The European Union has enacted the Cyber Resilience Act (Regulation (EU) 2024/2847), establishing comprehensive cybersecurity requirements for products with digital elements, including those utilizing artificial intelligence (AI).

The Cyber Resilience Act applies to all products with digital components, whether hardware or software and requires adherence to uniform cybersecurity standards. For example, manufacturers are obligated to design and develop products that ...

Two new instructive documents published by the European Data Protection Board (EDPB) clarify the responsibilities of controllers in verifying processers’ ability to provide adequate data protection, and when “legitimate interests” can be relied on as the legal basis for processing.

According to the EDPB's opinion on the controller's oversight responsibilities, controllers must actively verify sufficient compliance by processors and sub-processors, ...

The U.S. Securities and Exchange Commission (SEC) charged four companies with making materially misleading disclosures regarding cybersecurity risks and intrusions. The companies have settled the SEC’s charges, paying a total of $7 million in civil penalties.

The companies, Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited, were victims of breaches resulting from the SolarWinds Cyber-attack ...