The NIS2 Directive continues to evolve – and organisations must keep pace. On 20 January 2026, the Commission unveiled a set of targeted amendments to the NIS2 Directive (“the Proposal“), signalling the next phase of its push to modernise and streamline the EU’s cybersecurity legal framework.
Positioned within a broader legislative package, also
Continue Reading EU: NIS2 Update – EU Moves to Harmonise Cyber Controls, Refine Scope, and Add New In-Scope Entities
Over the last decade, the EU has launched an unprecedented constellation of laws: GDPR, the AI Act, the Data Act, NIS2, the Cyber Resilience Act, DORA, DSA, DMA, eIDAS 2.0 and more. Together – under the ‘Digital Decade’ banner – they aim to form a powerful framework to protect fundamental rights, promote trustworthy technology and
Continue Reading EU: Digital Autofocus – Will Europe’s Digital Omnibus bring clarity to Regulation?
On June 26, 2025, the European Union Agency for Cybersecurity (ENISA) published two sets of guidelines to help businesses ensure their organizational compliance with the NIS2 Directive.
The aim of the guidelines is to support companies in understanding how legal requirements translate into operational activities, particularly regarding (i) roles and skills for professionals within essential
Continue Reading EU: ENISA Guidelines on Compliance with NIS 2 Directive Published
On 20 November 2024, the EU Cyber Resilience Act (CRA) was published in the Official Journal of the EU, kicking off the phased implementation of the CRA obligations.
What is the CRA?
The CRA is a harmonising EU regulation, the first of its kind focusing on safeguarding consumers and businesses from cybersecurity threats.
Continue Reading EU: Cyber Resilience Act published in EU Official Journal
This is Part 3 in a series of articles on the European Health Data Space (“EHDS“). Part 1, which provides a general overview of the EHDS, is available here. Part 2, which deals with the requirements on the manufacturers of EHR-Systems under the EHDS, is available here.
This article provides an
Continue Reading EU: EHDS – Access to health data for secondary use under the European Health Data Space
Today marks the deadline for EU Member State implementation of the Network and Information Systems Directive II (“NIS2“) into national law.
NIS2 is part of the EU’s Cybersecurity Strategy and repeals and replaces the original NIS Directive which entered into force in 2016 (with Member State implementation by 9 May 2018). Much like
Continue Reading EU: NIS2 Member State implementation deadline has arrived
In the much anticipated first King’s Speech of the new Labour Government on 17 July 2024, the monarch announced that the long anticipated Cybersecurity and Resilience Bill (CS&R Bill) would be amongst those new laws making their way onto Parliament’s schedule for the next year. Six years on from the implementation of the
Continue Reading UK: The UK Cybersecurity and Resilience Bill – a different approach to NIS2 or a British sister act?
The EU Data Act is one of the cornerstones of the EU’s Data Strategy and introduces a new and horizontal set of rules on data access and use to boost the EU’s data economy. Most of the provisions of the Data Act will become applicable as of 12 September 2025. To assist stakeholders in the
Continue Reading EU: Data Act Frequently Asked Questions answered by the EU Commission
