The Situation: The aviation industry is increasingly reliant on digital systems, from air traffic management to ground operations and predictive maintenance. This digital transformation has significantly broadened the...more
2/4/2026
/ Aviation Industry ,
Compliance ,
Cybersecurity ,
Data Security ,
EU ,
Incident Response Plans ,
Information Security ,
New Regulations ,
Penalties ,
Popular ,
Regulatory Oversight ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Supply Chain ,
Transportation Industry
The German Financial Supervisory Authority ("BaFin") has issued non-binding guidance ("Guidance") clarifying how financial institutions should manage Information and Communication Technology ("ICT") risks arising from...more
1/12/2026
/ Artificial Intelligence ,
BaFin ,
Cloud Computing ,
Cloud Service Providers (CSPs) ,
Cybersecurity ,
Data Security ,
Digital Operational Resilience Act (DORA) ,
EU ,
Financial Institutions ,
Financial Services Industry ,
Information and Communication Technology (ICT) ,
Machine Learning ,
New Guidance ,
Outsourcing ,
Regulatory Requirements ,
Risk Management ,
Third-Party Risk
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
1/12/2026
/ Competition ,
Cyber Threats ,
Cybersecurity ,
Economic Sanctions ,
EU ,
European Commission ,
Geopolitical Risks ,
Healthcare ,
International Trade ,
National Security ,
Public Health ,
Regulatory Reform ,
Risk Management ,
Russia ,
Ukraine
On November 19, 2025, the European Commission published two "Digital Omnibus" proposals as part of a wider Digital Package: (i) a Digital Legislation Omnibus that amends and consolidates large parts of the European Union's...more
12/19/2025
/ AI Act ,
Artificial Intelligence ,
Compliance ,
Cookie Banners ,
Cookies ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Digital Operational Resilience Act (DORA) ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Network and Information Security Directive ,
New Legislation ,
Proposed Legislation ,
Regulatory Reform ,
Reporting Requirements
This update (No. 123 | 8 October 2025) covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber...more
12/1/2025
/ Artificial Intelligence ,
Critical Infrastructure Sectors ,
Cyber Threats ,
Cybersecurity ,
Economic Sanctions ,
ENISA ,
EU ,
European Commission ,
Export Controls ,
Foreign Policy ,
Geopolitical Risks ,
Healthcare ,
International Trade ,
National Security ,
Public Health ,
Public Health Emergency ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management ,
Russia ,
Supply Chain ,
Ukraine
On 16 July 2025, the European Central Bank ("ECB") published a non-binding Guide clarifying supervisory expectations for institutions outsourcing cloud services....more
Italy is the first EU Member State to enact national legislation on Artificial Intelligence ("AI"), thereby positioning itself as a frontrunner in shaping AI rule-making within the European Union....more
10/16/2025
/ AI Act ,
Artificial Intelligence ,
Data Centers ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Healthcare ,
Information Technology ,
Intellectual Property Protection ,
Italy ,
Machine Learning ,
New Legislation ,
Popular ,
Regulatory Reform ,
Regulatory Requirements
Implementing the NIS-2 Directive (EU 2022/2555) and the Critical Entities Resilience ("CER") Directive (EU 2022/2557) into national law, Germany is reinforcing the security and resilience of its critical infrastructure,...more
10/8/2025
/ Critical Infrastructure Sectors ,
Cybersecurity ,
EU ,
Germany ,
Incident Response Plans ,
Information Technology ,
New Legislation ,
Regulatory Oversight ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
10/2/2025
/ Competition ,
Cyber Threats ,
Cybersecurity ,
Economic Sanctions ,
EU ,
European Commission ,
Export Controls ,
Foreign Policy ,
Geopolitical Risks ,
Medical Devices ,
National Security ,
Pharmaceutical Industry ,
Public Health ,
Russia ,
State Aid ,
Ukraine
The Single Resolution Board ("SRB") transferred pseudonymized comments from data subjects to Deloitte without informing them. The European Data Protection Supervisor ("EDPS") found a violation of information duties applicable...more
9/11/2025
/ Anonymization ,
Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Data Transfers ,
Disclosure Requirements ,
EDPS ,
EU ,
General Court of the European Union (GCEU) ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Regulatory Violations ,
Single Resolution Board ,
Transparency
