The new Cyber Resilience Act is the first EU regulation on the cyber security of products with digital elements. This includes not only software products, but also smart devices – from connected refrigerators to computer network devices. Software security has been a constant challenge since the dawn of the Internet. Every month, new security vulnerabilities are discovered which affected organizations then try to fix as quickly as possible. When security updates fail or are unavailable,…
The EU’s new Network and Information Security Directive (NIS2) and its transpositions into the national laws of Member States will – contrary to all political objectives – not only apply to critical infrastructures, but all sectors of the economy. The threats to corporate cybersecurity no longer come from teenage hackers. They come from highly professional international criminal organizations and hostile state actors. In particular, the phenomenon of ransomware – malware that encrypts corporate data and…
On 9 November 2023, the Court of Justice of the European Union (CJEU) held that an EU Member State may not subject an information society service provider (ISSP) established in another EU Member State to general and abstract regulatory measures that deviate from measures of the Member State in which the ISSP is established (C‑376/22). In doing so, it declared the Austrian Communication Platforms Act and, by implication, many other national online platform regulations, inapplicable…