This is what happens when your society becomes more and more litigious. Concepts of law and national borders have absolutely no impact on connected bits and bytes. And yet it is the legislators & lawyers that hold sway. They legislate and litigate away and then wash their hands of the consequences. Everyone has to comply, but in an internet-connected world, the gaping holes are so obvious as to make the whole charade ridiculous.
Sophos only care that they comply with some regulation (see comments about CNET and download.com). So long as they avoid litigation, all is well.