- What is new: The EU’s Delegated Regulation on Subcontracting has come into force, completing the legal framework of the Digital Operational Resilience Act (DORA). Attention will now turn to enforcement.
- Why it matters:...more
In recent weeks, the EU and UK have both introduced changes to their respective versions of Europe’s landmark privacy legislation, the General Data Protection Regulation (GDPR). These reforms mark the first substantial...more
7/11/2025
/ Compliance ,
Cookies ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
New Legislation ,
Personal Data ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
UK
On 25 June 2025, the European Commission announced its proposal for a “Space Act” that would introduce a new regulatory framework for EU space activities. The proposed framework includes cyber-resilience obligations for EU...more
7/9/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Enforcement ,
EU ,
National Security ,
Outer Space ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management
- On 26 March 2025, the European Health Data Space (EHDS) Regulation entered into force. The regulation establishes a comprehensive framework for health-data sharing and access in the EU, with the dual aim of supporting the...more
6/26/2025
/ Compliance ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
EU ,
Health Care Providers ,
Healthcare ,
Healthcare Reform ,
Intellectual Property Protection ,
Life Sciences ,
Noncompliance ,
Personal Data ,
Regulatory Agenda ,
Regulatory Requirements ,
Shareholders
Recent months have seen a spate of high-profile cyber incidents that have affected UK companies and disrupted supply chains, keeping cybersecurity on the front pages and at the top of UK companies’ agendas. In response to the...more
6/26/2025
/ Corporate Governance ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Privacy ,
EU ,
Legislative Agendas ,
New Legislation ,
Proposed Legislation ,
Regulatory Reform ,
Reporting Requirements ,
Supply Chain ,
Technology ,
UK
Executive Summary -
The EU Data Act, whose requirements apply from 12 September 2025, establishes new rights for businesses and consumers to access data they generated using “connected devices,” limiting the exclusive...more
6/24/2025
/ Cloud Computing ,
Competition ,
Contract Terms ,
DATA Act ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Enforcement ,
EU ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Regulatory Requirements ,
UK
The EU’s Digital Operational Resilience Act (DORA) becomes binding on 17 January 2025. As the compliance deadline approaches, EU financial regulators (ESAs) have issued a flurry of statements on the act, including:
- An...more
1/6/2025
/ Cybersecurity ,
Digital Operational Resilience Act (DORA) ,
EIOPA ,
Enforcement ,
EU ,
European Banking Authority (EBA) ,
European Supervisory Authorities (ESAs) ,
Financial Institutions ,
Financial Services Industry ,
Information and Communication Technology (ICT) ,
Investment Management ,
Policies and Procedures ,
Risk Management
On 30 September 2024, the UK Department of Science, Innovation and Technology announced that the Cyber Security and Resilience Bill (Bill) will be introduced to Parliament in 2025. The Bill was first announced in the King’s...more
10/15/2024
/ Artificial Intelligence ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Digital Services ,
EU ,
Incident Response Plans ,
Intellectual Property Protection ,
Legislative Agendas ,
New Legislation ,
Popular ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management ,
Technology Sector ,
UK
The deadline for EU countries to transpose the expanded cybersecurity directive, NIS 2, into national law is 17 October 2024, but the implementation status varies significantly from country to country. Some of the member...more
10/14/2024
/ Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Deadlines ,
EU ,
National Security ,
Popular ,
Risk Management ,
Technology Sector
With the EU’s AI Act having entered into force on August 1, 2024, companies now need to focus on its implementation. Although the AI Act will not be fully enforceable until August 2, 2027, some obligations will become binding...more
On 5 September 2024, the UK’s data privacy regulator, the Information Commissioner’s Office (ICO), and the UK National Crime Agency (NCA) signed a Memorandum of Understanding (MoU) outlining how they will further collaborate...more
9/13/2024
/ Cybersecurity ,
Data Privacy ,
EU ,
Information Commissioner's Office (ICO) ,
