With new tech legislation, the increased importance of cybersecurity, and concurrent due diligence during mergers and acquisitions, investors and supervisory bodies face growing demands on their time and resources. The number of companies that are subject to regulatory requirements increases significantly with existing and new legislation such as the GDPR, NIS1 and recently NIS2 and the Digital Operational Resilience Act (DORA). Sometimes, the National Competent Authority (NCA) has not yet been identified. Likewise, cybersecurity adds additional complexity for investors, financiers, and buyers in the acquisition market, which requires more thorough due diligence regarding companies’ technology stack. In this article, we propose two scenarios as the only way forward to relieve this burden: a “Digital Due Diligence” checklist and proactive “In-control statements.”
Full Article
