Issue 6 / 2022

In the current CRi issue 6 (publication on: 15. Dezember 2022) you find the following articles and case law:



Zirnstein, Yannick / Lee, Yue Lin / Ge, Amanda, Evolving cybersecurity landscape – Comparing the regulatory approaches in the EU, in China and in Singapore, CRi 2022, 165-172

The article first addresses the key concepts of the Draft CRA and provides a comparative analysis with regard to both existing and prospective cybersecurity regulations in China and Singapore (II.). This is followed by an outline of the powers granted to public authorities in the event of non-compliance with legal requirements, in particular the power to impose administrative fines (III.). The article concludes with comparative observations regarding the key issues analysed for the three regions (IV.).

Beardwood, John, The Financial Institution Risk Management Environment Shifts Again: A New Outsourcing and Cybersecurity Regime drops for Financial Institutions in Canada, CRi 2022, 173-180

This paper first provides background on the existing Office of the Superintendent of Financial Institutions (OSFI) B-10 guideline (I.), provides an overview of the proposed updates to the existing B-10 guideline introduced by OSFI in the new Draft B-10 Guideline (II.), outlines some of the key issues FRFIs will need to address due to the new Draft B-10 Guideline (III.), and highlights the next step steps for FRFIs to adopt to the new Draft B-10 Guideline (IV.). This paper then continues by providing an overview of Guideline B-13 and its structure compared to the EU Draft Digital Operational Resilience Act (V.), discusses next steps for FRFIs to adapt to Guideline B-13 (VI.), and concludes with an assessment of the impact on FRFIs on having two “new” Guidelines to now have to implement (VII.).

Lloyd, Ian, Moving UK Data Protection Law Away from EU Standards – Legislative Focus Areas in 2022, CRi 2022, 180-186

The article takes a closer look at the recent UK Data Protection and Digital Information Bill identifying the driving forces behind it (I.). The analysis of seven key issues (II.) reveals where and how UK data protection would deviated from the EU approach in the future. Given the UK’s current preoccupation with government stability, it remains to be seen whether the maxim “legislate in haste, repent at leisure” will become applicable (III.).

Case Law

CJEU (Second Chamber) v. 27 April 2022 - C-674/20, EU: Online-Intermediary’s Information Duties Vis-á-vis Customer’s National Tax Authority, CRi 2022, 186-188

CJEU (Grand Chamber) v. 26 April 2022 - C-401/19, EU: Best Efforts Exception of ISP’s Liability for Unauthorised Sharing of Copyrighted Material, CRi 2022, 188-194

CJEU (Eighth Chamber) v. 7 April 2022 - C-249/21, EU: Contract Via Button “Complete Booking”?, CRi 2022, 194-196

Verlag Dr. Otto-Schmidt vom 12.12.2022