Lexology GTDT Market Intelligence provides a unique perspective on evolving legal and regulatory landscapes. This interview is taken from the Privacy & Cybersecurity volume discussing topics including government initiatives, M&A risks and cloud computing within key jurisdictions worldwide.
1 What were the key regulatory developments in your jurisdiction over the past year concerning cybersecurity standards?
There have been lots of developments this year. A new law, Regulation (EU) 2019/881 on European Union Agency for Cybersecurity (ENISA) and on information and communications technology cybersecurity certification (the Cybersecurity Act), establishes a new European cybersecurity certification framework. Under this law, we will see new cybersecurity standards that apply across Europe. Although not yet published, two standards in development are a Common Criteria for all systems and a scheme for cloud services, which we await with interest.
Presently the principal framework for cybersecurity is the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and the Network and Information Systems Regulations 2018 (NIS). The Information Commissioners’ Office (ICO)…
