Risk Partners Life Sciences Roundtable 2025, thank you very much! 

Contact us

Foreign filers / private issuers watch out!
2023 brought further harmonization of European
and US standards for cyber incident reporting.

Under the SEC Ruling, all companies listed on the US stock exchange are now required to publicly report significant data security incidents to the SEC within four business days. In addition, they must disclose in their annual report (10-K) their procedures for identifying and addressing material cybersecurity risks, including the role of the board of directors.

Please note: This regulation also applies to foreign private issuers (e.g. German companies that have issued a US bond). However, they are only obliged to make ad hoc reports (Form 6-K) of incidents if they are obliged to do so in another jurisdiction, e.g. under theMarket Abuse Regulation.

The materiality of an incident is determined in particular by the potential financial consequences. These consequences must be presented in the report, but not whether the incident is still ongoing or whether data has been compromised.

US legislation regarding the reporting of data security incidents is thus moving increasingly closer to European regulations, which is to be welcomed in principle. Recently, the US Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) introduced reporting obligations for security incidents in critical infrastructure, comparable to the NIS guidelines and the BSI Act applicable in Germany. One particular aspect of the US regulations is the obligation to report such incidents within 72 hours and ransomware payments within 24 hours.

The new SEC ruling introduces a legal obligation for US companies to report cybersecurity incidents that is not exclusively limited to critical infrastructure. In view of the small number of German foreign filers and private issuers in the USA, this regulation affects fewer economic operators than the reporting obligations under the GDPR and, in future, the NIS2 implementation laws, but may have significant consequences due to the companies' relevance to the capital market. This is because the requirement is not limited to reporting to a supervisory authority or specific data subjects, but also to the (investor) public.

Against this backdrop, we recommend reviewing the cost components of your cyber insurance policy's reporting obligations and keeping the D&O insurance program up to date with regard to both the insured group and the insurance conditions with regard to cyber risks. In past due diligence reviews, we were able to identify weaknesses in this regard - favored by the tough years in the US D&O insurance market. Please contact us if you have any questions. You are also welcome to read further expertise on D&O insurance from Foreign Filers on our website.  

Management

Capital requirements for (fully regulated) AIFMs

What are the capital requirements for an asset management company? Together with experts Johannes Kiefer (Director of Risk & Compliance at Landsiedel & Partner) and Henry Franz (Managing Director of Layline.tax), we were able to compile our combined expertise on capital requirements, ranging from registered asset management companies to fully licensed ones. In this issue of VC Magazine, we share how E&O insurance, among other things, can provide added value. In addition to our article available below, please also check out the link to the online edition of Venture Capital Magazine. Enjoy!

Read more "
March 30, 2026
IPO

Risk Partners is advising Terranor Group AG on its NASDAQ (Sweden) IPO

From Road Builder to IPO Candidate: How Terranor Group AB Conquered Nasdaq First North. It was a day that marked a new chapter not only for Terranor Group AB but for the entire Nordic infrastructure sector: On June 19, 2025, the Swedish company celebrated its successful initial public offering on the Nasdaq First North Premier Growth Market in Stockholm. Risk Partners as IPO Advisor For while Terranor Group shares began trading under the ticker symbol TERNOR on June 30, 2025,

Read more "
March 23, 2026
IPO

New: Risk Partners POSI Insurance for MiCAR White Paper

MiCAR Compliance? We Cover the Risk! The MiCAR Regulation (EU 2023/1114) exposes crypto-asset service providers and whitepaper authors to significant liability risks. Incomplete, inaccurate, or misleading information in white papers can have significant consequences for Crypto-Asset Service Providers (CASP) and authors—ranging from regulatory sanctions to civil claims. Our solution: Risk Partners Tech POSI MiCAR Whitepaper Protect 2025 The creation and publication of white papers under MiCAR entails complex liability pitfalls: In addition to civil claims (e.g., under the German Civil Code) and criminal risks, there is a threat of

Read more "
March 21, 2026