One year ago, the Council of the European Union published the Council Resolution on Encryption, in which the necessity for security through encryption and for security despite encryption is emphasized. The resolution is based on the assumption that access to encrypted content is becoming increasingly important for competent authorities in the area of security and … Continued

EnCaViBs’ legal team contributed as external experts to the Study to support the review of Directive (EU) 2016/1148concerning measures for a high common level of security of network and information systems across the Union (NIS Directive) – No. 2020-665. The report has been prepared for the European Commission and has been published in June 2021 … Continued

A central element of EU cybersecurity legislation is the reporting of security breaches. Mandatory reporting to national authorities promotes a culture of risk management, while also providing for the sharing of information about vulnerabilities. In this line, the GDPR introduced reporting obligations for data controllers based on the assumption that security challenges and relevant mitigation … Continued

In this article, we critically analyse the timeline for notifications of third parties under the NIS Directive and the GDPR in the case of security and privacy incidents from a legal and technical perspective. While a need to mitigate an immediate risk of damage for an individual would call for prompt notification of data subjects, … Continued