Photo of Charles Helleputte

On 16 May 2022, the Council of the EU (the Council) decided for the third time to prolong its restrictive measures against cyber-attackers threatening the EU, its Member states or its allies. The measures are set to remain in place for a further three years until May 18, 2025. The Council’s press release on this

In 2015, the People’s Republic of China (PRC) enacted the first part of its comprehensive data security regime with the promulgation of the State Security Law, which provided a statutory basis for the construction of a nationwide network and information security system.  The Cybersecurity Law (CSL), which followed in 2017, addressed cybersecurity protection and introduced the concept of a “Critical Information Infrastructure Operator” (CIIO).  Subsequently, other laws, regulations, and rules have been promulgated addressing the requirements of China’s digital economy, related state security matters, and personal information privacy rights. Among those, the Data Security Law (DSL) became effective on September 1, 2021, and the Personal Information Protection Law (PIPL) will go into effect on November 1, 2021.  After subsidiary regulations and rules addressing implementation of the DSL and PIPL have entered into force, China’s new data security architecture should be largely complete.
Continue Reading China Builds Out Data Security Architecture With New Regulations on Cross Border Data Transfers

On July 20, 2021, the European Commission published its long-awaited legislative package titled “Anti-money laundering and countering the financing of terrorism” as announced in the Commission’s 2020 Action Plan for a comprehensive EU policy on preventing money laundering and terrorist financing (ML/TF).

As expected, the proposals seek to harmonize the application of more detailed anti-money

The Council of the European Union (the Council) on May 17, 2021 agreed to prolong, for the second time, the sanctions framework concerning restrictive measures against cyber-attacks threatening the European Union (EU) or its Member States for another year, until May 18, 2022. The Council’s press release is available here.

Cyber sanctions are part of the EU cyber diplomacy toolbox and seek to prevent, discourage and respond to malicious cyber-attacks that have a significant impact on the EU. This framework was adopted in May 2019 under Council Decision (CFSP) 2019/797 and Council Regulation (EU) 2019/796, and is reviewed by the Council on a yearly basis. It allows the EU to sanction persons and entities deemed to be involved in major cyber-attacks threatening the EU or its Member States by imposing asset freezes or travel bans against those listed in the Council’s legal acts. The EU can also target those involved in attempted cyber-attacks with a potentially significant effect.Continue Reading The EU Keeps Its Ability to Sanction Cyber Attackers for One More Year

On April 21, 2021 the European Commission (EC) published its proposal for a Regulation laying down harmonized rules on artificial intelligence, the Artificial Intelligence Act (the Proposal). The EC sets ambitions to play a key role in the regulation of artificial intelligence (AI), not only by coming out the first in the area but also as its Proposal has elements of extraterritorial reach. The EC is proposing a legal framework consisting of rules developed on a risk-based approach that aim to ensure that AI systems are safe, ethical, transparent and human-centered. The overarching goal is to increase trust AI systems to ensure their uptake, which the 2021 Coordinated Plan outlines.

You can find an outline of the Proposal in our infographics available here. The key components are below.Continue Reading The EU response to AI challenges – Another (risk-based) Regulation

On February 10, 2021, after four years of negotiations, text revisions, compromise proposals, and back and forth, the Council of the European Union agreed on its negotiating position on the EU draft regulation concerning the respect for private life and the protection of personal data in electronic communication (the ePrivacy Regulation).

The reactions to the