Greece Transposes EU Directive 2022/2557 (Critical Entities Resilience Directive)

October 2025 Irene Kyriakides, Partner, Natalia Soulia, Counsel, and Terpsithea Papanikolau, Junior Associate Kyriakides Georgopoulos Law Firm Introduction Greece has recently enacted Law 5236/2025, transposing the Critical Entities Resilience Directive (Directive (EU) 2022/2557, “CERD”) into national law. The new regime introduces a comprehensive framework to identify and regulate “critical entities”, namely operators which belong to certain key sectors, such as energy, transport, finance, health, water, waste management, digital infrastructure, space, public administration and food…
Read more

The EU Data Act: What Businesses in Bulgaria Need to Know

October 2025 Nikolay Zisov, Partner, and Deyan Terziev, Senior Associate BOYANOV & Co. The EU Data Act (Regulation (EU) 2023/2854 on fair access to and use of data) became fully applicable on 12 September 2025. For many companies in the EU, including in Bulgaria, this regulation brings new obligations and opportunities. The Data Act’s scope reaches far beyond traditional tech companies, potentially affecting any organisation that handles, generates or benefits from data. Affected organisations must act promptly to map their data flows (focused data audit), review related processes, assess…
Read more

Romanian DPA Activity Report for 2024

August 2025 Our member firm, Nestor Nestor Diculescu Kingston Petersen, has recently issued a publication outlining key findings from the Romanian Data Protection Authority’s activity report for 2024. NNDKP’s data protection lawyers examined the report and prepared a summary highlighting: five significant cases investigated by the Romanian DPA; the most frequent cases of complaints, notices and data breach notifications received by the authority; and key statistics comparing the Romanian DPA’s activity in 2024 with the previous year. The full publication is available here.
Read more

A Year in Review - NNDKP's Top Picks of Past and Upcoming Judgements of the Court of Justice of the European Union

May 2025 Iurie Cojocaru, Partner, and Associates Oana Stefan and Diana Albu of our member firm NNDKP, have recently prepared a publication which addresses recent data protection issues. It delves into the most impactful judgments from the Court of Justice of the European Union and looks at several upcoming cases that can bring substantial changes to this field. You may access the publication here.
Read more

Turkish Cyber Security Law Has Entered into Force

March 2025 The Personal Data Privacy team of our member firm Kolcuoglu Demirkan Kocakli has recently issued a client alert “Turkish Cyber Security Law Has Entered into Force”. You may read the firm’s new client alert here.
Read more

Romanian DPA Activity Report for 2023

December 2024 Our member firm, Nestor Nestor Diculescu Kingston Petersen, has recently issued the Romanian Data Protection Assessment Activity Report for 2023. The firm's data protection specialists examined the report and prepared a summary in which they: analyse five significant cases investigated by the Romanian DPA; present the most frequent cases of complaints, notices, and notified data breaches; compare the key numbers that reflect the DPA's activity in 2023 with those from the previous year. The full publication is available here.
Read more

Greek Draft Law Transposing the NIS 2 Directive on Cybersecurity Open for Public Consultation

October 2024 Irene Kyriakides, Partner, Natalia Soulia, Senior Associate, Eleni Kyratzi, Associate, Terpsithea Papanikolaou, Junior Associate Kyriakides Georgopoulos Law Firm On October 19th, 2024, the Ministry of Digital Governance released for public consultation the draft Law transposing into Greek legislation Directive 2022/2555 (NIS2 Directive) on measures for a high common level of cybersecurity across the EU. The proposed draft Law aims to address the gaps identified in the NIS1 Directive, which is repealed by NIS2. More specifically, both the NIS2 Directive and the draft Law apply to…
Read more

Understanding the EU's Artificial Intelligence Act: Key Insights

August 2024 Anisa Tomic, Partner, and Zerina Karahmet, Associate Maric & Co Law Firm On August 1, 2024, the European Union's Artificial Intelligence Act (AI Act) came into force, marking a significant milestone in the regulation of AI technologies. This pioneering regulatory framework is designed to ensure the safe and ethical deployment of AI across the EU, balancing innovation with fundamental rights and safety. At Marić & Co. d.o.o., we recognize the importance of understanding and complying with these regulations as AI continues to revolutionize the way we live and work, from personalized…
Read more

Software and IP Protection – Key Considerations

August 2024 Irene Kyriakides, Partner, Niovi Plemmenou, Associate, Apostolos Papachrysos, Associate, and Androniki Papoutsoglou, Junior Associate Kyriakides Georgopoulos Law Firm Introduction In an increasingly technology-oriented society, software has become an invaluable asset for businesses. Companies either develop or simply use software in their day-to-day operations and a familiarity with laws revolving around software and its protection is crucial. Navigating the complex landscape of intellectual property (IP) rights is essential for safeguarding the interests of innovative companies.…
Read more

Amendments to the Personal Data Protection Law

July 2024 Marat Minasyan, Partner, and Bahar Esenturk, Associate Kolcuoglu Demirkan Kocakli Attorneys at Law The Turkish Personal Data Protection Law ("PDPL") was amended by the Amendment Law on the Code of Criminal Procedure and Certain Laws ("Amendment Law"), published in March 2024. The Amendment Law changes the rules regarding cross-border data transfers, the processing of sensitive personal data, and the appeal process against the decisions of the Personal Data Protection Board ("Board"). It came into effect on June 1, 2024. However, the existing provisions concerning cross-border data…
Read more

Regulation on the Procedures and Principles Regarding the Cross-Border Data Transfer

July 2024 On 10 July 2024, the Regulation on Procedures and Principles Regarding the Transfer of Personal Data Abroad (the "Regulation"), which governs the implementation of Article 9 of the Personal Data Protection Law ("PDPL") concerning cross-border data transfers, was published. This Regulation primarily addresses the obligations of data controllers and processors in managing cross-border data transfers and establishes corresponding procedures. For the full article, please use the following link. 
Read more

Greece Shows Commitment to Cybersecurity

June 2024 Elisabeth Eleftheriades, Partner, and Nikolaos Tilemachos Vellios, Associate Kyriakides Georgopoulos Law Firm From the adoption of advanced digital tools and capabilities by public authorities, to the transition to a ‘government-cloud-first policy’ and significant private investments in the tech field (particularly in data centers), recent years have seen Greece rapidly emerging into the digital age. Amidst this digital transformation, the Greek government has shown that it prioritizes establishing a secure cyberspace.  This is particularly evident in the case of the National…
Read more