EU information law trackers

This subtopic contains a series of trackers which track aspects of EU information laws.

The GDPR enforcement by UK and EEA supervisory authorities—tracker tracks enforcement decisions in individual EU and EEA states. Otherwise, note that these trackers generally follow developments at EU level,

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Information Law News

ICO welcomes Cyber Security and Resilience Bill and expanded regulatory powers

The Information Commissioner’s Office (ICO) has welcomed the Cyber Security and Resilience (Network and Information Systems) Bill, introduced to Parliament on 12 November 2025, as a significant step in strengthening the UK’s cyber defences, while calling for further clarity in secondary legislation. The ICO has said the Bill will expand its regulatory remit to include relevant managed service providers and critical suppliers, enhance its enforcement, information-gathering and cost-recovery powers, and support a shift from reactive to proactive, risk-based oversight of digital and managed service providers across the UK. It has highlighted the benefits of improved incident reporting, including a proposed 24-hour reporting window for significant cyber incidents, but has urged the government to provide clearer guidance on key concepts such as significant impact thresholds, security and resilience requirements, enforcement measures and the definition of critical suppliers. The ICO has also emphasised the need for adequate funding, coordination with other regulators and timely guidance to help organisations understand and comply with the new requirements as the legislation progresses through Parliament.

Commission proposes extension of interim rules on child sexual abuse detection

The European Commission has proposed extending the Interim Regulation allowing certain online communication service providers to continue voluntarily detecting, reporting and removing child sexual abuse material on their services across the EU, to avoid a legislative gap when the current regime expires on 3 April 2026. The proposal would extend the temporary derogation from parts of Directive 2002/58/EC (e-Privacy Directive) until 3 April 2028, pending agreement on the Commission’s long-term draft Regulation to prevent and combat child sexual abuse first proposed in May 2022. The Commission has said the extension is necessary to ensure continued protection of children and effective law enforcement action while negotiations on permanent rules continue. The proposal now requires adoption by the European Parliament and the Council.

Commission renews UK adequacy decisions for EEA–UK personal data transfers

The European Commission has renewed its two 2021 adequacy decisions permitting the free and secure transfer of personal data between the European Economic Area (EEA) and the UK under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive. The renewals follow a six-month technical extension adopted in June 2025, which enabled the Commission to assess amendments to the UK data protection framework introduced by the Data (Use and Access) Act. The decisions were adopted after a favourable opinion from the European Data Protection Board and approval by Member States through the comitology procedure. Each decision is subject to a six-year sunset clause, expiring on 27 December 2031, and will be reviewed after four years, with the possibility of further renewal.

Execution of multi-party deeds

Banking & Finance analysis: The case of Macdonald Hotels alarmed lenders and their lawyers earlier in the year, with obiter comments suggesting that, for the ‘face value’ requirement to be met for a deed, all parties have to make it clear in the document that they intend it to be a deed, not just those executing as a deed. The City of London Law Society subsequently issued a note giving their opinion on the comments and how to meet the face value requirement. This News Analysis looks at where we have got to on this issue as 2025 draws to a close.

View Information Law by content type :

News