The new Cyber Resilience Act is the first EU regulation on the cyber security of products with digital elements. This includes not only software products, but also smart devices â from connected refrigerators to computer network devices. Software security has been a constant challenge since the dawn of the Internet. Every month, new security vulnerabilities are discovered which affected organizations then try to fix as quickly as possible. When security updates fail or are unavailable,…
The deadline for NIS2 implementation passed on 17 October, but only 6 EU Member States met that deadline, and 14 of the remaining 22 are not expected to have implementing legislation in force before the end of the year. The complexity and breadth of the new regime has clearly presented challenges for Member States, as well as organisations preparing to comply. Our map below shows the status of implementing legislation in each Member State and…
The EU AI Act introduces a requirement for organisations to ensure AI literacy, and the clock is ticking for putting measures in place. But there are a lot of myths and misconceptions about what that really means. In this blog post, we tackle the five biggest myths we’ve come across. The main takeaways? Your organisation is caught by this requirement, you donât have long to put your measures in place, and this is not just…
GDPR compliance and inclusion: striking the right balance The General Data Protection Regulation (GDPR) generally prohibits the processing of sensitive data relating to, e.g., an individualâs sexual orientation, religious affiliation, health information or ethnic background unless certain prescribed exceptions are met. In practice, this can be an obstacle for inclusion and diversity initiatives. In todayâs challenging labor market, companies are asking themselves how they can become even more attractive to applicants and employees from diverse…
The use of Artificial Intelligence (AI) can, inadvertently, give rise to issues relating to data protection compliance and equality law. However, used properly, it also provides a unique opportunity to combat implicit systematic discrimination. The new EU AI Act supports such an optimistic approach towards AI. Discrimination through non-automated processes In the public discourse on AI and the associated risks of discrimination, it is often overlooked that human decisions could be unconsciously based on non-objective…
The EU’s new Network and Information Security Directive (NIS2) and its transpositions into the national laws of Member States will â contrary to all political objectives â not only apply to critical infrastructures, but all sectors of the economy. The threats to corporate cybersecurity no longer come from teenage hackers. They come from highly professional international criminal organizations and hostile state actors. In particular, the phenomenon of ransomware â malware that encrypts corporate data and…
In Brief The long-awaited EU AI Act was published in the Official Journal of the European Union today, 12 July 2024. The Act regulates activities across the AI lifecycle, as covered in more detail in our previous post, and the countdown for implementation has now started for companies developing or deploying AI technologies, with the Act entering into force 20 days after its publication on 1 August 2024. The Act as a whole is generally…
On 10 April 2024, the French National Assembly adopted the Bill on Securing and Regulating the Digital Space (known as the “SREN Billâ), following the Senateâs validation a week earlier. The Bill contains a multitude of provisions, regarding a variety of important topics in the digital realm such as the protection of children online and reducing dependence of French companies on cloud service providers. The bill is expected to become law in the coming weeks.…
Where can I find the text of the Data Act? The published text can be found here. What is the Data Act about? What else is governed by the Data Act? Who and what is in scope? 1. Actors, products and services 2. Categories of data Timeline
The EU AI Act was adopted by the European Parliament today and is expected to enter into force within a few months, with its first substantive provisions taking effect before the end of 2024. The EU AI Act applies across the AI lifecycle – from developers to deployers of AI technologies – and organisations across industries have been watching its progress closely. Now that it is finally approved, we set out below whatâs next, and…