Search for:
Category

Cybersecurity, Data and Tech

Category
In Cybersecurity, Data and Tech

European Union: DORA update – Upcoming designations of critical third-party providers

by , and 4 Mins Read

The European Supervisory Authorities are preparing to designate critical third-party service providers under the Digital Operational Resilience Act (DORA). DORA, which came into force on 17 January 2025, enables the ESAs to designate key ICT providers to the EU financial services sector as critical, subjecting them to direct supervisory and oversight obligations. The ESAs have recently published a roadmap indicating their expected timeline for designations – with the final designations expected to be in place by the end of this year.

Read More
In Cybersecurity, Data and Tech

Hungary: Software procurement – Considerations to prevent legal problems

by 5 Mins Read

Digital transformation has become a priority for all major companies. This is being driven only further by the spread of artificial intelligence’s commercial use cases and ever-tightening data protection and cybersecurity regulations. However, procuring enterprise software (concerning both the development of custom-made software and “off-the-shelf” software developed for mass use) may give rise to various legal issues. Promptly identifying and addressing these issues can help prevent considerable legal and operational expenses, as well as other inconveniences.

In Cybersecurity, Data and Tech

United Arab Emirates: Dubai AI Seal identifying trusted AI providers

by and 3 Mins Read

The Dubai Centre for Artificial Intelligence has launched a new accreditation known as the Dubai AI Seal (“Seal”), which aims to provide companies with a seal of approval regarding their AI solutions. The Seal is aimed at companies licensed in the Emirate of Dubai and who provide AI-related products and services. The launch of the scheme aligns with the Dubai Universal Blueprint for Artificial Intelligence, a government policy that serves as a roadmap for the acceleration of AI adoption in the UAE.

In Cybersecurity, Data and Tech

European Union: Who does NIS2 apply to and what are the key obligations?

by , , and 2 Mins Read

Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (“NIS2 Directive”) entered into force on 16 January 2023. It had to be transposed into national law by 17 October 2024. Only a small number of member states (among them Hungary, Belgium and Croatia) have transposed the provisions of the NIS2 Directive into national law so far, and it is likely that a significant number of member states will need some time.

Read More
In Cybersecurity, Data and Tech

European Union: Navigating the New EU Regulation on Digital Operational Resilience (DORA)

by 6 Mins Read

Regulation (EU) 2022/2554, commonly known as the Digital Operational Resilience Act (DORA), represents a significant step forward in enhancing the digital resilience of the financial sector within the European Union. Adopted by the European Parliament and the Council on 14 December 2022, DORA aims to establish a comprehensive framework to ensure that financial entities can withstand, respond to, and recover from all types of ICT-related disruptions and threats. The regulation entered into force on 17 January 2025, and applies directly across all EU member states.

In Product Regulation & Liability

Ukraine: Further ACCA implementation — new Ukrainian standards on market surveillance and e-commerce

by 4 Mins Read

The Agreement on Conformity Assessment and Acceptance of Industrial Products (ACAA) is an intermediary step for Ukraine to benefit from the mutual recognition of product quality between the EU and Ukraine until our country becomes a full EU Member State. The ACAA covers 27 groups of industrial goods/technical regulations. Ukraine’s ACAA implementation plan was sequenced in priority sectors to allow a step-by-step sectoral implementation of the ACAA.

In AML & Financial Services Regulatory

Luxembourg: Restricted access to the Register of Beneficial Owners — a shift toward confidentiality

by , , , , and 7 Mins Read

On 27 January 2025, the law deriving from draft Bill No. 7961 (“Law”) introducing significant changes to the laws governing the Register of Beneficial Owners (Registre des Bénéficiaires Effectifs (RBE)) and the Trade and Companies Register (Registre de Commerce et des Sociétés) was published in the Luxembourg official journal.
These changes align with the ruling of the Court of Justice of the European Union of 22 November 2022, aiming to balance transparency for anti-money laundering and countering the financing of terrorism purposes with enhanced privacy protections.

Read More
In Cybersecurity, Data and Tech

Singapore: Personal Data Protection Commission clarifies use of National Registration Identity Card numbers

by , , , and 2 Mins Read

In December 2024, privacy concerns were raised after the new Bizfile portal of the Accounting, Corporate and Regulatory Authority of Singapore displayed names and full National Registration Identity Card numbers for free in its search results.
The Personal Data Protection Commission has since clarified the appropriate use and misuse of NRIC numbers.

In Antitrust / Competition

United Kingdom: New digital competition regime and changes to UK competition regime now in force

by , , , and 1 Min Read

Following the enactment of the Digital Markets, Competition & Consumer Act (DMCCA) in May 2024, the new UK digital markets competition regime and changes to the UK competition regime entered into force on 1 January 2025. This landmark legislation brings about significant changes to the UK antitrust regime including giving the Competition & Markets Authority the ability to regulate the technology sector, increased jurisdiction to review mergers, and stronger antitrust investigation powers.

Read More
Load More