regulatory-update
-
NIS2 Enforcement Is Underway: What Early EU Penalties Mean for Your Organisation
EU member states have begun issuing formal NIS2 enforcement actions. Germany has issued 47 formal notices, France has ordered remediation across energy and transport, and personal liability for senior executives is now active. What CISOs need to bring to the board.
regulatory-update -
CIRCIA Is Live: What the 72-Hour Reporting Rule Means for Your Organisation
The Cyber Incident Reporting for Critical Infrastructure Act final rule took effect in May 2026, establishing mandatory 72-hour incident reports and 24-hour ransomware payment disclosure for covered entities. Here's what CISOs need to have in place before an incident.
regulatory-update -
NIS2 Directive: The CISO's Compliance Roadmap by Sector
What CISOs must implement under the EU's NIS2 Directive -- sector-specific obligations, board accountability requirements, and the cost of non-compliance.
regulatory-update -
DORA: ICT Risk Management Requirements for Financial Entities
A CISO's guide to the Digital Operational Resilience Act -- what financial institutions must implement, how DORA interacts with NIS2, and the oversight regime for critical third-party providers.
regulatory-update -
SEC Cybersecurity Disclosure Rules: What CISOs Must Know in 2026
Material incident reporting timelines, annual cybersecurity disclosures, and the CISO's role in SEC compliance -- including personal liability considerations for public company security leaders.
regulatory-update