New Publication in Oxford Academic’s Journal of Cybersecurity: Defining the Reporting Threshold for a Cybersecurity Incident under the NIS Directive and the NIS 2 Directive

By

Our most recent publication is based on the presentation given at BILETA 2022 at the University of Exeter in April 2022. This paper reflects on the final text of the NIS 2 Directive as adopted on 14 December 2022. Following the risk-based approach adopted in the NIS Directive, the NIS 2 Directive enlists as a … Continued

New Publication: EDPB Opinion on the European Commission’s Draft Adequacy Decision regarding the EU-U.S. Data Privacy Framework: Is the Scene Set for Schrems III?

By

In March 2022, the European Commission and the U.S. government announced the political agreement on a new EU-U.S. Data Privacy Framework to replace the Privacy Shield Framework which had been struck down by the CJEU in the case of Schrems II. The new framework seeks to establish the legal basis for transatlantic data flows to … Continued

New Publication: Refining the Mandatory Cybersecurity Incident Reporting Under the NIS Directive 2.0: Event Types and Reporting Processes

By

Our second contribution to the Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media outlines the new incident reporting obligations under the NIS 2 Directive as foreseen in the original Commission Proposal for a NIS 2 Directive and further discussed during the trilogue negotiations. The NIS Directive (NISD) and sector-specific cybersecurity regulations … Continued

New Publication: The Transnational Dimension of Cybersecurity: The NIS Directive and Its Jurisdictional Challenges

By

Paula Contreras’ paper “The transnational dimension of cybersecurity: the NIS Directive and its jurisdictional challenges” analyses and compares the jurisdictional rules applicable to cross-border actors under the NIS Directive and the NIS 2 Proposal. It also comparatively examines the jurisdictional rules of two further EU regulatory instruments applicable to digital services—the GDPR and the DSA … Continued

New Publication: EDPB Adopts updated Guidelines on Personal Data Breach Notification under GDPR: The End of the One-Stop-Shop Reporting Mechanism for Non-EU Establishments

By

The NIS Directive introduced the reporting of security incidents for operators of essential services and some digital service providers. Likewise, the General Data Protection Regulation introduced the requirement for a personal data breach to be notified to the competent national supervisory authority and, in certain cases, to communicate the breach to the individuals whose personal … Continued

New Publication: Towards an Efficient and Coherent Regulatory Framework on Cybersecurity in the EU: The Proposals for a NIS 2.0 Directive and a Cyber Resilience Act

By

Cybersecurity regulation in the EU has long been implemented in a piece-meal fashion resulting in a fragmented regulatory landscape. Recent developments triggered the EU to review its approach which has not resulted in the envisaged high level of cyber resilience across the Union. Our paper addresses the EU’s limited mandate to regulate cybersecurity and outlines … Continued

Archives

Categories

Meta

Archives

Categories

Meta

Archives

Categories

Meta

Archives

Categories

Meta