The Situation: The aviation industry is increasingly reliant on digital systems, from air traffic management to ground operations and predictive maintenance. This digital transformation has significantly broadened the...more
2/4/2026
/ Aviation Industry ,
Compliance ,
Cybersecurity ,
Data Security ,
EU ,
Incident Response Plans ,
Information Security ,
New Regulations ,
Penalties ,
Popular ,
Regulatory Oversight ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Supply Chain ,
Transportation Industry
The German Financial Supervisory Authority ("BaFin") has issued non-binding guidance ("Guidance") clarifying how financial institutions should manage Information and Communication Technology ("ICT") risks arising from...more
1/12/2026
/ Artificial Intelligence ,
BaFin ,
Cloud Computing ,
Cloud Service Providers (CSPs) ,
Cybersecurity ,
Data Security ,
Digital Operational Resilience Act (DORA) ,
EU ,
Financial Institutions ,
Financial Services Industry ,
Information and Communication Technology (ICT) ,
Machine Learning ,
New Guidance ,
Outsourcing ,
Regulatory Requirements ,
Risk Management ,
Third-Party Risk
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
1/12/2026
/ Competition ,
Cyber Threats ,
Cybersecurity ,
Economic Sanctions ,
EU ,
European Commission ,
Geopolitical Risks ,
Healthcare ,
International Trade ,
National Security ,
Public Health ,
Regulatory Reform ,
Risk Management ,
Russia ,
Ukraine
On November 19, 2025, the European Commission published two "Digital Omnibus" proposals as part of a wider Digital Package: (i) a Digital Legislation Omnibus that amends and consolidates large parts of the European Union's...more
12/19/2025
/ AI Act ,
Artificial Intelligence ,
Compliance ,
Cookie Banners ,
Cookies ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Digital Operational Resilience Act (DORA) ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Network and Information Security Directive ,
New Legislation ,
Proposed Legislation ,
Regulatory Reform ,
Reporting Requirements
This update (No. 123 | 8 October 2025) covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber...more
12/1/2025
/ Artificial Intelligence ,
Critical Infrastructure Sectors ,
Cyber Threats ,
Cybersecurity ,
Economic Sanctions ,
ENISA ,
EU ,
European Commission ,
Export Controls ,
Foreign Policy ,
Geopolitical Risks ,
Healthcare ,
International Trade ,
National Security ,
Public Health ,
Public Health Emergency ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management ,
Russia ,
Supply Chain ,
Ukraine
Implementing the NIS-2 Directive (EU 2022/2555) and the Critical Entities Resilience ("CER") Directive (EU 2022/2557) into national law, Germany is reinforcing the security and resilience of its critical infrastructure,...more
10/8/2025
/ Critical Infrastructure Sectors ,
Cybersecurity ,
EU ,
Germany ,
Incident Response Plans ,
Information Technology ,
New Legislation ,
Regulatory Oversight ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
10/2/2025
/ Competition ,
Cyber Threats ,
Cybersecurity ,
Economic Sanctions ,
EU ,
European Commission ,
Export Controls ,
Foreign Policy ,
Geopolitical Risks ,
Medical Devices ,
National Security ,
Pharmaceutical Industry ,
Public Health ,
Russia ,
State Aid ,
Ukraine
The EU has introduced Delegated Regulation (EU) 2025/1190, establishing the first harmonized standards for threat-led penetration testing ("TLPT") across the financial sector. The regulation aims to strengthen the cyber...more
7/31/2025
/ Credit Institutions ,
Cybersecurity ,
Digital Operational Resilience Act (DORA) ,
Enforcement ,
EU ,
EU Directive ,
Financial Institutions ,
Financial Services Industry ,
G-SII ,
Harmonization Rules ,
Regulatory Requirements ,
Risk Management ,
Technical Standards
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
6/3/2025
/ Competition ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Economic Sanctions ,
EU ,
European Commission ,
Export Controls ,
Geopolitical Risks ,
Healthcare ,
Medical Devices ,
National Security ,
Pharmaceutical Industry ,
Regulatory Requirements ,
Risk Management ,
Russia ,
State Aid ,
Trade Policy ,
Ukraine
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
4/7/2025
/ Competition ,
Cybersecurity ,
Data Protection ,
EU ,
Export Controls ,
Exports ,
Geopolitical Risks ,
Health Care Providers ,
Life Sciences ,
Medical Devices ,
National Security ,
Pharmaceutical Industry ,
Russia ,
State Aid ,
Ukraine
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
2/12/2025
/ Competition ,
Cybersecurity ,
Data Protection ,
Economic Sanctions ,
EU ,
Export Controls ,
Geopolitical Risks ,
Medical Devices ,
National Security ,
Pharmaceutical Industry ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Reform ,
Russia ,
State Aid ,
Ukraine
DORA, the first EU regulation designed to establish a unified and robust digital resilience standard for the financial sector, becomes directly applicable on January 17, 2025, introducing significant penalties and...more
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
1/3/2025
/ Competition ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
Export Controls ,
Foreign Trade Regulations ,
Geopolitical Risks ,
Medical Devices ,
Pharmaceutical Industry ,
State Aid
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
11/21/2024
/ Competition ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
Export Controls ,
Foreign Trade Regulations ,
Geopolitical Risks ,
Medical Devices ,
Pharmaceutical Industry ,
State Aid
As the national implementation deadline for the NIS 2 EU Directive is over, businesses in scope should ensure they will soon be ready to comply with the strengthened cybersecurity requirements....more
On October 10, 2024, the EU Cyber Resilience Act ("CRA") was adopted by the Council of the European Union....more
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
9/25/2024
/ Artificial Intelligence ,
Competition ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
Export Controls ,
Geopolitical Risks ,
Joint Statements ,
Medical Devices ,
Russia ,
State Aid ,
Ukraine
This regular alert covers key regulatory developments related to EU emergency responses, including in particular to Russia’s war of aggression against Ukraine, COVID-19, and cyber threats. It does not purport to provide an...more
8/12/2024
/ Artificial Intelligence ,
Competition ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
Export Controls ,
Medical Devices ,
Regulatory Agenda ,
Regulatory Oversight ,
State Aid
Welcome to Vital Signs, a curated compilation of the latest legal and regulatory developments in digital health. Our lead article reports on recent developments in the U.S. Food and Drug Administration's ("FDA") regulatory...more
7/22/2024
/ Algorithms ,
Artificial Intelligence ,
Cybersecurity ,
Data Protection ,
Department of Justice (DOJ) ,
Digital Health ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Innovative Technology ,
Life Sciences ,
Machine Learning ,
Medical Devices ,
Personal Data ,
Pharmacies ,
Popular ,
Telemedicine
This regular alert covers key regulatory developments related to EU emergency responses, including in particular to Russia’s war of aggression against Ukraine, COVID-19, and cyber threats. It does not purport to provide an...more
This regular alert covers key regulatory developments related to EU emergency responses, including in particular to Russia’s war of aggression against Ukraine, COVID-19, and cyber threats. It does not purport to provide an...more
CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more
This regular alert covers key regulatory developments related to EU emergency responses, including in particular to Russia’s war of aggression against Ukraine, COVID-19, and cyber threats. It does not purport to provide an...more
Chinese authorities issued new regulations and guidance governing cross-border transfers of data and personal information, which will significantly reduce procedural and compliance burdens for many multinationals....more
This regular alert covers key regulatory developments related to EU emergency responses, including in particular to Russia’s war of aggression against Ukraine, COVID-19, and cyber threats. It does not purport to provide an...more