Although it’s been 2 years since the Dobbs v. Jackson Women’s Health decision from the Supreme Court, various state legislatures and courts have tried to define the new post-Roe landscape. This effort includes new and revised laws to amend existing privacy laws to protect consumer health data. You can find out more on our
Tech & Outsourcing
Cybersecurity preparedness: What guidance to follow?
With cybersecurity becoming a board-level issue, compliance officers, lawyers, board members, and business drivers are looking for official guidance or recommendations on cybersecurity measures to protect business, customers, and the wider economy.Continue Reading Cybersecurity preparedness: What guidance to follow?
UK & US cybersecurity agencies release new ‘Guidelines for Secure AI System Development’
On 26 November 2023, the US Cybersecurity and Infrastructure Security Agency (CISA), together with the UK’s National Cyber Security Centre (NCSC), published joint ‘Guidelines for Secure AI System Development’ (the Guidelines).
The Guidelines were formulated by CISA and the NCSC, in cooperation with 21 other international agencies and ministries, as well as industry experts.Continue Reading UK & US cybersecurity agencies release new ‘Guidelines for Secure AI System Development’
NCSC releases guidance on cyber security in the supply chain
The National Cyber Security Centre (“NCSC“) has published guidance for medium and large organisations on how to assess and improve cyber security in their supply chains. The guidance is a supplement to the NCSC’s supply chain principles. Continue Reading NCSC releases guidance on cyber security in the supply chain
SEC proposal on outsourcing by investment advisers
On October 26, 2022, the Securities and Exchange Commission (SEC) issued a new rule proposal that would prohibit registered investment advisers (IAs) from outsourcing certain services without satisfying due diligence, monitoring and reassessment requirements.Continue Reading SEC proposal on outsourcing by investment advisers
New rules to strengthen and better enforce consumer rights in Germany and the EU
Introduction and Overview
The year 2022 is one of major changes to consumer protection laws in Germany and the EU, namely:
- Changes in connection with digital products and corresponding new provisions for the sale of consumer goods took effect on 1 January 2022 (see our earlier Reed Smith Client Alert Part I).
- New consumer protection rules regarding automatic renewal and notice periods took effect in March 2022.
- Requirements regarding termination buttons will come into force on 1 July 2022 (see our earlier Reed Smith Client Alert Part II).
Continue Reading New rules to strengthen and better enforce consumer rights in Germany and the EU
ECJ Top System ruling grants right to correct software errors
The European Court of Justice (ECJ) ruled on 6 October 2021 in Top System SA v. Belgian State (Case C‑13/20) EU:C:2021:811 that, under article 5(1) of the Software Directive (Council Directive 91/250/EEC) (the Directive), lawful purchasers of software are permitted to decompile programs (in whole or in part) in order to correct errors affecting the…
A summary of the proposed European regulation on digital operational resilience
The European Commission is considering amending the existing rules for the financial sector regarding digital operational resilience, with a view to unifying and strengthening the legal framework in this area.
The proposed change to legislation would amend the existing Network and Information Security (NIS) Directive and create a new regulation on digital operational resilience, known…
Tech Law Talks: Technology transactions trends in 2021
In this episode, Sarah Bruno and LiLing Poh discuss recent trends as organizations invest more in technology through the acquisition of new platforms or programs, or by working with a vendor to bring a product to market. Exploring a case study involving a global pharmaceutical company on the rollout of a health-related digital app,…
PRA extends deadline for responses to consultation on outsourcing and third-party risk management
At the end of 2019, the UK Prudential Regulation Authority (PRA) released its consultation paper (link here) setting out its proposals on a regulatory framework to modernise outsourcing and third-party risk management. The original deadline for responding to the proposals was 3 April 2020, but this has now been extended to 1 October 2020, which was announced as part of the Bank of England’s and the PRA’s measures to respond to the economic shock caused by COVID-19.
Background
In response to the growing dependency on third-party technology solutions (e.g. cloud outsourcing), the PRA wants to highlight the new risks associated with such an increasingly complex and constantly evolving area. As firms find themselves increasingly dependent on such services, any major disruption or outage could result in adverse consequences for financial stability. The consultation seeks to modernise the PRA’s expectations and sets out how firms should comply with existing requirements on such risks.Continue Reading PRA extends deadline for responses to consultation on outsourcing and third-party risk management