<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
	<channel>
		<title>Cyber Law on ExcellentWiki - Legal Encyclopedia</title>
		<link>https://legal.excellentwiki.com/categories/cyber-law/</link>
		<description>Recent content in Cyber Law on ExcellentWiki - Legal Encyclopedia</description>
		<generator>Hugo</generator>
		<language>en-US</language>
		
		
		
		
			<lastBuildDate>Mon, 06 Jul 2026 00:00:00 +0000</lastBuildDate>
		
			<atom:link href="https://legal.excellentwiki.com/categories/cyber-law/index.xml" rel="self" type="application/rss+xml" />
			<item>
				<title>Chinese Cyber Law</title>
				<link>https://legal.excellentwiki.com/china/cyber-law/chinese-cyber-law/</link>
				<pubDate>Mon, 06 Jul 2026 00:00:00 +0000</pubDate>
				<guid>https://legal.excellentwiki.com/china/cyber-law/chinese-cyber-law/</guid>
				<description>&lt;h2 id=&#34;the-cybersecurity-law-2017&#34;&gt;The Cybersecurity Law 2017&lt;/h2&gt;&#xA;&lt;p&gt;The Cybersecurity Law of the People&amp;rsquo;s Republic of China, adopted by the Standing Committee of the National People&amp;rsquo;s Congress on 7 November 2016 and effective from 1 June 2017, constitutes the foundational legal instrument governing cybersecurity in China. The Law establishes a comprehensive regulatory framework addressing network security, data protection, and critical information infrastructure. The Cybersecurity Law imposes a &lt;strong&gt;multi-level protection scheme&lt;/strong&gt; (MLPS) requiring network operators to implement security protections commensurate with the classification level of their networks, ranging from Level 1 (lowest) to Level 5 (highest). Operators must fulfil obligations including the adoption of technical measures to prevent network intrusion, data leakage, and system damage; the formulation of incident response plans; the conduct of security assessments; and the reporting of security incidents to competent authorities. The Law imposes heightened obligations on operators of critical information infrastructure — organisations whose failure or destruction would seriously endanger national security, the national economy, people&amp;rsquo;s livelihoods, or the public interest, as designated by sectoral authorities. CII operators are required to store within China personal information and important data collected or generated during operations in China, to undergo annual security assessments, to conduct security impact assessments prior to procurement of network products and services that may affect national security, and to obtain government security reviews of such procurements.&lt;/p&gt;</description>
			</item>
			<item>
				<title>EU Cyber Law</title>
				<link>https://legal.excellentwiki.com/eu/cyber-law/eu-cyber-law/</link>
				<pubDate>Mon, 06 Jul 2026 00:00:00 +0000</pubDate>
				<guid>https://legal.excellentwiki.com/eu/cyber-law/eu-cyber-law/</guid>
				<description>&lt;h2 id=&#34;the-nis-2-directive&#34;&gt;The NIS 2 Directive&lt;/h2&gt;&#xA;&lt;p&gt;Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022, commonly known as NIS 2, constitutes the principal legislative instrument addressing cybersecurity across the European Union. Repealing and replacing the original NIS Directive (Directive (EU) 2016/1148), NIS 2 substantially expands the scope of European cybersecurity regulation from approximately 10,000 entities under the original NIS Directive to an estimated 160,000 entities across eighteen sectors. The Directive distinguishes between &lt;strong&gt;essential entities&lt;/strong&gt; (energy, transport, banking, financial market infrastructure, health, drinking water, wastewater, digital infrastructure, ICT service management, public administration, and space) and &lt;strong&gt;important entities&lt;/strong&gt; (postal and courier services, waste management, chemicals, food, manufacturing, digital providers, and research), subjecting essential entities to a more stringent regulatory regime including ex ante supervision and higher penalty exposure. NIS 2 establishes a comprehensive set of cybersecurity risk management measures that covered entities must implement, focusing on the &lt;strong&gt;security of network and information systems&lt;/strong&gt; and addressing policies on risk analysis, incident handling, business continuity, supply chain security, vulnerability disclosure, and the use of cryptography. Member States must ensure that essential entities face maximum administrative fines of at least €10 million or two per cent of annual worldwide turnover, and important entities at least €7 million or 1.4 per cent of annual worldwide turnover. The Directive requires Member States to designate national competent authorities, single points of contact, and Computer Security Incident Response Teams, and establishes the European Cyber Crises Liaison Organisation Network (EU-CyCLONe) for coordinated response to large-scale cybersecurity incidents.&lt;/p&gt;</description>
