NIS2 and KRITIS impose varying levels of cybersecurity obligations on healthcare facilities depending on whether they are classified as critical infrastructure and their size.
The EU AI Act mandates binding compliance measures effective immediately and requires organizations to systematically classify and document their AI systems according to risk levels.
The EU Pay Transparency Directive creates information rights for employees and reporting obligations for employers that must be regulated by data protection rules—without specifying minimum group sizes for comparison groups.
The BfDI assesses the direct training of AI models with real tax data as data-protection-critical, since memorization of citizen data represents a known risk.
Digital sovereignty is forcing European enterprises to restructure their IT infrastructure and requires board-level decisions on cyber risk, sanctions resilience, and regulatory compliance.
In digital identity, security is not a product feature but the product itself — therefore, the required level of trust must be present from the start, not built up later.
Despite its 2026 fork, the European Euro-Office Consortium failed to achieve independence from Russian OnlyOffice code and continued integrating its changes instead of developing its own.
A unified EU reporting form for data breaches is intended to eliminate national differences and require greater transparency on causes and protective measures.
