ISACA UPDATES
EU Advocacy Task Force:
- On 26 April, ISACA responded to the consultation on the Irish cyber industrial strategy.
- On 25 April, Sanja Kekić, member of the EU TF, represented ISACA at the event organized by the Centre for European Policy Studies (CEPS) in Brussels on cybersecurity in EU institutions.
UK Advocacy Task Force:
- On 22 April, ISACA participated in the launch of the Institute on the Future of Work Responsible AI Sandbox.
|
|
European Parliament releases corrigendum on its position on the AI Act
In December 2023, EU institutions reached a political agreement on the AI Act's provisional text. Committee approval came on 13 February 2024, followed by Parliament approval on 13 March 2024.
- On 19 April 2024, the European Parliament corrected errors in its stance on the proposed Artificial Intelligence Act (AI Act).
What is next:
- The Committees on Internal Market and Consumer Protection, and Civil Liberties, Justice, and Home Affairs will review the updated text.
- The regulation now awaits final review by linguists and formal endorsement by the EU Council.
Learn more
|
|
Letta’s report on the future of the EU single market
In September, the European Council tasked Enrico Letta, Italy’s former Prime Minister, with preparing an in-depth report on the Single Market.
- The report published on 17 April and is set to influence the European Council’s strategic agenda for the next institutional mandate.
Why it matters:
- Although to some extent overshadowed by Mario Draghi’s ongoing work on a report covering the EU’s competitiveness challenges, Letta’s report is a key reference for understanding the emerging EU agenda.
- Letta calls for significantly more investments in digital skills, while also urging collaborative efforts between the private sector and European institutions and national governments.
- Letta also notably recommends the establishment of a “common general framework for European cybersecurity” and digital sovereignty by 2026.
Learn more
|
|
Consumer connected products legislation comes into force in the UK
UK's new consumer connectable product security regime came into force on 29 April 2024.
- The legislation that covers "smart" products and Internet of Things (IoT) devices, is primarily made up of the Product Security and Telecommunications Infrastructure (PSTI) Act 2022 and the accompanying Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.
Why it matters:
- The legal framework sets in place comprehensive security measures across the supply chain of covered products, encompassing manufacturers, importers, and distributors.
- Failure to adhere to the requirements under the regime might prompt investigations and potentially corrective actions, including product recalls.
- Non-compliance may also lead to significant financial penalties, with fines reaching up to £10 million or 4% of global turnover, depending on which is higher.
Learn more
|
|
UK NCSC publishes update of the Cyber Assessment Framework
On 18 April 2024, the National Cyber Security Centre (NCSC) published its updated Cyber Assessment Framework (CAF).
- The framework outlines a structured method for organizations to evaluate cyber threats to their core functions and operations, encompassing four key objectives: managing security risks, defending against cyber attacks, detecting cybersecurity events, and reducing the consequences of cybersecurity incidents.
Why it matters:
- The framework details specific cybersecurity outcomes that organizations are encouraged to achieve against a background of fundamental principles.
- Indicators of good practice (IGPs) are also provided to help gauge progress towards these outcomes.
What is next:
- The NCSC acknowledges in its press release that while some aspects of AI-related cybersecurity challenges are covered in the updated framework, the Centre plans to address AI's comprehensive impact in a subsequent version of the CAF.
Learn more
|