Online Safety Act - UK - Q1/Q2 2024
Back in November 2023, the European Parliament and the European Council reached a political agreement on the EU Cyber Resilience Act. The agreement is pending formal approval which is expected to happen in early 2024. Once CRA enters into force, organisations will be given a period of 36 months to adjust to the new provisions, except for a shorter grace period of 21 months applicable to reporting obligations for incidents and vulnerabilities.
Data Act - UK - 10 January 2024
The Online Safety Act 2023 (Commencement No. 2) Regulations 2023 brought into force majority of provisions. Although most substantive obligations will come into force via secondary legislation and Ofcom’s codes of practice, some provisions already apply, including section 72, which requires all services to include in their terms of service information about users’ right to bring a claim for breach of contract if their content is taken down or they are suspended/banned from the service, in breach of the terms of service. Most duties will come into effect on the day the relevant code of practice comes into force.
Cyber Resilience Act - Q1/Q2 2024: Ofcom to publish:
- Consultation proposals on child safety.
- Advice to the SoS regarding categorisation.
- Draft guidance on approach to transparency reporting.
Digital Markets, Competition and Consumers Bill - UK - 22 January 2024
The Bill is progressing through Parliament. The committee stage was expected to run from the 22 January 2024 until 7 February 2024. The Bill is expected to pass early this year.
EU AI Act - UK - 2 February 2024
The final text is expected to be published in early 2024 as Member States voted in favour of the final wording on 2 February 2024.
Digital Protection and Digital Information Bill - UK - 7 February 2024
The DPDI Bill received the carry-over motion to continue its progress from one parliamentary year into the next, reiterating the government’s intention to pass it into law. It is likely the Bill will be adopted in early 2024, with Committee stage dates to be announced soon.
Digital Services Act - EU - 17 February 2024
Digital Services Act starts to apply for all regulated entities. Deadline for Member States to establish Digital Services Coordinators.
Digital Markets Act - EU - 6 March 2024
Digital Markets Act: 6 March 2024 – deadline for gatekeepers to ensure compliance with the DMA requirements.
Product Security and Telecommunications Infrastructure Act 2022 - UK - 29 April 2024
The regime governing consumer connectable product security comes into effect. From this date, manufacturers of consumer connectable products will be required to comply with minimum security requirements which relate to passwords, reporting security issues and security update periods. The regulations affect the whole supply chain, not only manufacturers: there are also duties and obligations prescribed for distributors and importers.
Digital Services Act - EU - 1 July 2024
Transparency reports template comes into effect.
Second Network and Information Systems Directive (“NIS2”) - EU - 18 October 2024
NIS 2 came into force last year, on 16 January 2023. Following a 21 month transition period, the provisions will become fully applicable on 18 October 2024, meaning in-scope organisations have 7 months left to ensure compliance.
Digital Services Act - EU - 31 December 2024
Transparency reporting – first reporting period ends. Providers should make the reports publicly available at the latest within two months from the conclusion of the reporting period, i.e., March 2025.
Online Safety Act - UK Q4 2024
- Ofcom to finalise illegal harms codes and services to complete illegal harms risk assessment.
- Ofcom to publish a register of categorized services by end of 2024.
Online Safety Act - Q4 2024/Q1 2025:
Illegal harms code to come into force. Services to comply with illegal safety duties.
