On August 15, 2024, the Department of Defense (DoD) published a proposed rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the Cybersecurity Maturity Model Certification (CMMC) 2.0 program rule. The CMMC 2.0
Inside Cybersecurity & Privacy Law
Exploring the evolution of cybersecurity and privacy law
Blog Authors
Latest from Inside Cybersecurity & Privacy Law
New EU Cyber Rules: Implementation of NIS2 in the EU Member States
The Network and Information Security 2 Directive (EU) 2022/2555 (“NIS2”) entered into force on 16 January 2023. NIS2 sets cyber rules for organizations whose services are considered essential or important for maintaining critical societal and economic activities, such as ensuring…
Hong Kong PCPD Issues Model Personal Data Protection AI Framework
The rapid development of Artificial Intelligence (AI) has generated much excitement over the past two years. Since the public launch of Open AI’s ChatGPT on 30 November 2022, generative AI and its capabilities have been at the forefront of the…
Changes to the UK GDPR Shelved (For Now)
With the announcement of UK General Election for Thursday 4 July 2024, the Data Protection and Digital Information Bill has not completed the legislative process before the end of the current parliamentary session and will therefore not become law.
The…
White House Releases National Cybersecurity Strategy Implementation Plan, Version 2
On May 7, 2024, the Biden Administration released the second version of the National Cybersecurity Strategy Implementation Plan as well as the first Report on the Cybersecurity Posture of the United States. These actions reflect the Administration’s continued focus…
US DOD Issues Class Deviation Delaying DFARS Implementation of Upcoming NIST SP 800-171, Revision 3
On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.
The deviation relates to contractors’ compliance with National Institute of Standards and Technology (NIST) Special Publication…
Chairs of House and Senate Commerce Committees Announce Consumer Privacy Legislation
Last month, two key members of Congress released a draft of the American Privacy Rights Act (“APRA”), comprehensive legislation that would change the landscape of consumer privacy law in the United States. If passed, APRA would create a national standard…
UK GDPR and the Price of Non-Compliance: ICO Issues New Guidance on Calculating Fines
The Information Commissioner’s Office (the “ICO”) has clarified the methods it will use to calculate the fines it will issue for breaches of data privacy law in the UK by publishing its latest Data Protection Fining Guidance (the “Guidance”) on 18 March…
Proposed Rule Issued to Implement Cyber Incident Reporting for Critical Infrastructure Act
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Under…
The UK Online Safety Regime: Five Months On
When the UK Online Safety Act (the “Act”) became law on 26 October 2023, it had established one of the most comprehensive online safety regulatory frameworks in the world. The Act’s intention is to make the use of online services…