Quantum computing is poised to profoundly reshape the cybersecurity landscape, with significant legal and regulatory implications. By introducing fundamentally different computational methods, enabling the simultaneous processing of multiple possibilities, quantum computing has the potential to undermine and ultimately render many traditional encryption techniques ineffective. The result is a significant systemic risk across critical infrastructures, including
The KRITIS Umbrella Act (Dachgesetz zur Stärkung der physischen Resilienz kritischer Anlagen – KRITISDachG) has been in effect since March 17, 2026. For operators of critical infrastructure in Germany, this means: new obligations, tight deadlines, and hefty fines require swift action. For the first time, the law establishes a cross-sector legal framework to strengthen physical
Providers of online coaching services take note: The German Federal Court of Justice (BGH) has recently provided clarity on which coaching offerings qualify as “distance learning” and thus, fall under the approval requirement of the German Distance Learning Act (FernUSG).
Anyone offering digital coaching models without the required official approval is taking a major risk.
On 10 February 2026, the Federal Government adopted its official government draft (Regierungsentwurf) for the AI Market Surveillance and Innovation Promotion Act (KI-Marktüberwachungs- und Innovationsförderungs-Gesetz – KI-MIG), setting out Germany’s supervisory architecture, enforcement powers, and penalty regime for AI systems under the EU AI Act (Regulation (EU) 2024/1689).
In our earlier overview of
NIS2, the EU’s second Network and Information Systems Directive, is not going anywhere. While the swathe of organisations newly in scope of the EU’s hallmark cybersecurity directive may have hoped that the EU’s recent announcements on regulatory simplification (including the Digital Omnibus) might have reduced their compliance burden, in some cases the EU is
Conceptually, you think of IoT devices, but the CRA has a far broader scope of application. In this article we examine one of the tricky nuances – distinguishing between a digital product and SaaS under the CRA.
The EU’s Cyber Resilience Act (CRA) looks to reshape product cybersecurity by imposing uniform baseline requirements on “products
Any cloud service provider seeking to offer cloud services to the German public sector will inevitably have to deal with the Supplementary Contractual Conditions for the Procurement of IT Services (Ergänzende Vertragsbedingungen für die Beschaffung von IT-Leistungen – “EVB-IT”). The EVB-IT were developed by the Federal/State/Local Cooperation Committee (Kooperationsausschuss ADV Bund/Länder/Kommunaler Bereich) in cooperation with
The European Commission has just unveiled its proposal for the Digital Networks Act (DNA). The DNA marks a fundamental shift from regulating traditional “electronic communications” to a broader, cloud-integrated ecosystem of “digital networks”.
In a nutshell: The DNA replaces the fragmented framework of the 2018 Electronic Communications Code (EECC) with a directly applicable Regulation. Unlike
The ICO has, this week, published extensive guidance on its expectations on Agentic AI, ICO tech futures: Agentic AI | ICO. The UK data protection regulator’s core message is clear: the future of the success of this technology is rooted in accountability.
Investor expectations on the realisation of commercial benefits from AI deployment are
Discussions surrounding the German Distance Learning Protection Act (FernUSG), which has been in effect since 1976, have gained momentum again in recent years in Germany. The reason is the growing popularity of online coaching. While remote coaching has already existed in some forms for over 30 years, the range of available services has since expanded
