In order to enforce (i) Decree 53 guiding the Cybersecurity Law and (ii) the Personal Data Protection Decree (i.e., Decree 13), the Ministry of Public Security (“MPS”) has been working on a draft Cybersecurity Administrative Sanctions Decree (“CASD”). By way of background, the first version of the CASD was released for public consultation in September 2021. Last year, the MPS also held a workshop in Hanoi to collect public comments on a version of the…
Every CISO knows it’s not a matter of ‘if’ a cybersecurity incident will occur, but ‘when.’ Fortunately, there’s one name at the top of every CISO’s incident response list: Stephen Reynolds, partner in Baker McKenzie’s Intellectual Property & Technology Practice. Reynolds built a well-deserved reputation as a bulwark between organizations and the cybercriminals who attack them, and he is rightly seen as the man who can make the difference between an organization living on to…
After months of debates, on 24 January 2023, France enacted the Orientation and Programming Law (LOPMI) which introduced amendments to the insurability of losses and damages paid in response to cyber-attacks. At the center of the debates: the insurability of ransom payments. The LOPMI has confirmed such insurability with conditions. Pursuant to article 5 of the LOPMI, introduced under the French Insurance Code at article L. 12-10-1: “The payment of a sum pursuant to an…
In the first of this two-part series, Brian Hengesbaugh, Global Chair of Privacy and Security at Baker McKenzie, is joined by Cyrus Vance Jr., Global Chair of Cybersecurity, as the two discuss the alarming increase in cybercrimes, looking broadly at the trends, public safety risks and legal implications for the business community, particularly as it pertains to boards and senior management navigating the current threat landscape. Listen to learn more about: Why it is difficult to…
In brief Critical infrastructure has been the focus of several recent US cyber readiness initiatives, although the results have left a patchwork of regulations that may be enforced differently across sectors and federal agencies. As an example, in March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which will require critical infrastructure organizations to report cyber incidents and ransom payments to the US Cybersecurity and Infrastructure…
The European Commission proposed its first draft of the cybersecurity legislation, the Cyber Resilience Act (“CRA”), on 15 September 2022. The CRA is one part of a range of EU legislative measures aimed at increasing the overall cyber security and cyber resilience of the EU and businesses operating within it. The CRA will create a new regulatory framework and set of rules for software and hardware products falling under the definition of “products with digital…
Cybercrime is an increasingly pressing problem for societies at large, with digital transformation, remote working and geopolitical issues bringing about increased cyber threats and attacks. In 2016 the European Parliament adopted the Network and Information Security Directive (NISD), the first EU-wide legislation on cybersecurity, and the revised legislation, NIS2, has just been published. NISD required the implementation of certain risk management and reporting obligations on operators of essential services (OES), which included entities maintaining critical…
Trillions of dollars are spent on M&A each year, yet reports suggest that less than 10% of deals integrate cybersecurity into the due diligence process.1 Despite the FBI and private watch dog groups raising multiple warning flags about ransomware groups hitting more and more companies in the middle of significant transactions like M&A, and despite increased focus from the FTC and the SEC on data security failures as legitimate reasons for shareholder and government enforcement…
Following President Xi Jinping’s announcement that China would seek to join the newly-created Digital Economy Partnership Agreement (“DEPA”) at the 2021 G20 Summit in Rome, China’s Ministry of Commerce (“MOFCOM”) formally applied for China to join the agreement on November 1, 2021. The DEPA, which is described as the first trade agreement to target the digital economy, has been entered into by New Zealand, Singapore, and Chile. It contains 16 articles covering provisions on facilitating…
The Vietnamese Government has just issued Decree No. 53/2022/ND-CP dated 15 August 2022 detailing a number of articles of the Cybersecurity Law (“Decree 53”).