Our latest video highlights the depth and breadth of our Cybersecurity practice through the lens of one of its leaders, Christian Leuthner. Christian outlines our practical, business-first approach to cybersecurity and highlights recent trends shaping the risk landscape. These risks include heightened regulatory scrutiny, supply chain compromises, AI-enabled threats, and the increasing need for robust
AI regulation is accelerating, and the rules are getting real. Our latest client alert breaks down the most consequential developments shaping how AI is built, deployed, and governed across key markets. We highlight where lawmakers and regulators are converging, where they are diverging, and what that means for product design, contracting, governance, and risk. From
The Cyber Security and Resilience Bill (the “Bill”) will be introduced to Parliament in 2025 and will lead to a significant overhaul of the UK’s cybersecurity framework.
At present, the UK’s existing cybersecurity framework is governed by the Network and Information Security Systems (“NIS”) Regulations 2018, which was the national implementation of the EU NIS
In March 2025, the Information Commissioner’s Office (‘ICO’) announced a series of measures to support the UK government’s growth agenda while maintaining strong data protection standards. These measures include a commitment to introduce a statutory code of practice for businesses developing or deploying AI with a focus on data protection safeguards.
The above initiative
UK NIS and critical national infrastructure updates
The UK government recently created a page on the new Cybersecurity and Resilience Bill updating the Network and Information Systems (NIS) Regulations 2018. There is no draft of the bill available yet, but it is confirmed the Bill will cover five sectors (transport, energy, drinking water, health, and
In a rapidly evolving technological landscape, the National Institute of Standards and Technology (NIST) has released crucial guidance on managing risks associated with generative AI (GenAI). Our latest client alert delves into the newly published GenAI Profile (NIST AI 600-1), which outlines 12 potential high-level risks and offers actionable strategies for mitigation by breaking down
On 26 November 2023, the US Cybersecurity and Infrastructure Security Agency (CISA), together with the UK’s National Cyber Security Centre (NCSC), published joint ‘Guidelines for Secure AI System Development’ (the Guidelines).
The Guidelines were formulated by CISA and the NCSC, in cooperation with 21 other international agencies and ministries, as well as industry experts.Continue Reading UK & US cybersecurity agencies release new ‘Guidelines for Secure AI System Development’
On 3 October 2023, the UK Information Commissioner’s Office organised its annual Data Protection Practioner’s Conference 2023 (DPPC 2023). This year its focus was on Cybersecurity – a topic that concerns organisations across the board. Here are the takeaways from the DPPC 2023 (the event sessions available here).Continue Reading The UK Information Commissioner’s Data Protection Practioner’s Conference 2023 on Cybersecurity
On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) adopted new rules specifying enhanced disclosure regarding cybersecurity risk management, strategy governance, and incident disclosure. The SEC first proposed new cybersecurity rules back in March 2022. The agency’s comments to the final rule suggest greater disclosure and improved consistency of disclosures will benefit investors. Several of the key aspects of the final rules are outlined below, and ultimately will probably be navigable for organizations with meaningful incident response and evaluation experience as well as robust risk management programs which already include and evaluate cybersecurity.Continue Reading SEC Issues Final Cybersecurity Rules Enhancing and Modifying Disclosure Requirements: Companies will want to Measure Twice and Cut Once
Please click here to access the source post from our Global Regulatory Enforcement Law Blog.
In this blog, the authors delve into a significant decision by the German Federal Cartel Office (FCO) four years ago, accusing a major technology company of abusive behavior due to alleged violations of the General Data Protection Regulation (GDPR). Recently