Your weekly overview of regulation, privacy and cybercrime<\/p>\n\n\n\n
Edition no. 1 | 6 October 2025<\/p>\n\n\n\n
Welcome to the pilot edition of the newsletter CUSEC News<\/strong>, v ktorom V\u00e1m ka\u017ed\u00fd t\u00fd\u017ede\u0148 prinesieme preh\u013ead nov\u00fdch pr\u00e1vnych predpisov, pripravovan\u00fdch z\u00e1konov, s\u00fadnych rozhodnut\u00ed, vzdel\u00e1vac\u00edch podujat\u00ed a zauj\u00edmavej literat\u00fary, ktor\u00e9 formuj\u00fa oblas\u0165 kybernetickej bezpe\u010dnosti, ochrany s\u00fakromia a boj proti kyberkriminalite.<\/p>\n\n\n\n Why it matters: Cybersecurity incidents are increasing rapidly. Just last month:<\/p>\n\n\n\n It's October Cybersecurity awareness month<\/strong>, which is a good opportunity to remember that cybersecurity is not only a technical but also a legal, regulatory and ethical challenge.<\/p>\n\n\n\n 1\ufe0f\u20e3 Regulation<\/p>\n\n\n\n Slovensko<\/em><\/strong>: Decrees <\/em>\u010d<\/em>. 227\/2025 a <\/em>\u010d<\/em>. 226\/2025 o bezpe<\/em>\u010d<\/em>protective measures and incident reporting<\/em><\/p>\n\n\n\n \ud83d\udccc Od 1.9.2025 s\u00fa \u00fa\u010dinn\u00e9 dve nov\u00e9 vyhl\u00e1\u0161ky NB\u00da (SR), ktor\u00e9 sa t\u00fdkaj\u00fa z\u00e1kona 69\/2025 Z.z. o kybernetickej bezpe\u010dnosti. Vyhl\u00e1\u0161ka NB\u00da 227\/2025 o bezpe\u010dnostn\u00fdch opatreniach (Slovlex<\/a>), which establishes the content of security measures, the scope of general security measures for networks and information systems and operational technologies, and the content and structure of security documentation according to \u00a7 20 of the Act<\/a> on cybersecurity. <\/p>\n\n\n\n Decree 226\/2025 establishing details of reports (Slovlex<\/a>). <\/p>\n\n\n\n At the same time, the NBU issued the Risk Analysis Methodology for application in risk management processes in accordance with the requirements of Act No. 69\/2018 Coll. on cybersecurity and on the amendment of certain laws, as amended.<\/p>\n\n\n\n Nemecko<\/em><\/strong>: Decree on dia<\/em>\u013e<\/em>metal traffic management <\/em><\/p>\n\n\n\n \ud83d\udccc Germany adopted a decree regulating the remote control of automated vehicles (Stra\u00dfenverkehr-Fernlenk-Verordnung)<\/em>. It establishes the conditions of type approval, the obligations of operators and requirements for cybersecurity, it is a precedent for mobility controlled by artificial intelligence.<\/p>\n\n\n\n Taliansko<\/em><\/strong>: Artificial Intelligence Act<\/em><\/p>\n\n\n\n \ud83d\udccc Italy became one of the first EU countries to adopt a law on artificial intelligence at the national level, regulating its use in public administration and the private sector. The law introduces transparency obligations, ethical standards and restrictions on the use of surveillance technologies. (lexia.it<\/a>, Squire Patton Boggs<\/a>)<\/p>\n\n\n\n EU<\/em><\/strong>: Interpretation of Regulation (EU) 2022\/1426 on type approval<\/em>\u013e<\/em>ovation of automated control systems<\/em><\/p>\n\n\n\n \ud83d\udccc Hoci nariadenie (E\u00da) 2022\/1426 vytv\u00e1ra r\u00e1mec pre testovanie a schva\u013eovanie syst\u00e9mov automatizovan\u00e9ho riadenia (ADS), jeho v\u00fdklad m\u00e1 z\u00e1sadn\u00fd v\u00fdznam pre prax.<\/p>\n\n\n\n Consequence<\/strong>: Companies developing ADSs must emphasize cybersecurity by design, risk assessment and transparent reporting.<\/p>\n\n\n\n 2\ufe0f\u20e3 Prepared legislation<\/p>\n\n\n\n \u010c<\/em><\/strong>Czech Republic<\/em><\/strong>: Draft Law on Artificial Intelligence<\/em><\/p>\n\n\n\n \ud83d\udccc The Czech Republic submitted a draft law on artificial intelligence (Zact on artificial intelligence<\/a>) implementing the act on artificial intelligence. It introduces supervisory authorities, compliance obligations for high-risk systems and regulatory sandboxes.<\/p>\n\n\n\n EU<\/em><\/strong>: Usmernenie k <\/em>\u010d<\/em>Article 73 of the AI Act<\/em><\/p>\n\n\n\n \ud83d\udccc The European Commission has published a draft guideline and model for reporting incidents with high-risk AI systems. Under Article 73, serious incidents must be reported without undue delay, putting in practice a mechanism of accountability, transparency and remedial action throughout the AI lifecycle.<\/p>\n\n\n\n 3\ufe0f\u20e3 Court decisions<\/p>\n\n\n\n In the following editions, we will bring an overview of groundbreaking decisions, especially in the area of personal data protection and liability for cybercrime.<\/p>\n\n\n\n Judgment of the Court of Justice of the EU - case C-474\/24 (NADA Austria and others)<\/p>\n\n\n\n \ud83d\udccc Gener\u00e1lny advok\u00e1t uviedol, \u017ee zverej\u0148ovanie poru\u0161en\u00ed antidopingov\u00fdch pravidiel \u0161portovcami je pod\u013ea GDPR pr\u00edpustn\u00e9 len vtedy, ak je primeran\u00e9 a v s\u00falade s minimaliz\u00e1ciou uchov\u00e1vania \u00fadajov.\u00dadaje o dopingu m\u00f4\u017eu zah\u0155\u0148a\u0165 zdravotn\u00e9 alebo inform\u00e1cie t\u00fdkaj\u00face sa previnen\u00ed \u0161portovca, preto ich zverejnenie mus\u00ed by\u0165 od\u00f4vodnen\u00e9 verejn\u00fdm z\u00e1ujmom a posudzovan\u00e9 individu\u00e1lne. Gener\u00e1lny advok\u00e1t tie\u017e potvrdil, \u017ee subjekt \u00fadajov m\u00f4\u017ee poda\u0165 s\u0165a\u017enos\u0165 aj v pr\u00edpade hroziaceho spracovania \u00fadajov, \u010d\u00edm sa posil\u0148uje prevent\u00edvna ochrana pod\u013ea GDPR. (Press release of the CJEU<\/a>)<\/p>\n\n\n\n 4\ufe0f\u20e3 Courses and events<\/p>\n\n\n\n CRA - Strengthening the resilience of the EU market<\/p>\n\n\n\n \ud83d\udcc5 October 8, 2025 \ud83d\udd17 Detaily podujatia<\/p>\n\n\n\n The event focuses on the Cyber Resilience Act (CRA), effective from 10 December 2024, which introduces cybersecurity requirements for products with digital elements as a condition of EU market access. Manufacturers must ensure compliance throughout the product life cycle.<\/p>\n\n\n\n\n
\ud83d\udccd Bucharest, organizer of ENISA<\/p>\n\n\n\n