IT Security Law

Welcome to the home of IT security law on Law-Now.

On this page, you will find all the articles and publications for IT security law.

To stay in touch with the latest developments, please bookmark this page on your mobile or register to receive eAlerts.

Recent Articles

  •  
    20/06/2025
    Europe

    AI meets ESG: the need for environmental awareness in adopting AI

    Businesses considering adopting Artificial Intelligence (AI) are urged not forget about its negative environmental impact. The rapid adoption of AI presents significant opportunities, but it also introduces new challenges, particularly concerning its environmental footprint. As businesses seek to align their operations with Environmental, Social, and Governance (ESG) objectives, it is crucial to address the environmental impact of AI and find ways to mitigate its negative effects.AI & ESGAI has become a cornerstone of digital transformation, contributing to industries ranging from healthcare,...
    Read more
  •  
    18/06/2025
    Germany

    "AI systems" within the meaning of the AI Act: Term and definition

    Two ways of better handling and defining the term "AI system" within the meaning of the AI Act and its distinction from "artificial intelligence".The Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence ("AI Act"), which came into force on 1 August 2024, is the first legislative attempt to establish uniform rules for the use of artificial intelligence systems.Probably the most important term in the regulation is "AI system". It determines the material scope of application and thus the programme of obligations to be fulfilled by those who develop, distribute, put into...
    Read more
  •  
    16/06/2025
    APAC

    Malaysian Guidelines on Cross-Border Data Transfers

    On 29 April 2025, the Personal Data Protection Commissioner of Malaysia issued the Guidelines on Cross Border Personal Data Transfer (“Guidelines”), providing comprehensive guidance on the transfer of personal data out of Malaysia. These Guidelines are intended to clarify the requirements under the amended Section 129 of the Personal Data Protection Act 2010 (“PDPA”) and to assist data controllers in ensuring compliance when engaging in cross border personal data transfers. The Guidelines should be read in conjunction with the PDPA and any other relevant legislative instruments.Scope...
    Read more
  •  
    03/06/2025
    APAC region

    Cyber Space: Global insights on cyber and data risk for insurers

    Issue 3, June 2025. Navigating the wave of increased cyber regulation in APACThe Asia-Pacific (“APAC”) region is riding a wave of increased cyber regulation, with Singapore, Malaysia, and Hong Kong each rolling out significant legislative changes to strengthen cyber resilience and accountability. This article explores how these legislative developments are reshaping the compliance landscape for organisations, especially those operating critical infrastructure or digital services.The common thread running through these developments is a clear move towards more robust regulatory oversight....
    Read more
  •  
    22/05/2025
    Europe

    European Commission clarifies literacy requirements under the AI Act

    The European Commission (EC) has published a FAQ on AI Literacy to further clarify the meaning of Artificial Intelligence literacy and the best efforts that organisations subject to the AI Act must undertake. The FAQ comes in response to Article 4 of the AI Act, which since February 2025 requires all providers and deployers of AI systems operating in the EU to ensure a “sufficient level of AI literacy” among employees and relevant third parties, such as contractors.What the AI literacy requirements mean for your organisationUnder the AI Act, organisations that develop, deploy or put...
    Read more
  •  
    20/05/2025
    Europe

    New regulatory requirements for cloud services

    Cloud or classic hosting? The choice is crucial - new laws place additional requirements on cloud services.Cloud services have been an area of focus for legislators recently, including in relation to regulations for cloud security (NIS2) and switching between cloud services providers (Data Act, DMA). In light of this, the question of what constitutes a “cloud service” or "cloud computing service" is becoming increasingly important, particularly as different regulatory requirements can apply to cloud services, data centre services and hosting.The question of what exactly is meant by...
    Read more
View more Articles

Search Filters

Advanced Search

Key contacts

CMS Law-Now video

A short overview of CMS Law-Now subscription service

Looking for legal advice?

Find out how CMS can support your business here

New countries, sectors and areas of law added

Login to manage your preferences now