A unified EU reporting form for data breaches is intended to eliminate national differences and require greater transparency on causes and protective measures.
NIS2 requires companies to establish structured governance, implement technical security measures, and maintain demonstrable incident-response processes, for which CISOs must assume full responsibility at board level.
NIS2 requires organisations to ensure security awareness functions in real work situations and does not remain merely theoretical knowledge — a focus on behavioural change rather than compliance documentation.
First dedicated compliance editorial: EU Commission delivers high-risk operationalisation, noyb criticises Digital Omnibus sharply, DSA Trusted Flaggers consultation launched, Temu fine makes DSA enforcement real.
Three threads shaped May: the AI Omnibus and first high-risk guidelines from Brussels, Claude 4.8 with KPMG scaling as commercial proof, and a wave of supply-chain incidents from Nx-Console to axios — what began in May becomes operational in June.
