werry

1 month ago | lexology.com | Brooks Allen |Michael E. Leiter |Susanne Werry |Jacob Bell

On February 21, 2025, President Donald Trump issued a presidential memorandum (the Memorandum) signaling that his administration intends to take action with respect to tax and regulatory measures affecting U.S. digital service providers. Although the Memorandum does not itself impose any specific remedies, it calls for studies and recommendations on appropriate responsive measures (e.g., tariffs to counter digital services taxes (DSTs)).

Oct 11, 2024 | lexology.com | Susanne Werry |William Ridgway |David Simon |Nicola Kerr-Shaw |Kata Viktoria Eles

Executive Summary The deadline for EU countries to transpose the expanded cybersecurity directive, NIS 2, into national law is 17 October 2024, but the implementation status varies significantly from country to country. Some of the member states will miss the deadline. In others, the new regulation is expected shortly. NIS 2 significantly expands the scope of NIS 1 and revises how companies are classified.

Sep 25, 2024 | lexology.com | Ken Kumayama |Stuart D. Levi |William Ridgway |David Simon |Nicola Kerr-Shaw |Susanne Werry | +1 more

Key PointsAs AI systems become more complex, companies are increasingly exposed to reputational, financial and legal risks from developing and deploying AI systems that do not function as intended or that yield problematic outcomes. The risks of AI, and the legal and regulatory obligations, differ across industries, and depend on whether the company is the developer of an AI system or an entity that deploys it.

Apr 15, 2024 | lexology.com | Susanne Werry |William Ridgway |David Simon |Kata Viktoria Eles

Executive Summary Valuable insights into the measures European regulators expect businesses to take to protect data privacy can be found in a report from the European Data Protection Board (EDPB) summarizing decisions under the EU’s General Data Protection Regulation (GDPR). Although the decisions were made by authorities in different EU member states and the measures were discussed on a case-by-case basis tailored to specific data breaches, broader lessons can be drawn for other situations.

Mar 27, 2024 | lexology.com | David Simon |Nicola Kerr-Shaw |Susanne Werry |Jonathan Stephenson

Key PointsOn January 31, 2024, the European Commission (EC) adopted the first of a series of initiatives to harmonize cybersecurity certification across the EU: the European Cybersecurity Scheme on Common Criteria (EUCC).