Since its entry into force in May 2018, the General Data Protection Regulation (GDPR) has been considered the central framework for handling personal data within the European Union. Its aim is to strengthen citizens’ rights in the digital space and to obligate companies to practice transparent and responsible data protection. Despite its pioneering status, the…
Germany’s NIS2 Implementation and Cybersecurity Strengthening Act (NIS2UmsuCG) is expected to come into force in spring 2025. This new regulation will have significant implications for service provider contracts and cybersecurity. Companies should not wait passively but actively prepare to comply with the legal requirements. This article outlines how NIS2 will affect future service provider contracts for regulated entities and what…
After our first blog article (April 2024) on the new EU NIS2 Guidline dealt with the basics, differences to NIS1, and the legislative situation, we will this time focus on the following topics: What criteria are used to categorize companies that operate critical infrastructure? What sanctions are potentially possible? What measures, especially in the area…
The new EU NIS2 Directive must be incorporated into German law by October 17, 2024. NIS2 stands for “Network and Information Security – Version 2.” The directive has been in force in the EU since January 2023. It aims to ensure that facilities classified as critical can supply the population in member states with essential…
The EU Regulation DORA (Digital Operational Resilience Act) establishes a unified framework for the European financial sector to manage cybersecurity and ICT risks. Its goal is to strengthen the EU financial market by harmonizing requirements and standards in cybersecurity and ICT risk management, ensuring resilience and adaptability—operational resilience—of financial institutions during and after disruptions. Implementation…
When companies intend to use cloud services, they must ensure compliance with all applicable internal and external regulations. This is particularly crucial for regulated sectors such as banking, insurance, and operators of critical infrastructure (KRITIS), where detailed requirements must be met through effective compliance management. In this blog post, we examine the key factors relevant…