Memorandum of Understanding ,
National Crime Agency (NCA) ,
National Security ,
Ransomware ,
Regulatory Oversight ,
Regulatory Requirements ,
UK
Across industries, companies are facing new and uncertain regulatory pressures and demands in areas including artificial intelligence, sustainability, algorithmic pricing and fintech-bank relations. In this issue of The...more
9/10/2024
/ Algorithms ,
Antitrust Division ,
Artificial Intelligence ,
Banking Sector ,
Board of Directors ,
Competition ,
Corporate Governance ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Enforcement Actions ,
EU ,
Financial Institutions ,
FinTech ,
Multinationals ,
Price-Fixing ,
Regulatory Agenda ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Sustainability ,
Technology Sector ,
UK
As AI systems become more complex, companies are increasingly exposed to reputational, financial and legal risk from developing and deploying AI systems that do not function as intended or that yield problematic outcomes. The...more
9/4/2024
/ Artificial Intelligence ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
EU ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector ,
UK
In Nuctech Warsaw (T-284/24), the EU Court of Justice held that EU subsidiaries can lawfully be required to provide access to email accounts and data held by their overseas parent company. The ruling involved the following...more
8/26/2024
/ Appeals ,
Commercial Litigation ,
Corporate Counsel ,
Corporate Governance ,
Enforcement Actions ,
EU ,
European Commission ,
European Court of Justice (ECJ) ,
Extraterritoriality Rules ,
Foreign Corporations ,
Popular ,
Privacy Laws ,
UK ,
White Collar Crimes
As implementation of the EU’s Digital Operational Resilience Act (DORA) approaches, financial market participants and their technology service providers (both in and out of Europe) face a critical compliance deadline. The new...more
7/19/2024
/ BaFin ,
Cybersecurity ,
Data Privacy ,
EU ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
Financial Markets ,
Financial Regulatory Reform ,
Financial Services Industry ,
Regulatory Agenda ,
Technology Sector ,
UK
Earlier this year, a dedicated policy prepared by the European Central Bank (ECB) came into effect requiring bank management bodies to broaden their collective understanding of and proficiency in identifying and dealing with...more
On 9 May 2024, Skadden held the inaugural London Space Law Symposium, where six panels of Skadden representatives and industry experts discussed legal aspects of the new space economy. The event was held in the Naim Dangoor...more
6/28/2024
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
Financial Institutions ,
International Arbitration ,
International Litigation ,
Legislative Agendas ,
Outer Space ,
Popular ,
Regulatory Agenda ,
Sustainability ,
Taxation ,
Technology Sector ,
UK
Explore the unique considerations for mergers and acquisitions in the AI sector, the return of IPOs, the implications of new Supreme Court decisions and other developments in this edition of Skadden’s quarterly Insights....more
6/27/2024
/ Acquisitions ,
Antitrust Provisions ,
Banking Sector ,
Capital Markets ,
Consumer Financial Products ,
Consumer Protection Laws ,
Corporate Governance ,
Environmental Social & Governance (ESG) ,
EU ,
Executive Compensation ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
FinTech ,
Food and Drug Administration (FDA) ,
Intellectual Property Protection ,
Life Sciences ,
Mergers ,
Private Equity ,
Securities and Exchange Commission (SEC) ,
Shareholders ,
Technology
The newly approved Artificial Intelligence Act (AI Act or the Act) aims to create a secure and trustworthy environment for the development and use of AI in the European Union....more
6/27/2024
/ Artificial Intelligence ,
Compliance ,
Consumer Financial Products ,
Consumer Protection Laws ,
Cybersecurity ,
Data Privacy ,
EU ,
FinTech ,
General Data Protection Regulation (GDPR) ,
Intellectual Property Protection ,
Privacy Laws ,
Technology Sector
On January 31, 2024, the European Commission (EC) adopted the first of a series of initiatives to harmonize cybersecurity certification across the EU: the European Cybersecurity Scheme on Common Criteria (EUCC).
While EUCC...more
On 21 January 2024, a near complete draft version of the proposed text for the EU AI Act was unofficially shared with the public by a European media publication, after which a senior advisor in the European Parliament shared...more