The NIS2 Directive covers approximately 30,000 additional companies that must align their cybersecurity governance and technical controls with EU-wide standards.
The CritInfra Ordinance draft contains definitional gaps and relies on a 20-year-old, methodologically disputed threshold of 500,000 persons that does not adequately reflect actual critical infrastructure risks.
The US blockade of Claude Fable 5 is being interpreted by European politicians and entrepreneurs as evidence of structural technological dependence, bringing European AI development sovereignty increasingly into focus.
The US is restricting access to high-performance AI models for international users — a wake-up call for CDOs and Europe’s technological dependence on American providers.
Data sovereignty through local cloud infrastructure is necessary but insufficient — true control requires robust identity governance and transparency over metadata, encryption keys, and access protocols.
The EU launches infringement proceedings against France and Spain for failing to transpose the NIS2 Directive into national law after the transposition deadline expired.
The Commission is suing France and Spain before the CJEU for non-implementation of the NIS2 Directive to enforce comprehensive regulatory protection of critical infrastructure.
The NIS2 Directive significantly expands the scope of regulated companies and introduces new requirements for cybersecurity governance and risk management systems.
Financial institutions require dedicated AI governance, zero-trust architectures, and continuous security validation to protect the confidentiality, integrity, and availability of AI applications.