			</item>
			<item>
				<title>French Cyber Law</title>
				<link>https://legal.excellentwiki.com/france/cyber-law/french-cyber-law/</link>
				<pubDate>Mon, 06 Jul 2026 00:00:00 +0000</pubDate>
				<guid>https://legal.excellentwiki.com/france/cyber-law/french-cyber-law/</guid>
				<description>&lt;h2 id=&#34;the-loi-de-programmation-militaire-and-cyber-provisions&#34;&gt;The Loi de Programmation Militaire and Cyber Provisions&lt;/h2&gt;&#xA;&lt;p&gt;France&amp;rsquo;s strategic approach to cybersecurity is substantially shaped by successive Lois de Programmation Militaire, which establish multi-year defence and national security spending priorities including cybersecurity capabilities. The LPM 2019–2025 (Law No. 2018-607 of 13 July 2018) allocated approximately €1.6 billion for cybersecurity, funding the expansion of the Agence Nationale de la Sécurité des Systèmes d&amp;rsquo;Information, the establishment of a military cyber defence organisation (COMCYBER), and the development of offensive and defensive cyber capabilities. The LPM 2024–2030 (Law No. 2023-703 of 1 August 2023) increased cybersecurity funding to €4 billion over the period, with emphasis on artificial intelligence-driven threat detection, quantum-resistant cryptography, and the protection of national critical infrastructure against state-sponsored cyber operations. The LPM framework operates in conjunction with the national cybersecurity strategy, the &lt;em&gt;Stratégie Nationale de la Cybersécurité&lt;/em&gt;, which articulates four strategic priorities: ensuring the security of critical infrastructure, building sovereign technological capabilities, strengthening cyber defence and deterrence, and developing cybersecurity skills and awareness across French society.&lt;/p&gt;</description>
			</item>
			<item>
				<title>German Cyber Law</title>
				<link>https://legal.excellentwiki.com/germany/cyber-law/german-cyber-law/</link>
				<pubDate>Mon, 06 Jul 2026 00:00:00 +0000</pubDate>
				<guid>https://legal.excellentwiki.com/germany/cyber-law/german-cyber-law/</guid>
				<description>&lt;h2 id=&#34;the-bsi-gesetz-and-it-sicherheitsgesetz&#34;&gt;The BSI-Gesetz and IT-Sicherheitsgesetz&lt;/h2&gt;&#xA;&lt;p&gt;The primary statutory framework for cybersecurity in Germany is founded upon the BSI-Gesetz, which establishes the Bundesamt für Sicherheit in der Informationstechnik as the national cybersecurity authority, and the IT-Sicherheitsgesetz, which imposes sector-specific cybersecurity obligations on operators of critical infrastructure. The IT-Sicherheitsgesetz 2.0, enacted in May 2021, significantly expands the scope of the original 2015 legislation by extending mandatory security requirements and incident reporting obligations to companies of particular public interest — including manufacturers of critical components, cloud computing service providers, and companies in the defence, energy, and telecommunications sectors. The amendments introduced a regulatory framework for the detection of IT vulnerabilities, empowering the BSI to conduct automated scans and to inspect source code and other proprietary information where necessary to eliminate security deficiencies. The BSI is also authorised under the revised Act to issue administrative fines of up to €2 million for non-compliance with reporting obligations and up to €50,000 for failure to implement required organisational and technical measures. The Act requires operators of critical infrastructure to deploy systems for attack detection, to report significant IT security incidents to the BSI, and to demonstrate compliance every two years through audits conducted by accredited certification bodies.&lt;/p&gt;</description>
			</item>
			<item>
				<title>Russian Cyber Law</title>
				<link>https://legal.excellentwiki.com/russia/cyber-law/russian-cyber-law/</link>
				<pubDate>Mon, 06 Jul 2026 00:00:00 +0000</pubDate>
				<guid>https://legal.excellentwiki.com/russia/cyber-law/russian-cyber-law/</guid>
				<description>&lt;h2 id=&#34;federal-law-no-152-fz-on-personal-data&#34;&gt;Federal Law No. 152-FZ on Personal Data&lt;/h2&gt;&#xA;&lt;p&gt;Federal Law No. 152-FZ of 27 July 2006 on Personal Data serves as the foundational data protection statute in the Russian Federation. The Law defines &lt;em&gt;personal data&lt;/em&gt; as any information relating directly or indirectly to a specific or identifiable individual (Article 3(1)), establishes principles for data processing including lawfulness, fairness, purpose limitation, data minimisation, and accuracy, and grants data subjects rights of access, rectification, erasure, and restriction of processing. The Law requires data controllers to notify Roskomnadzor, the Federal Service for Supervision of Communications, Information Technology and Mass Media, before commencing personal data processing operations (Article 22), with exceptions for