On 16 September 2025, the Chilean Cybersecurity Agency (Agencia Nacional de Ciberseguridad, ‘ANCI’) launched a public consultation on its provisional list of companies that may be classified as ‘operators of vital importance’ (Operadores de Importancia Vital, ‘OVI’) under the recently enacted Chilean Cybersecurity Law (Ley Marco de Ciberseguridad No. 21.663, ‘LMC’). This list (available online […]
International
UK Publishes Software Security Code
Cyber security supply chain risks are growing, and attacks on vendors and other third parties cause severe disruption to businesses. For example, in recent years we have seen many incidents that have involved threat actors compromising third-party software used by a significant number of customers. With that background, on May 7, 2025, the National Cyber […]
UK Government Publishes Cyber Governance Code of Practice for Boards and Directors
On April 8, 2025, the UK government published the Cyber Code of Practice (the “Code”) to support board directors in governing cybersecurity risks. The Code is available online. The UK’s data protection regulator is actively investigating and, in some instances, fining companies for personal data breaches caused by cybersecurity issues. It is therefore more important […]
UK’s Data Protection Regulator fines a UK SaaS provider ~$4 million following a ransomware incident
On March 26, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined Advanced Computer Software Group Ltd (“Advanced”) £3.07 million (approximately $4 million). In 2022, Advanced suffered a ransomware incident that put the personal data of 79,404 people at risk. In its penalty notice, the ICO found that Advanced failed to implement […]
European Commission Moves to Extend Free Flows of Personal Data to the UK
On March 18, 2025, the European Commission proposed to extend its adequacy decision in favor of the United Kingdom (‘UK’) for an additional six-month period. This would allow free flows of personal data from the EU to the UK to continue until December 2025. The existing adequacy decision – which was adopted in 2021 in […]