Category Archives: NISD

Late yesterday (7 December) the EU institutions reached a deal on the Network and Information Security Directive. The Directive will introduce new cyber security requirements for providers of key infrastructure, and oblige them to report details of cyber attacks to the authorities.  The deadline for bringing the new rules into force will be in Q3 2017. Businesses which fall within the Directive’s definition of “digital service providers” – including online market places, cloud computing and search engines – will also be subject to security and breach notification requirements. The final text of the Directive is still awaited. Datonomy will provide further analysis once the text becomes available. What’s new? On 7 December, after many months of trilogue negotiations, the EU institutions reached a compromise on the text of the NISD. The European Commission issued this press release and the Council of the European Union followed suit swiftly with this … Continue Reading ››
Before Datonomy readers   head off for their well-earned summer holidays, here’s a quick round up of “end of term" UK and EU regulatory activity. The weekly cyber update will also be taking a break during the rest of August, but will return - with batteries re-charged  - in the Autumn to continue monitoring regulatory developments in the fields of data and cyber security. EU POLICY AND REGULATION
  • Network and Information Security Directive: Another glimmer of progress in the long-running saga of the NISD, and in particular the still unresolved question of the extent to which online platforms will be caught by the new breach reporting requirements. Following the recent sighting of a Council document on the scope of “essential services” (reported last week), on 31 July another potentially very significant new document was listed on the Consilium website. Entitled “Proposed approach to digital service platforms”, this promising-sounding document is, at the time … Continue Reading ››
The latest round up of legal and regulatory developments and news on cyber security from the Datonomy blogging team at Olswang LLP. With thanks to Datonomy’s correspondents Tom Pritchard in London and Sylvie Rousseau (Paris and Brussels) for their contributions to this week’s update.  EU policy and regulatory developments
  •  General Data Protection Regulation: ITProPortal and the Register are reporting that the trilogue negotiations on 14 July made “good progress” and culminated in agreement on Chapter 5 (territorial scope) and Article 3 (international transfers).  The Council’s Consilium website has posted a document detailing the debrief that the Council received on 15 July, however, this document is not yet publically accessible so we cannot report on the substance of the agreed compromise.   The Register’s article states that “there has been a notable push to get the GDPR onto the law books as soon as possible. Negotiators have set themselves an ambitious deadline … Continue Reading ››
A fourth trilogue meeting to agree the Network and Information Security Directive (NISD) took place yesterday, 29 June.  The Council’s Latvian Presidency, whose term ends today, published this release heralding the “breakthrough” in talks with the European Parliament to finalise the law. However, this is an “understanding on the main principles” of the Directive, rather than an agreement on the final text. The most controversial aspect of the proposal – namely the extent to which online platforms should be subject to the new requirements on breach reporting – does not appear to have been fully resolved. The press release states that: “It was agreed that digital service platforms would be treated in a different manner from essential services.  The details will be discussed at a technical level.”  It is unclear at this stage just how differently, and what this might mean in practice.   The UK is one of the Member States … Continue Reading ››
Following a short Easter break, the Datonomy blogging team at Olswang LLP is back with the latest round up of legal and regulatory developments and other news on cybersecurity. UK policy and regulatory developments
  • With a pre-election freeze on government policy announcements, let’s look instead at what the major parties are saying about cybersecurity. On 11 April the Lib Dems announced they would introduce a Digital Rights Bill if elected, and launched an online consultation seeking voters’ views on what this should include. The proposed Bill would enshrine individuals’ digital rights in one comprehensive piece of legislation. The eleven “big ideas” are set out in this document and include privacy, data protection, control of user content, consumer rights, freedom of speech, open data and surveillance. Cybersecurity features as part of Big Idea Number 9: Encryption. The manifesto calls for individuals, businesses and public bodies to have the right to use strong encryption, … Continue Reading ››
Olswang has just published the latest edition of the Cyber Alert, a regular round up of regulation, best practice and news from our international cyber breach and crisis management team.  There is a great deal to report since our last update in October 2014.  In February, the Olswang team visited our friends in the US, co-hosting a cyber workshop in Silicon Valley and presenting to the Los Angeles chapter of the IAPP on the latest status of the General Data Protection Regulation.  You can read our December 2014 status update on the draft Regulation, which includes an analysis of data breach notification here. In this edition:
Draft Network and Information Security Directive: entering final negotiation phase? When we published our last Cyber Alert in late October 2014, the first trilogue negotiation between the three EU institutions had just taken pace, a second took place in November and the third and final meeting was scheduled for 9 December. The outgoing Italian Council Presidency published a statement that it was “confident the EP and the Council…will reach a deal before the end of the year”. However, progress updates then went quiet. It was not until 11 March that the (now Latvian) Council Presidency announced that the Council’s negotiating mandate had been agreed at the Permanent Representatives Committee. This means that negotiations with the Commission and Parliament can resume, and this third trilogue is scheduled for late April. It appears that one of the main sticking points within the Council has been the scope of the “market operators” who will be … Continue Reading ››