Temporary onboarding passwords distributed via email or SMS and not consistently changed create unnecessary security risks for companies and violate NIS2 standards.
Unmanaged non-human identities represent a systematic security gap that will manifest as a mass outage in 2026 when expired machine certificates in millions of enterprise-dependent services expire simultaneously.
Data sovereignty through local cloud infrastructure is necessary but insufficient — true control requires robust identity governance and transparency over metadata, encryption keys, and access protocols.
The EU launches infringement proceedings against France and Spain for failing to transpose the NIS2 Directive into national law after the transposition deadline expired.
The Commission is suing France and Spain before the CJEU for non-implementation of the NIS2 Directive to enforce comprehensive regulatory protection of critical infrastructure.
The NIS2 Directive significantly expands the scope of regulated companies and introduces new requirements for cybersecurity governance and risk management systems.
NIS2 requires enterprises to implement structured cybersecurity risk management and governance; identifying the scope of application is the first step.
Security gains from passkey adoption in central IT are negated by uncontrolled shadow IT using weak passwords, presenting organizational challenges for CISOs.