processing relating to employment, civil contracts, religious and public organisations, and certain other categories. The Law establishes the Legal Registers of Personal Data and imposes obligations on operators to ensure the confidentiality of personal data and to implement technical and organisational measures to protect it from unauthorised or accidental access, destruction, modification, blocking, copying, and dissemination. Violations of 152-FZ carry administrative penalties under the Code of Administrative Offences, including fines for legal entities of up to 75,000 roubles for processing in violation of the Law, increased to up to 500,000 roubles for failure to comply with the data subject access obligations. Criminal liability under Article 137 of the Criminal Code applies for unlawful collection or dissemination of personal data without consent.&lt;/p&gt;</description>
			</item>
			<item>
				<title>UK Cyber Law</title>
				<link>https://legal.excellentwiki.com/uk/cyber-law/uk-cyber-law/</link>
				<pubDate>Mon, 06 Jul 2026 00:00:00 +0000</pubDate>
				<guid>https://legal.excellentwiki.com/uk/cyber-law/uk-cyber-law/</guid>
				<description>&lt;h2 id=&#34;the-computer-misuse-act-1990&#34;&gt;The Computer Misuse Act 1990&lt;/h2&gt;&#xA;&lt;p&gt;The Computer Misuse Act 1990 (c. 18) is the primary legislation criminalising computer-related offences in the United Kingdom. Enacted following the Law Commission&amp;rsquo;s 1989 report on computer misuse and the influential decision in &lt;em&gt;R v Gold and Schifreen&lt;/em&gt; (1988) 86 Cr App R 438 — in which the House of Lords overturned convictions for accessing a British Telecom voicemail system under the Forgery and Counterfeiting Act 1981 — the CMA establishes three principal offences: unauthorised access to computer material (section 1), unauthorised access with intent to commit or facilitate further offences (section 2), and unauthorised acts with intent to impair the operation of a computer (section 3). Section 3A, added by the Police and Justice Act 2006, criminalises the making, supplying, or obtaining of articles for use in computer misuse offences. The Act was substantially amended by the Serious Crime Act 2015, which introduced a new offence under section 3ZA of unauthorised acts causing serious damage, including damage to human welfare, the environment, the economy, or national security, with a maximum penalty of life imprisonment. The Act has extraterritorial application: section 4 provides jurisdiction where there is a significant link with the United Kingdom, including where the accused or the target computer is in the UK, or where the offence causes damage within the UK. The Crown Prosecution Service published revised guidelines on computer misuse prosecutions in 2023, emphasising the importance of these provisions in addressing state-sponsored cyber attacks and ransomware campaigns.&lt;/p&gt;</description>
			</item>
			<item>
				<title>US Cyber Law</title>
				<link>https://legal.excellentwiki.com/us/cyber-law/us-cyber-law/</link>
				<pubDate>Mon, 06 Jul 2026 00:00:00 +0000</pubDate>
				<guid>https://legal.excellentwiki.com/us/cyber-law/us-cyber-law/</guid>
				<description>&lt;h2 id=&#34;the-computer-fraud-and-abuse-act&#34;&gt;The Computer Fraud and Abuse Act&lt;/h2&gt;&#xA;&lt;p&gt;The Computer Fraud and Abuse Act, codified at 18 U.S.C. § 1030, constitutes the primary federal statute addressing computer-related crime in the United States. Originally enacted in 1986 as an amendment to the Comprehensive Crime Control Act of 1984, the CFAA has been amended multiple times, most significantly by the USA PATRIOT Act of 2001, the Identity Theft Enforcement and Restitution Act of 2008, and the Fraud Enforcement and Recovery Act of 2009. The statute criminalises seven categories of conduct involving computers: unauthorised access to obtain national security information; accessing a computer and obtaining protected financial or credit information; intentional unauthorised access to a non-public government computer; accessing a computer with intent to defraud; intentionally causing damage by knowing transmission of code or commands; trafficking in passwords with intent to defraud; and extortion involving threats to damage computers. The CFAA has been the subject of extensive judicial interpretation, particularly on the question of what constitutes &lt;em&gt;authorisation&lt;/em&gt;. In &lt;em&gt;Van Buren v United States&lt;/em&gt; (593 U.S. ___ , 2021), the Supreme Court adopted a narrow interpretation, holding that a person &lt;em&gt;exceeds authorised access&lt;/em&gt; when they access a computer with authorisation but obtain information located in particular files or databases that are off-limits to them, resolving a longstanding circuit split and limiting the reach of the statute in the employment context.&lt;/p&gt;</description>
			</item>
	</channel>
</rss>