On September 3, 2025, the General Court of the European Union dismissed an action for annulment brought by a French member of Parliament against the European Commission's decision recognizing the adequacy of the level of...more
On July 9, 2025, the European Parliament's Committee on Legal Affairs ("JURI") published a study examining how generative artificial intelligence ("AI") interacts with European Union copyright law....more
8/14/2025
/ AI Act ,
Artificial Intelligence ,
Copyright ,
Court of Justice of the European Union (CJEU) ,
Data Mining ,
EU ,
Innovative Technology ,
Intellectual Property Protection ,
IP License ,
Machine Learning ,
Regulatory Reform ,
Training
The European Union's Artificial Intelligence Act ("AI Act") establishes a comprehensive, risk-based regulatory framework including provisions relating to general-purpose AI ("GPAI") models that apply as from 2 August 2025. In...more
8/6/2025
/ Artificial Intelligence ,
Copyright ,
EU ,
European Commission ,
Innovative Technology ,
Machine Learning ,
New Legislation ,
Popular ,
Regulatory Requirements ,
Risk Management ,
Transparency
The EU has introduced Delegated Regulation (EU) 2025/1190, establishing the first harmonized standards for threat-led penetration testing ("TLPT") across the financial sector. The regulation aims to strengthen the cyber...more
7/31/2025
/ Credit Institutions ,
Cybersecurity ,
Digital Operational Resilience Act (DORA) ,
Enforcement ,
EU ,
EU Directive ,
Financial Institutions ,
Financial Services Industry ,
G-SII ,
Harmonization Rules ,
Regulatory Requirements ,
Risk Management ,
Technical Standards
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
6/3/2025
/ Competition ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Economic Sanctions ,
EU ,
European Commission ,
Export Controls ,
Geopolitical Risks ,
Healthcare ,
Medical Devices ,
National Security ,
Pharmaceutical Industry ,
Regulatory Requirements ,
Risk Management ,
Russia ,
State Aid ,
Trade Policy ,
Ukraine
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
4/7/2025
/ Competition ,
Cybersecurity ,
Data Protection ,
EU ,
Export Controls ,
Exports ,
Geopolitical Risks ,
Health Care Providers ,
Life Sciences ,
Medical Devices ,
National Security ,
Pharmaceutical Industry ,
Russia ,
State Aid ,
Ukraine
The European Union's Artificial Intelligence Act ("AI Act"), the world's first comprehensive legal framework on AI, entered into force on August 1, 2024. The AI Act sets out staggered compliance deadlines for the various...more
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
2/12/2025
/ Competition ,
Cybersecurity ,
Data Protection ,
Economic Sanctions ,
EU ,
Export Controls ,
Geopolitical Risks ,
Medical Devices ,
National Security ,
Pharmaceutical Industry ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Reform ,
Russia ,
State Aid ,
Ukraine
The European Commission has released a new template for summarizing training data used in general-purpose artificial intelligence ("AI") models, as part of its broader AI regulatory framework....more
DORA, the first EU regulation designed to establish a unified and robust digital resilience standard for the financial sector, becomes directly applicable on January 17, 2025, introducing significant penalties and...more
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
1/3/2025
/ Competition ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
Export Controls ,
Foreign Trade Regulations ,
Geopolitical Risks ,
Medical Devices ,
Pharmaceutical Industry ,
State Aid
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
11/21/2024
/ Competition ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
Export Controls ,
Foreign Trade Regulations ,
Geopolitical Risks ,
Medical Devices ,
Pharmaceutical Industry ,
State Aid
As the national implementation deadline for the NIS 2 EU Directive is over, businesses in scope should ensure they will soon be ready to comply with the strengthened cybersecurity requirements....more
On October 10, 2024, the EU Cyber Resilience Act ("CRA") was adopted by the Council of the European Union....more
This regular alert covers key policy and regulatory developments related to EU geopolitical risks, including in particular, economic security, Russia’s war against Ukraine, health threats, and cyber threats. It does not...more
9/25/2024
/ Artificial Intelligence ,
Competition ,
Cybersecurity ,
Data Protection ,
EU ,
European Commission ,
Export Controls ,
Geopolitical Risks ,
Joint Statements ,
Medical Devices ,
Russia ,
State Aid ,
Ukraine