Category

Cybersecurity

Category

As the digital landscape continues to evolve, cybersecurity has become a critical concern for businesses operating in Mexico. This article aims to provide an overview of the current state of cybersecurity in Mexico, the legal implications and the crucial role of legal professionals in this domain. We will also discuss the recent legislative developments and the future of cybersecurity in the country. Mexico’s cybersecurity landscape: a statistical overview Mexico has been a significant target for…

Today, the Hungarian Parliament adopted the Act on Cybersecurity in Hungary (“Cybersecurity Act”), which is still awaiting the signature and promulgation of the President of the Republic of Hungary. The Cybersecurity Act provides a new, comprehensive cybersecurity framework, and aims to fully transpose the EU NIS2 Directive into national law and to consolidate the basic cybersecurity legislation into a single piece of legislation. In the light of unification, the Cybersecurity Act repeals partially amending the…

The Impact of the Trump Administration on Cyber Threats, Cyber Laws & Global Insecurity As President-elect Donald Trump prepares to assume office for a second term, the number and complexity of cyberattacks targeting US organizations has continued to rise, with 2024 set to be another record-breaking year for ransomware attacks. Early indications, and the history from the first Trump Administration, suggest that the Trump Administration’s transition team is reimagining the approach to cyber policy and…

In brief On Thursday, November 14, 2024, the U.S. Department of Homeland Security (“DHS”) announced its groundbreaking “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure” (“Framework”). The Framework is a guide for deploying AI safely and securely in all sixteen sectors of U.S. critical infrastructure, including communications, critical manufacturing, energy, financial services, healthcare, and information technology. It emphasizes the importance of risk-based mitigations to reduce potential harms to critical infrastructure and highlights the…

The new Cyber Resilience Act is the first EU regulation on the cyber security of products with digital elements. This includes not only software products, but also smart devices – from connected refrigerators to computer network devices. Software security has been a constant challenge since the dawn of the Internet. Every month, new security vulnerabilities are discovered which affected organizations then try to fix as quickly as possible. When security updates fail or are unavailable,…

In brief Financial institutions, financial services providers and companies otherwise subject to the Banking, Financial Services and Insurance laws of New York State should note that on November 1, 2024, the amendments to the New York Department of Financial Services’ (“NYDFS'”) cybersecurity regulations took effect. “Covered entities” under the amendments still include any licensed financial institution company operating in New York regardless of whether it is already regulated by other government agencies. Additionally, the amendments…

Latin America is experiencing a dynamic shift in its regulatory environment, particularly in the technology sector. Countries across the region are actively updating and introducing new laws to address the rapid advancements in technology and the growing importance of data protection, cybersecurity, and digital finance. These developments are crucial for fostering innovation, ensuring consumer protection, and maintaining competitive markets in the region. Our regional round-up outlines the key legislative and regulatory changes shaping the tech…

In brief The Saudi Data and AI Authority (SDAIA) has published a procedural guide to data breach incidents, notification and response (“Guide”). The Guide supplements the existing notification obligations under the Saudi Personal Data Protection Law (PDPL) and provides organizations with guidance on the various stages of responding to a personal data breach incident. The Guide can be found here. In this article, we have summarized the key takeaways for organizations to consider when implementing response…

The deadline for NIS2 implementation passed on 17 October, but only 6 EU Member States met that deadline, and 14 of the remaining 22 are not expected to have implementing legislation in force before the end of the year. The complexity and breadth of the new regime has clearly presented challenges for Member States, as well as organisations preparing to comply. Our map below shows the status of implementing legislation in each Member State and…

The deadline for Member State implementation of NIS2 is less than a month away, but the majority of Member States we surveyed are likely to miss this deadline. This raises practical compliance challenges for multinationals in Europe, but there are concrete steps organisations can and should take now to prepare. NIS2 repeals and replaces the NIS Directive and harmonizes the EU’s existing cybersecurity framework. It imposes more onerous cybersecurity obligations on entities in a wider…