Cybersecurity, Data and Tech Archives

In Cybersecurity, Data and Tech

China: CAC issued detailed rules on personal information protection compliance audit

March 15, 2025 by Zhenyu Ruan and Chris Jiang 3 Mins Read

On 12 February 2025, the Cyberspace Administration of China (CAC) issued the Measures for the Administration of Personal Information Compliance Audit (“Audit Measures”), which will take effect from 1 May 2025. The draft of the Audit Measures was first released for solicitation of public comments on 3 August 2023, and it took a year and a half for CAC to finalize the Audit Measures. In the final version of the Audit Measures, there are a few notable changes compared with the draft version, which reflect the evolving and more relaxed data protection regulatory stance of the CAC.

In Cybersecurity, Data and Tech

Saudi Arabia: New guidelines on personal data transfer risk assessment published

March 15, 2025 by Dino Wilkinson, Marilyn Acquah, Maher Ghalloussi and Lucrezia Lorenzini 5 Mins Read

On 25 February 2025, the Saudi Data and Artificial Intelligence Authority published a new set of comprehensive guidelines aimed at ensuring the protection of personal data when transferred or disclosed to entities outside the Kingdom. These guidelines, which are intended for reference purposes and are not binding, provide a systematic approach for organizations to assess and mitigate potential risks associated with such data transfers, ensuring compliance with the Saudi Personal Data Protection Law and its Regulations.

In Cybersecurity, Data and Tech

Singapore: New AI safety initiatives announced, including the Global AI Assurance Pilot

March 15, 2025 by Andy Leck, Ren Jun Lim, Ken Chia, Sanil Khatri and Daryl Seetoh 3 Mins Read

On 11 February 2025, the Singapore government announced new AI safety initiatives, namely: (i) the Global AI Assurance Pilot for best practices around technical testing of generative AI applications; (ii) the Joint Testing Report with Japan; and (iii) the publication of the Singapore AI Safety Red Teaming Challenge Evaluation Report. These initiatives aim to enhance AI governance, innovation and safety standards.

In Cybersecurity, Data and Tech

European Union: DORA update – Upcoming designations of critical third-party providers

March 15, 2025 by Caitlin McErlane, Sue McLean and Ben Thatcher 4 Mins Read

The European Supervisory Authorities are preparing to designate critical third-party service providers under the Digital Operational Resilience Act (DORA). DORA, which came into force on 17 January 2025, enables the ESAs to designate key ICT providers to the EU financial services sector as critical, subjecting them to direct supervisory and oversight obligations. The ESAs have recently published a roadmap indicating their expected timeline for designations – with the final designations expected to be in place by the end of this year.

In Cybersecurity, Data and Tech

Hungary: Software procurement – Considerations to prevent legal problems

March 15, 2025 by Dr. Gaál András LL.M. 5 Mins Read

Digital transformation has become a priority for all major companies. This is being driven only further by the spread of artificial intelligence’s commercial use cases and ever-tightening data protection and cybersecurity regulations. However, procuring enterprise software (concerning both the development of custom-made software and “off-the-shelf” software developed for mass use) may give rise to various legal issues. Promptly identifying and addressing these issues can help prevent considerable legal and operational expenses, as well as other inconveniences.

In Cybersecurity, Data and Tech

United Arab Emirates: Dubai AI Seal identifying trusted AI providers

March 15, 2025 by Dino Wilkinson and Marilyn Acquah 3 Mins Read

The Dubai Centre for Artificial Intelligence has launched a new accreditation known as the Dubai AI Seal (“Seal”), which aims to provide companies with a seal of approval regarding their AI solutions. The Seal is aimed at companies licensed in the Emirate of Dubai and who provide AI-related products and services. The launch of the scheme aligns with the Dubai Universal Blueprint for Artificial Intelligence, a government policy that serves as a roadmap for the acceleration of AI adoption in the UAE.

In Cybersecurity, Data and Tech

European Union: Who does NIS2 apply to and what are the key obligations?

February 21, 2025 by Dr. Lukas Feiler, Dr. Michaela Nebel (geb. Weigl), Caroline Heinickel LL.M. and Silvia Grohmann 2 Mins Read

Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (“NIS2 Directive”) entered into force on 16 January 2023. It had to be transposed into national law by 17 October 2024. Only a small number of member states (among them Hungary, Belgium and Croatia) have transposed the provisions of the NIS2 Directive into national law so far, and it is likely that a significant number of member states will need some time.

In Cybersecurity, Data and Tech

European Union: Navigating the New EU Regulation on Digital Operational Resilience (DORA)

February 21, 2025 by Paula De Biase 6 Mins Read

Regulation (EU) 2022/2554, commonly known as the Digital Operational Resilience Act (DORA), represents a significant step forward in enhancing the digital resilience of the financial sector within the European Union. Adopted by the European Parliament and the Council on 14 December 2022, DORA aims to establish a comprehensive framework to ensure that financial entities can withstand, respond to, and recover from all types of ICT-related disruptions and threats. The regulation entered into force on 17 January 2025, and applies directly across all EU member states.

In Product Regulation & Liability

Ukraine: Further ACCA implementation — new Ukrainian standards on market surveillance and e-commerce

February 19, 2025 by Ario Dehghani 4 Mins Read

The Agreement on Conformity Assessment and Acceptance of Industrial Products (ACAA) is an intermediary step for Ukraine to benefit from the mutual recognition of product quality between the EU and Ukraine until our country becomes a full EU Member State. The ACAA covers 27 groups of industrial goods/technical regulations. Ukraine’s ACAA implementation plan was sequenced in priority sectors to allow a step-by-step sectoral implementation of the ACAA.

In AML & Financial Services Regulatory

Luxembourg: Restricted access to the Register of Beneficial Owners — a shift toward confidentiality

February 19, 2025 by Jean-François Findling, Elodie Duchêne, Jean-François Trapp, Annie Elfassi, Laurent Fessmann and Catherine Martougin 7 Mins Read

On 27 January 2025, the law deriving from draft Bill No. 7961 (“Law”) introducing significant changes to the laws governing the Register of Beneficial Owners (Registre des Bénéficiaires Effectifs (RBE)) and the Trade and Companies Register (Registre de Commerce et des Sociétés) was published in the Luxembourg official journal.
These changes align with the ruling of the Court of Justice of the European Union of 22 November 2022, aiming to balance transparency for anti-money laundering and countering the financing of terrorism purposes with enhanced privacy protections.