The Network and Information Security 2 (NIS2) Directive is the European Union's (EU) second attempt at an all-encompassing cybersecurity directive. The EU introduced the legislation to update the much-misinterpreted Network and Information Security (NIS) Directive (2016) and improve the cybersecurity of all member states. It signed NIS2 into law in January 2023, expecting all relevant organizations to comply by October 18th, 2024.

The European Union introduced the EU Cybersecurity Act to boost cybersecurity measures and cyber resilience across EU member states. With a digitally connected Union, having consistent regulations for cybersecurity measures across member states is vital in protecting against cyber attacks.

We recently discussed the new SEC rule requiring all registered companies to report material cyber incidents within four (4) days.

As technology advances and the use of biometric data becomes more prevalent, it is crucial to address the privacy concerns and regulatory compliance associated with this sensitive data. The General Data Protection Regulation (GDPR) plays a key role in safeguarding individuals’ privacy rights and ensuring the responsible handling of biometric data. Artificial Intelligence (AI) can also be utilized to ensure compliance and responsible handling of biometric data.

Germany is widely acknowledged as one of the most technologically advanced nations. However, this prominence also implies a significant reliance on its critical infrastructures (KRITIS), which are essential to the smooth operation of the state and society. To safeguard these infrastructures, Germany has enacted new laws, IT Security Act 2.0 and KRITIS Regulation 2.0, that aim to improve the security of IT systems.

As we approach the end of the federal government fiscal year, it's a good time to review the legislative and policy landscape. Several updates and changes have recently arrived or are already in motion regarding cloud security and data resilience.

In the dynamic and ever-shifting realm of cybersecurity, the Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) has emerged as a cornerstone framework, designed to ensure the safety of critical network and information systems across the European Union. This recent directive, which has entered into force, holds considerable significance, casting far-reaching implications for diverse sectors and entities operating within the EU.

While there is no unitary law for cybersecurity and data protection in Germany, the cyber security landscape is held together by a combination of federal and European laws and regulations. Like every European country, Germany’s data protection is governed and enforced by the strict EU-GDPR.

The U.S. Federal Government passed the Computer Fraud and Abuse Act (18 U.S.C.§1030) (CFAA) in 1986 as an amendment to the Comprehensive Crime Control Act of 1984, which included the first federal computer crime statute. Since enacting the CFAA, congress and the federal government have amended the act multiple times to extend its reach and impose criminal and civil liability on additional malicious computer activities.

The Fair Credit Reporting Act (FCRA) is a U.S. federal law regulating consumer credit information collection, dissemination, and use by consumer reporting agencies. Understanding the FCRA is vital for organizations directly utilizing consumer credit information and individuals who want to exercise their rights over their personal credit information. Monitor your organization’s attack surface and stay FCRA compliant with UpGuard BreachSight >