On 22 January 2024, the Bermuda Monetary Authority’s ( BMA ) 2024 Business Plan confirmed its continuing focus on cyber risk supervision, its interest in considering how AI will impact financial services, and its commitment to its IT Strategy: Vision 2025.

As well, the BMA has made clear the real connection that exists between IT and cyber operational risk, outsourcing transactions, business continuity planning and data protection across the critical infrastructure that the BMA regulates.

Recently, the Computer Misuse Act 2024 was introduced by the Bermuda Government to provide enhanced legal weapons to fight cybercrime. Heavily based on UK law for those matters, the new Act replaces Bermuda’s previous 1996 statute of the same name and is intended to reflect international best practices to address both computing innovations and to greatly enhance penalties.

However, our newest Computer Misuse Act 2024 may not be the final word on computer misuse criminal law reform given the many law reform recommendations that are advanced in UK’s Criminal Law Reform Network’s 2020 report titled “Reforming The Computer Misuse Act 1990”. There may be more to come on that front.

On 31 May, Bermuda’s new Cybersecurity Act 2024 was passed by the House to address the need for the regulatory oversight across numerous essential services and critical infrastructure in Bermuda that the Government will more specifically identify in the weeks ahead.

In passing the Cybersecurity Act, the Government has decided to create a new regulatory regime under Ministerial oversight rather than simply directing existing regulators, like the Bermuda Health Council and the Regulatory Authority, to implement their own models of proportional risk based IT and cybersecurity regulation, which would likely follow the BMA’s very successful formulation, implementation and management of such regulations in recent years.

The end result, however, is expected to be very similar across all essential services and their regulators, even if different proportional risk based security standards, practices and governance requirements are stipulated under that Act. That Act’s implementation process, including the introduction of all such regulatory standards in the weeks to come, is expected to include diligent industry consultation and the responsive consideration by Government toward improving that Act’s relevance and effectiveness.

Finally, as many have been following, Bermuda’s Personal Information Protection Act 2016 ( PIPA ) will come into full force at the end of this year. Indeed, PIPA also includes laws that require IT and cybersecurity safeguards and addresses third party services such as outsourcing, the transfer of personal information overseas, and related data protection duties and responsibilities.

There is no question that the legal landscape of IT and cybersecurity in Bermuda is undergoing transformational change in all of its facets, from the fundamental standards of diligent corporate governance to all of the commercial IT service and outsourcing agreements that every critical infrastructure participant enters into with their affiliates and commercial service providers.

Share
X.com LinkedIn Email Save as PDF
More Publications
Appleby-Website-Employment-and-Immigration
26 Aug 2025

Walking the Tightrope of Restrictive Covenants

Restrictive covenants in employment agreements can often be a tightrope for employers. Ideally, thos...

ICLG Fintech 21 cover
26 Aug 2025

Insights from the BMA’s Discussion Paper on Responsible Use of Artificial Intelligence in Bermuda’s Financial Sector

The Bermuda Monetary Authority (BMA) recently published a discussion paper on 30 July, 2025: The Res...

Appleby-Website-Insurance-and-Reinsurance
25 Aug 2025

Bermuda – Influential Women in Hamilton: Melinda Mayne

Insurance companies in Bermuda are more open to discussions on diversity and inclusion, though there...

Appleby-Website-Privacy-and-Data-Protection
28 Jul 2025

Insights from the BMA’s Second Consultation Paper on Digital Identity Service Providers

As jurisdictions around the world grapple with the complexities of authenticating digital identities...

Technology and Innovation
24 Jul 2025

Contracts to Manage AI Risk: Part Two (Bermuda)

In part one of this two-part series about artificial intelligence contracts, I discussed the ways th...

Technology and Innovation
22 Jul 2025

Contracts to Manage AI Risk (Bermuda)

This is the first of a two-part article on how artificial intelligence contracts can be used to mana...

Appleby-Website-Insurance-and-Reinsurance
15 Jul 2025

Captives are the grass roots of Bermuda risk

Bermuda has seen tremendous growth in the life reinsurance and insurance-linked securities markets i...

050-Insolvency-Restructuring-Grid-Image
10 Jul 2025

Bermuda: Restructuring & Insolvency

This country-specific Q&A provides an overview of Restructuring & Insolvency laws and regulations ap...

050-Insolvency-Restructuring-Grid-Image
3 Jul 2025

Insolvency law: secured creditors take note (Bermuda)

The recent judgment delivered by the Supreme Court of Bermuda in the matter of Harold J. Darrell hig...

Appleby-Website-Insurance-and-Reinsurance
2 Jul 2025

Bermuda: Education has helped investors get more comfortable as ILS continues to grow

It’s been an exceptionally busy and record first half of the year for the catastrophe bond sector,...