South Africa's Protection of Personal Information Act (PoPIA), also known as the PoPI Act, is a comprehensive data protection legislation designed to safeguard the privacy and information of South African citizens. While Jacob Zuma assented to PoPIA in November 2013, the act took effect in July 2020. Parliament granted all South African entities a one-year grace period, expecting them to comply by June 30th, 2020.

This is the third installment in the National Cybersecurity Strategy series. To read the other two blogs, click here for part 1 and here for part 2. As I was drafting the third installment on the National Cybersecurity Strategy, the National Cybersecurity Strategy Implementation Plan was published. This follow-on document provides greater specificity on detailed actions to be taken. As such, moving forward, the two should be viewed together and assessed as a pair.

The Biden Administration has recently announced the implementation of a cybersecurity labeling program for smart devices. Overseen by the Federal Communication Commission (FCC), this new program seeks to address the security of Internet of Things (IoT) devices nationwide. This announcement is in response to an increasing number of smart devices that fall victim to hackers and malware (AP News).

The Network and Information Security 2 (NIS2) Directive is the European Union's (EU) second attempt at an all-encompassing cybersecurity directive. The EU introduced the legislation to update the much-misinterpreted Network and Information Security (NIS) Directive (2016) and improve the cybersecurity of all member states. It signed NIS2 into law in January 2023, expecting all relevant organizations to comply by October 18th, 2024.

The European Union introduced the EU Cybersecurity Act to boost cybersecurity measures and cyber resilience across EU member states. With a digitally connected Union, having consistent regulations for cybersecurity measures across member states is vital in protecting against cyber attacks.

We recently discussed the new SEC rule requiring all registered companies to report material cyber incidents within four (4) days.

As technology advances and the use of biometric data becomes more prevalent, it is crucial to address the privacy concerns and regulatory compliance associated with this sensitive data. The General Data Protection Regulation (GDPR) plays a key role in safeguarding individuals’ privacy rights and ensuring the responsible handling of biometric data. Artificial Intelligence (AI) can also be utilized to ensure compliance and responsible handling of biometric data.

Germany is widely acknowledged as one of the most technologically advanced nations. However, this prominence also implies a significant reliance on its critical infrastructures (KRITIS), which are essential to the smooth operation of the state and society. To safeguard these infrastructures, Germany has enacted new laws, IT Security Act 2.0 and KRITIS Regulation 2.0, that aim to improve the security of IT systems.

As we approach the end of the federal government fiscal year, it's a good time to review the legislative and policy landscape. Several updates and changes have recently arrived or are already in motion regarding cloud security and data resilience.

In the dynamic and ever-shifting realm of cybersecurity, the Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) has emerged as a cornerstone framework, designed to ensure the safety of critical network and information systems across the European Union. This recent directive, which has entered into force, holds considerable significance, casting far-reaching implications for diverse sectors and entities operating within the EU.