On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more
4/16/2025
/ Cybersecurity ,
Data Protection ,
Digital Operational Resilience Act (DORA) ,
EU ,
European Commission ,
Financial Institutions ,
Information Technology ,
Regulatory Requirements ,
Risk Management ,
Subcontractors ,
Third-Party Service Provider
The Artificial Intelligence Act (AI Act) is the world's first comprehensive legal framework for AI regulation, which entered into force on August 1, 2024. The AI Act aims to ensure that AI systems are trustworthy, safe and...more
4/1/2025
/ AI Act ,
Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Enforcement ,
EU ,
European Commission ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector
On 17 October 2024, the European Commission (EC) adopted the final version of the Implementing Regulation concerning cybersecurity risk management measures and further specification of cases in which an incident is considered...more
On 3 October 2023, the European Commission announced a public consultation regarding the draft implementing regulation (Draft Regulation) establishing the European Common Criteria-based cybersecurity certification scheme...more
The President of India gave assent for the Digital Personal Data Protection Bill 2023 on 11 August 2023, a matter of days after it had been passed by both the Lower and Upper House. The Digital Personal Data Protection Act...more
The White House announced on 21 July 2023 that seven companies involved in development of artificial intelligence (AI) technology had voluntarily committed to manage the risks posed by AI. These companies are: Amazon,...more
The Court of Justice of the European Union (CJEU) published its decision in the case of J.M. v Pankki S (Case C‑579/21) on 22 June 2023....more
The Pakistan Ministry of Information Technology and Telecommunication (MITT) released a new draft of the Personal Data Protection Bill, 2023 (the PDPB) on 19 May 2023. The PDPB aims to regulate the collection, processing,...more
6/5/2023
/ Cybersecurity ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Pakistan ,
Personal Data
The first week of May 2023 saw further EU case law emerge on the right to compensation under the GDPR, and in this blog we analyse the implications of these latest rulings and consider what may be coming next....more
The European Parliament’s committees for Civil Liberties, Justice and Home Affairs (LIBE) and for Internal Market and Consumer Protection (IMCO) adopted a report setting out the Parliament’s vision for the proposed EU...more
The Court of Justice of the European Union (CJEU) issued on 4 May 2023 three decisions in cases concerning interpretation of key aspects of the GDPR. It also published three opinions of the Advocate General (AG). Below is a...more
The Court of Justice of the European Union (CJEU) considered appropriate conditions that apply in respect of specific national legislation which EU member states may adopt under Article 88 GDPR to regulate the processing of...more
The European Data Protection Board (EDPB) held its 77th plenary meeting on 28 March 2023. The EDPB considered the following key topics...more
The European Data Protection Board (EDPB) issued its opinion on the draft adequacy decision of the European Commission (Draft Decision) regarding the EU-US Data Privacy Framework (DPF) on 28 February 2023. The DPF is a...more
The Italian supervisory authority (Garante) issued an urgent order against Luka Inc. (Luka), a US-based developer and operator of the online app “Replika” (Replika), an artificial intelligence (AI) chatbot on 2 February 2023....more
The U.S. National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce published its AI Risk Management Framework (AI RMF) on 26 January 2023, a guidance document for organisations designing,...more
2/9/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Information Technology ,
Innovative Technology ,
Machine Learning ,
NIST ,
OECD ,
Online Platforms ,
Popular ,
Risk Management
The World Economic Forum (WEF), an influential international non-governmental organisation for public-private cooperation, published its white paper on overcoming the barriers to international data flows on 16 January 2023....more
The Court of Justice of the European Union (CJEU) delivered its judgment in Case C-154/21 Österreichische Post (the Österreichische Post case) on 12 January 2023. The case relates to the interpretation of Art. 15(1)(c) GDPR,...more
The OECD countries adopted the first intergovernmental declaration setting out common approaches to providing privacy and data protection safeguards for governmental access to personal data held by private sector (on 14...more
The plenary session of the European Parliament adopted the final versions of the Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) and of the Digital Operational Resilience Act...more
On 12 October 2022, the European Data Protection Board (EDPB) announced the outcomes of its plenary meeting held on 10 October 2022....more
On 15 September 2022, the European Commission published its proposal for a new Cyber Resilience Act (the Act) that introduces common cybersecurity rules for placing products with digital elements on the EU market. ...more
On 27 July 2022, the Council of State (RVS), the highest administrative court of the Netherlands, published its decision in the VoetbalTV case regarding the interpretation of the legitimate interest legal basis for...more
The European Data Protection Board (EDPB) has adopted, on 16 June 2022, the draft guidelines on certification as a tool for transfers of data to third countries without adequacy status (the Guidelines). The text of the...more
On 16 June 2022, the Canadian Minister of Innovation, Science and Industry and Minister of Justice and Attorney General of Canada introduced the Digital Charter Implementation Act 2022 to modernise the regulation on...more