UK Operational Resilience Rules: Are You Ready for 31 March 2025?

Several categories of UK financial services firms, including banks, insurers, electronic money institutions, and payment institutions, are required to comply with new requirements on operational resilience beginning 31 March 2025.

(more…)

Looking Ahead to 2025 in EU Cybersecurity Developments

As 2024 draws to a close, we look ahead to notable upcoming cyber developments in the new year. From the adoption of new cyber laws to the initiation of infringement proceedings by the European Commission against a number of EU Member States for alleged failures to adequately implement the EU Network and Information Systems Security 2 Directive, the EU continues to emphasize cybersecurity in a rapidly evolving legal and technological environment. There are no signs of this momentum slowing down in 2025.

(more…)

EU AI Act: Are You Prepared for the “AI Literacy” Principle?

The EU AI Act is the world’s first horizontal and standalone law governing the commercialization and use of AI, and a landmark piece of legislation for the EU. Among the various provisions of the EU AI Act, the “AI literacy” principle is an often overlooked but key obligation which requires organizations to ensure that staff who are involved in the operation and use of AI have the necessary skills, knowledge and understanding to adequately assess AI-related risks and opportunities (e.g., through training and hiring staff with the appropriate background and skillset). This obligation – which applies from February 2, 2025 – is one of the few obligations under the EU AI Act that applies to all AI systems i.e., irrespective of the level of risk that the AI system presents. Indeed, by introducing AI literacy as one of the first provisions of the AI Act (Article 4), the EU legislators appear to underscore the significance of this requirement.

(more…)

Top Trends in the European Digital Health/AI Market

Digital health AI technologies are transforming the advancement of drug development and healthcare delivery at an unprecedented speed, backed by governments facilitating the momentum to improve healthcare for their growing populations. Sidley’s European life sciences lawyers Josefine Sommer, Eva von Mühlenen, and Francesca Blythe share a timely take on the top 5 life sciences industry trends being shaped by pioneering digital technologies. We are delighted to present a series of insightful interviews with leaders from a diverse digital health ecosystem giving their perspectives from RocheOrigen Genetics, FemTech InsightsVergeSteto, and Clario.

(more…)

Advisor to the CJEU Confirms GDPR Fines For Subsidiary Infringements Should Reflect Group Turnover

On 12 September 2024, Advocate General Medina issued their Opinion in Case C-383/23 in which they confirmed that supervisory data protection authorities must, when calculating the fine for a GDPR infringement committed by a subsidiary, take into account the total annual turnover of the entire group—a concept known as parental liability.

U.S. Department of Commerce Issues Proposed Rule on ICTS Supply Chain for Connected Vehicles

On September 26, 2024, the U.S. Department of Commerce Bureau of Industry and Security (BIS) Office of Information and Communications Technology and Services (OICTS) published a long-awaited rule proposing to ban certain connected vehicles transactions involving hardware and software linked to the People’s Republic of China (China) and Russia. BIS also proposed extensive compliance obligations for importers and manufacturers of connected vehicles and related components, which come as the automotive industry continues to grapple with how to protect critical safety-related data as vehicle interconnectivity increases.

(more…)

Pharma Companies in Beijing Free Trade Zone to Benefit from Relaxed Data Transfer Rules

On August 30, 2024, the Beijing Municipal Cyberspace Administration, Beijing Municipal Commerce Bureau and Beijing Municipal Government Services and Data Administration Bureau jointly released the “Administrative Measures for the Data Exit Negative List of the China (Beijing) Pilot Free Trade Zone (Trial)” (Administrative Measures) and the “Data Exit Administration List (Negative List) of the China (Beijing) Pilot Free Trade Zone (2024 Edition)” (Negative List) to facilitate the export of important industry data and personal information out of the country by companies operating in the Beijing free trade zone (FTZ). (more…)

Asia-Pacific Regulations Keep Pace With Rapid Evolution of Artificial Intelligence Technology

Regulation of artificial intelligence (AI) technology in the Asia-Pacific region (APAC) is developing rapidly, with at least 16 jurisdictions having some form of AI guidance or regulation. Some countries are implementing AI-specific laws and regulation, while others take a more “soft” law approach in reliance on nonbinding principles and standards. While regulatory approaches in the region differ, policy drivers feature common principles including responsible use, data security, end-user protection, and human autonomy.

(more…)

EU Governments Sign-off Proposed Reforms to GDPR Procedural Rules and Council Reaches Common Member States’ Position

On 24 May 2024, the Council of the European Union (the “Council”) released new details of a proposed reform of the General Data Protection Regulation’s (“GDPR”) procedural rules, which representatives of EU national governments approved on 29 May 2024. On 13 June 2024, the Council issued a press release detailing its agreed common Member States’ position that maintains the general thrust of the original proposed reforms, but which seeks to: (i) introduce clearer timelines; (ii) improve efficiency of cooperation; and (iii) provide an early resolution mechanism.

(more…)

UK proposes New Cyber Security and Resilience Bill to Boost the UK’s Cyber Defences

During the King’s Speech on 17 July 2024, the newly appointed UK Prime Minister announced the UK Government’s intention to introduce a new Cyber Security and Resilience Bill to strengthen the UK’s defences against the global rise in cyberattacks and to protect the UK’s critical infrastructure. In background briefing notes published together with the King’s Speech, the UK Government stated that the new Cyber Security and Resilience Bill will “strengthen our defences and ensure that more essential digital services than ever before are protected.” According to the briefing notes, the Cyber Security and Resilience Bill intends to address the concern that the UK has not kept up-to-date with recent legislative advancements made by the EU in the cybersecurity space, resulting in the UK being “comparably more vulnerable.” Although the form of the proposed Cyber Security and Resilience Bill has yet to be released, the UK Government has indicated that it plans to introduce the bill in the coming months.

(more…)