New Publication: EDPB Opinion on the European Commission’s Draft Adequacy Decision regarding the EU-U.S. Data Privacy Framework: Is the Scene Set for Schrems III?

In March 2022, the European Commission and the U.S. government announced the political agreement on a new EU-U.S. Data Privacy Framework to replace the Privacy Shield Framework which had been struck down by the CJEU in the case of Schrems II. The new framework seeks to establish the legal basis for transatlantic data flows to … Continued

The Proposal for an EU Cyber Solidarity Act

On 18 April 2023, the European Commission adopted a Proposal for a Regulation laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents (Proposal for an EU Cyber Solidarity Act) along with a Commission Communication setting up a Cybersecurity Skills Academy. The EU … Continued

New Publication: Refining the Mandatory Cybersecurity Incident Reporting Under the NIS Directive 2.0: Event Types and Reporting Processes

Our second contribution to the Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media outlines the new incident reporting obligations under the NIS 2 Directive as foreseen in the original Commission Proposal for a NIS 2 Directive and further discussed during the trilogue negotiations. The NIS Directive (NISD) and sector-specific cybersecurity regulations … Continued

NIS Directive Commentary Update: Art. 11 Cooperation Group

The work on the NIS Directive Commentary continues and we have published the commentary to Art. 11 NIS Directive, which also addresses the new tasks imposed upon the NIS Cooperation Group under Art. 14 NIS 2 Directive. One of the priorities of the NIS Directive was to improve the cooperation between Member States in the … Continued