On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more
4/16/2025
/ Cybersecurity ,
Data Protection ,
Digital Operational Resilience Act (DORA) ,
EU ,
European Commission ,
Financial Institutions ,
Information Technology ,
Regulatory Requirements ,
Risk Management ,
Subcontractors ,
Third-Party Service Provider
The Artificial Intelligence Act (AI Act) is the world's first comprehensive legal framework for AI regulation, which entered into force on August 1, 2024. The AI Act aims to ensure that AI systems are trustworthy, safe and...more
4/1/2025
/ AI Act ,
Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Enforcement ,
EU ,
European Commission ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector
On 17 October 2024, the European Commission (EC) adopted the final version of the Implementing Regulation concerning cybersecurity risk management measures and further specification of cases in which an incident is considered...more
We are delighted to present our view of the most important developments in EU digital market regulation. We present our perspective on those developments as a snapshot of the current state of regulatory progress, and it will...more
11/8/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
Machine Learning ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Technology Sector
On 3 October 2023, the European Commission announced a public consultation regarding the draft implementing regulation (Draft Regulation) establishing the European Common Criteria-based cybersecurity certification scheme...more
The Court of Justice of the European Union (CJEU) published its decision in the case of J.M. v Pankki S (Case C‑579/21) on 22 June 2023....more
On 14 June 2023, the European Parliament voted on its approach to the draft Artificial Intelligence Act (the AI Act).
The AI Act is a proposal for a Regulation issued by the European Commission (the Commission) in April...more
Paying a cyber ransom will, allegedly, secure your data and give you back control of your systems. But there are legal, operational and ethical risks to consider....more
On 26 April 2023, in case T-557/20 (Single Resolution Board v EDPS), the Court of Justice of the European Union in its General Court configuration (the Court) annulled the decision of the European Data Protection Supervisor...more
In the five years since the European Union’s General Data Protection Regulation came into force, what have been the main learnings for business, and what will the future hold?...more
The first week of May 2023 saw further EU case law emerge on the right to compensation under the GDPR, and in this blog we analyse the implications of these latest rulings and consider what may be coming next....more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
4/25/2023
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
NIST ,
Popular ,
UK
The European Data Protection Board (EDPB) issued its opinion on the draft adequacy decision of the European Commission (Draft Decision) regarding the EU-US Data Privacy Framework (DPF) on 28 February 2023. The DPF is a...more
Read the latest updates on the progress of legislation and regulation in the EU relating to technology, data, digital markets and cybersecurity....more
The plenary session of the European Parliament adopted the final versions of the Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) and of the Digital Operational Resilience Act...more
On 27 July 2022, the Council of State (RVS), the highest administrative court of the Netherlands, published its decision in the VoetbalTV case regarding the interpretation of the legitimate interest legal basis for...more
On 3 May 2022, the European Commission (the Commission) launched the latest in a long line of data related initiatives intended to support a genuine single market for digital and data within the EU. ...more
On 23 April 2022, the European Parliament and the Council of the European Union reached a political agreement on the Digital Services Act (DSA), as proposed by the European Commission in December 2020....more
We informed you in last week’s Update about a joint statement of EU and US leaders on 25 March 2022 that that the US Government and the European Commission had decided to ''intensify negotiations on an enhanced EU-US Privacy...more
On 3 December 2021, the Council of the European Union (Council) agreed its position on measures for a high common level of cybersecurity across the EU, as set out in the proposed revision to the Network and Information...more
Employers are working in a new and disrupted world, with different volumes and types of data, processed for different purposes, including those driven by societal development, expectations and changing ways of working. These...more
The future of finance is digital. The increased reliance on technology in finance heightens the vulnerability of ICT systems and worsens the impact of a potential cyberattack. To this end, the European Commission (the...more
In 2020 companies around the world were hit by a wave of cybersecurity incidents. Our Amsterdam Technology & Data team spoke with over 30 organisations that represent a cross-section of the Dutch corporate community about...more
On 1 October 2019, the Court of Justice of the European Union (CJEU) issued its long-awaited decision in the case Planet49 (Case C-673/17). The decision clarifies the requirements for valid cookie consent under Directive...more
10/3/2019
/ Consent ,
Cookies ,
Corporate Counsel ,
Cybersecurity ,
Data Protection ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular