NCC Group says geopolitics, digital sovereignty and AI are driving tougher cyber rules, with boards facing greater accountability and scrutiny.
In this episode of The Data Chronicles, host Scott Loughlin is joined by Hogan Lovells partners Dan Whitehead and Dr. Henrik Hanssen to examine how evolving cybersecurity regimes in the E.U. and UK such as NIS2, the Cyber Resilience Act, DORA, and proposed reforms to the EU Cybersecurity Act are reshaping legal and operational expectations for organizations operating across borders.
.png)
Most organizations can see their software security risks. Far fewer can act on them fast enough to matter – and with the EU Cyber Resilience Act coming into enforcement in September 2026, the difference between visibility and action is about to become a legal liability. At KubeCon Europe 2026, Cloudsmith made its case for closing it.
ENISA's Nuno Carvalho on CVE program risks, EU regulatory enforcement, and building a distributed vulnerability disclosure ecosystem.
NCC Group’s latest Global Cyber Policy Radar finds cyber regulation is no longer a compliance exercise but a strategic lever of national power—reshaping how enterprises manage...
/Passle/5db069e28cb62309f866c3ee/MediaLibrary/Images/2026-03-16-17-46-11-348-69b841e33f16261f919a33c9.jpg)
EU cybersecurity regulation is moving at pace. A cluster of new and updated legislative instruments – from NIS2 and CER to the Cyber...
How the EU Cyber Resilience Act reshapes access control security and why manufacturers must exceed minimum compliance.
ISJ hears exclusively from Sylvain Cortes, VP of Strategy, Hackuity about about what the reporting deadline means for manufacturers and why it represents a major shift in software liability.
2N discuss how robust cybersecurity builds lasting trust beyond compliance ahead of the EU’s Cyber Resilience Act (CRA).
New AI tech could pose major cybersecurity risks but many European regulators have limited oversight.
The EU's Cyber Resilience Act extends cybersecurity requirements beyond consumer tech to impose strict mandates on rail operators and suppliers. By 2026, European railways face immediate compliance obligations reshaping digital infrastructure security.
Peacetime — before an attack occurs — is when to plan for disaster recovery and operational resilience. This is where asset dependency mapping will play a critical role in determining an organization’s ability to recover from an attack quickly and fully and emerge even stronger.
Nomad Digital explains what the mandatory cybersecurity requirements from 'The EU's Cyber Resilience Act' mean for the rail industry.
Cloudsmith survey finds most engineering teams still lack automated SBOM checks, leaving many unready for fast EU Cyber Resilience Act audits.
2N calls for tougher cyber rules on access control, urging stronger vulnerability reporting, tighter component sourcing and longer support lifecycles.
2N calls for tougher cyber rules on access control, urging stronger vulnerability reporting, tighter component sourcing and longer support lifecycles.
The European Commission's proposed revisions to the EU Cybersecurity Act carry complex and far-reaching implications for Irish businesses, Digital Business
A look at what is on the horizon for in-house and compliance teams, including mandatory personal data complaints handling procedures in the UK, Tanzania’s privacy law, and the US Take It Down Act.
The European Union’s Cyber Resilience Act (CRA) is often described as a compliance framework but in reality it is far more disruptive.
Keysight SBOM Manager supports compliance with EU Cyber Resilience Act by streamlining SBOM generation and vulnerability management.
The German Electrical and Electronic Manufacturers’ Association (ZVEI) has criticized the inadequate resources allocated to market surveillance under the Cyber Resilience Act. The Federal Office for Information Security (BSI) is set to oversee implementation, but the association believes the planned resources are insufficient.
KubeCon 2026 EU's second day explored how enterprises can balance digital sovereignty with open-source collaboration -- with speakers arguing that organizations must distinguish between a unified global codebase and locally controlled operational deployments -- while showcasing real-world Kubernetes applications ranging from France's national railway infrastructure to satellite-based environmental monitoring.
The EU Cyber Resilience Act (“CRA”) imposes cybersecurity requirements on manufacturers, importers and distributors of connected devices, meaning products with digital elements and data connection to a device or network.
The EU's Cyber Resilience Act (Regulation 2024/2847) shifts cybersecurity responsibility upstream. Explore the March 2026 guidance on secure-by-design requirements, software bills of materials (SBOM), and the impact on U.S. manufacturers.