Regulations

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA) is a European Union regulation that came into force on 17 January 2025. It requires financial organisations to strengthen their cybersecurity resilience to help them stay protected as the financial services sector shifts to the increasing use of digital technologies. DORA also contains obligations that apply to financial organisations’ third-party ICT service providers, so it’s relevant to a wide range of organisations.
Note to author: Below is the container controlled by the "Read more" button above.

EU Network and Information Security Directive 2 (NIS2)

The Network and Information Security Directive 2 (NIS2) is a European Union regulation that came into force for EU member states as of 17 October 2024, the deadline for member states to enact legislation. NIS2 makes organisations’ senior management directly accountable for mitigating, responding to, and reporting cybersecurity incidents, as well as setting out strict timelines for notifying authorities of a breach.
Note to author: Below is the container controlled by the "Read more" button above.

Additional Resources

NIS2 e-Books

English

French

German


Links

NIS2 Directive Overview

NIS2 Official Text

EU AI Act

In August 2024, the European Union’s AI Act (Act) entered into force — a first of its kind legislation that regulates the development, provision, deployment, and importation of Artificial Intelligence (AI) systems into the EU. The Act separates AI risks into four categories and sets out different rules for each risk level.

The aim of the Act is to regulate AI to ensure that these risks are properly managed, minimised, and remediated. The Act will be fully enforceable August 2026. However, some parts of the Act will apply sooner.

Note to author: Below is the container controlled by the "Read more" button above.

What do I need to do to comply?

The most important next step, if you have not already started to prepare for the Act, is to check which risk category your company’s products or services fall under. Most businesses will fall under the limited or minimal risk categories.

Prohibited AI

Prohibition of ‘unacceptable risk’ AI systems took effect on 2 February 2025. Chapter 5 discusses prohibited AI practices.

High risk

Companies that develop and deploy high-risk AI systems need to ensure that their systems are compliant with the requirements set out in Chapter 3, Section 2 of the EU AI Act, titled ‘Requirements for High-Risk AI Systems’. This section of the Act sets out the obligations for businesses that fall in the category, including risk management, record keeping, and maintaining human oversight.

Limited risk

Businesses that develop or deploy limited-risk AI systems are required to provide users with transparency disclosures to ensure that users are aware that they are interacting with or consuming content from an AI system. Article 50 of the AI Act includes more detail on the transparency obligations for these kinds of AI systems.

Minimal risk

Be certain that your AI system falls into the minimal, unregulated category. Keep an eye out for any developments that might affect your business.

If you’re not sure which category your business fall into, you can complete this questionnaire on the official EU AI Act website to find out.

What about Barracuda’s products?

Barracuda Products

Barracuda products and services containing AI fall into the “minimal risk” category. Barracuda includes information regarding the use of AI in the Product and Service Descriptions on the Product Guide.

Find out more about the EU’s AI Act, the risk categories, and what you need to do to comply in our e-book, Getting ready for the EU AI Act.


Additional Resources

AI Act e-Books

English

French

German


Links to AI Act Websites

European Parliament Overview

In-depth Discussion

AI Act Official Text

U.S. Financial Industry Regulatory Authority (FINRA)

The Financial Industry Regulatory Authority (“FINRA”) is a non-governmental organization that sets regulations for broker-dealers and exchange markets in the United States. Barracuda’s financial industry customers subject to FINRA regulations depend on Barracuda products and services to protect their business, including obligations to retain immutable backup copies of certain data.  Please review specific Barracuda product information for more details about how products store data.