Since its entry into force in May 2018, the General Data Protection Regulation (GDPR) has been considered the central framework for handling personal data within the European Union. Its aim is to strengthen citizens’ rights in the digital space and to obligate companies to practice transparent and responsible data protection. Despite its pioneering status, the…
Germany’s NIS2 Implementation and Cybersecurity Strengthening Act (NIS2UmsuCG) is expected to come into force in spring 2025. This new regulation will have significant implications for service provider contracts and cybersecurity. Companies should not wait passively but actively prepare to comply with the legal requirements. This article outlines how NIS2 will affect future service provider contracts for regulated entities and what…
In today’s business world, IT service contracts are the critical foundation for collaboration between outsourcing companies and their service providers. A well-crafted contract can make the difference between smooth cooperation and constant conflict. Based on our experience from various outsourcing projects, we want to highlight 10 important aspects that should be regulated in an IT…
After our first blog article (April 2024) on the new EU NIS2 Guidline dealt with the basics, differences to NIS1, and the legislative situation, we will this time focus on the following topics: What criteria are used to categorize companies that operate critical infrastructure? What sanctions are potentially possible? What measures, especially in the area…
The new EU NIS2 Directive must be incorporated into German law by October 17, 2024. NIS2 stands for “Network and Information Security – Version 2.” The directive has been in force in the EU since January 2023. It aims to ensure that facilities classified as critical can supply the population in member states with essential…
The EU Regulation DORA (Digital Operational Resilience Act) establishes a unified framework for the European financial sector to manage cybersecurity and ICT risks. Its goal is to strengthen the EU financial market by harmonizing requirements and standards in cybersecurity and ICT risk management, ensuring resilience and adaptability—operational resilience—of financial institutions during and after disruptions. Implementation…