• |

    Sep. 4, 2024

Cybersecurity Obligations in E.U.’s Digital Laws: AI Act, CRA and NIS2

The E.U. has issued a wide range of new, fit-for-purpose legislation that imposes novel cybersecurity and incident reporting requirements on AI systems and models. Companies both within and outside the E.U. must be mindful of the new obligations these digital laws introduce. In this first installment of a two-part guest article series, Alston & Bird partners Jennifer Everett and Wim Nauwelaerts examine a selection of E.U. digital laws that impose cybersecurity obligations on businesses within their scope, including the AI Act, Cyber Resilience Act and NIS2 Directive. Part two will cover additional E.U. digital laws – the Digital Operational Resilience Act and Data Act – as well as practical compliance steps for businesses. See our three-part series answering top questions about the E.U. AI Act: “Reach and Unique Requirements” (Apr. 24, 2024), “Risk Tiers and Big-Player Transparency” (May 1, 2024), and “Practical Steps and What’s Next” (May 8, 2024).

Navigating Government Investigations of Privacy Practices

It is becoming increasingly challenging for companies to handle privacy enforcement as more regulators have a comprehensive privacy law to leverage. Other investigative dynamics also are shifting, including the rise of privacy engineers, complicated stacks of data technology to manage and the proliferation of vendor breaches. This article illuminates these latest developments in government investigations and provides guidance on how to engage with regulators, respond to their inquiries and handle their increased technical expertise, with insights from attorneys at A&O Shearman, Frankfurt Kurnit, Mayer Brown, Squire Patton Boggs and Woodruff Sawyer. See “How to Walk the Tightrope of Cooperation and Privilege When Facing Government Investigations and Parallel Litigation” (Apr. 19, 2017).

Making the Business Case for Privacy

An organization’s privacy team is sometimes seen by business leaders as little more than a hurdle that they must overcome when working on products and services. Privacy messaging often addresses risk, but privacy professionals should also emphasize to the business the value of robust privacy management, suggested Jodi Daniels, CEO of Red Clover Advisors, at a Data Privacy Board program. This article distills insights offered by Daniels and in‑house privacy attorneys from Bunge, Edward Jones and Levi Strauss & Co. on how privacy teams can demonstrate their value to business operations by focusing on business needs, providing relevant metrics, and adopting strategies to foster collaboration and overcome resistance to their critical function. See our four-part series on a roadmap for building an efficient global privacy program: “Organizational Structure” (May 4, 2022), “Scope and Prioritization” (May 11, 2022), “Buy-In, Scalability and Outside Resources” (May 18, 2022), and “Maintenance” (Jun. 1, 2022).

McGuireWoods Adds Former SEC Head of Crypto and Cyber Enforcement in D.C.

McGuireWoods has welcomed David Hirsch to its securities enforcement and regulatory counseling practice as a partner in Washington, D.C. He most recently served as Chief of the SEC’s Division of Enforcement’s Crypto Assets and Cyber Unit. For insights from McGuireWoods, see “Navigating the Interplay of Cyber Insurance With Other Potential Coverage” (Mar. 1, 2023); and “Getting Started With CMMC: How to Prepare and What to Expect From the Assessment” (Feb. 3, 2021).

Most-Read Articles

Spotlight on Trailblazing Women

To mark International Women’s Day 2024, women editors and reporters of ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Jill Abitbol, Managing Editor of the Cybersecurity Law Report and Anti-Corruption Report, features notable women in data privacy, cybersecurity, white collar defense, compliance and anti-corruption law, including Christina Montgomery, Leslie Shanklin, Palmina Fava, Alexandra Ross and Lucinda Low. Enjoy reading their inspiring remarks here.

We Celebrate Data Privacy Day 2024

Read the full brief here.