This blog post includes headline points on new obligations for the data centre sector proposed under the Cyber Security and Resilience Bill, and existing obligations under the NIS Regulations.
The Cyber Security and Resilience Bill proposes changes to the UK’s NIS Regulations. Without a ‘Keeling Schedule’ marking up the amendments, these can be difficult to track. We have prepared a mark-up reflecting the proposed changes.
On November 18, 2025, companies had another opportunity to test their resiliency when connectivity and security provider Cloudflare had an outage of about four hours, which resulted in several popular websites going offline while others managed to provide some services
The Cybersecurity Information Sharing Act of 2015 (CISA 2015) has been temporarily reauthorized as part of the broader legislation passed on November 12, 2025, to reopen the federal government. Under the appropriation legislation, CISA 2015 is now reauthorized until January
Happy October and Cyber Awareness Month! While October ends with ghosts and goblins and other scary monsters for Halloween, the entire month of October is dedicated to raising awareness of cyber security and preventing (and if necessary responding to) cyber
The Cybersecurity Information Sharing Act of 2015 (CISA 2015) expired on September 30, 2025, after Congress missed the reauthorization deadline. That lapse removes the decade-old legal framework that encouraged and protected cyber threat information sharing among companies, Information Sharing and
In a significant regulatory development, the Cyberspace Administration of China (CAC) has officially issued the Measures for the Administration of National Cybersecurity Incident Reporting (the Final Reporting Measures), which will take effect on 1 November 2025. This
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) (Dutch DPA) recently published a report on personal data breaches, which provides valuable insights into the Dutch DPA’s views on incident response. It also contains some helpful statistics.
Increase
On August 14, 2025, the New York Department of Financial Services (“NYDFS”) entered into a consent order with Healthplex, Inc, (“Healthplex”), which is licensed by NYDFS as an independent claims adjuster and as a life and/or accident health insurance agent.
On July 24, 2025, the California Privacy Protection Agency (CPPA) approved regulations that would impose a new requirement under the California Consumer Privacy Act: mandatory annual cybersecurity audits for certain businesses. These new requirements are now undergoing review by the