Critical Items
Needs immediate action
High Priority
For current quarter
Medium Priority
For next quarter
This Week
Total updates
Priority Feed
Live from Microsoft 365 Roadmap API + UK Regulatory Sources
EU AI Act enforcement — CNIL designated French enforcement authority
CNIL designated as French AI Act enforcement authority with fines up to 35M EUR or 7% global turnover
AP algorithm and AI enforcement — top priority for 2025
Dutch DPA designates algorithm and AI enforcement as top priority, designated AI Act market supervisor
Dutch AP releases data minimization best practices
Autoriteit Persoonsgegevens publishes guidance on implementing data minimization in cloud environments
CNIL 2025-2028 AI strategic plan — GDPR applies to AI model training
CNIL strategic plan confirms GDPR applies to AI model training with data subject rights in AI systems
CNIL issues AI transparency guidelines for data processing
French data protection authority CNIL releases comprehensive guidance on AI system transparency requirements under GDPR
NEN 7510 — mandatory healthcare information security standard
Dutch mandatory information security standard for healthcare organisations mapping to ISO 27001 with health-specific controls
CSSF Circular 24/847 — ICT incident reporting for financial sector
CSSF mandates ICT incident reporting procedures for Luxembourg financial sector entities
Luxembourg CNPD updates processor audit requirements
Commission Nationale pour la Protection des Données clarifies audit obligations for cloud processors
HDS certification — mandatory for hosting French health data
HDS (Hebergeur de Donnees de Sante) certification required for any platform hosting French health data
Belgian DPA clarifies processor agreement requirements
APD/GBA issues guidance on data processing agreements for cloud service providers
CSSF AI governance expectations for supervised entities
CSSF sets human oversight and explainability requirements for AI in supervised financial entities
IGJ designated AI systems supervisor for healthcare
Health and Youth Care Inspectorate designated as AI systems supervisor for Dutch healthcare
APD special category health data processing rules
Belgian DPA issues specific guidance on processing special category health data under GDPR
CyFun CyberFundamentals Framework — mandatory NIS2 cybersecurity baseline
CCB national cybersecurity standard requiring self-assessment at Basic, Important or Essential level for all organisations
AP customer profiling and data trading enforcement priority
Dutch DPA prioritises enforcement on customer profiling and data trading practices
ICO publishes AI and Data Protection Guidance
Comprehensive guidance on deploying AI systems in compliance with UK GDPR, including specific requirements for automated decision-making and profiling.
CNPD co-designated as AI Act supervisory authority alongside CSSF
Luxembourg designates CNPD and CSSF as joint AI Act supervisory authorities
FCA Consumer Duty: Data & Communications Update
New requirements for how financial services firms communicate with customers and handle their data under Consumer Duty obligations.
ANSSI updates cloud security certification requirements
French cybersecurity agency ANSSI announces enhanced SecNumCloud certification criteria for cloud services
ANS digital health standards for interoperability
Agence du Numerique en Sante publishes updated digital health interoperability standards
AFM — financial markets conduct authority and DORA co-supervisor
Autoriteit Financiele Markten designated as DORA co-supervisor for financial markets conduct
NCSC Cloud Security Principles Update
Updated guidance for securing cloud services with specific recommendations for Microsoft 365 and Azure configurations.
APD student data and EdTech guidance
Belgian DPA publishes guidance on student data protection and EdTech platform requirements
DNB operational resilience and DORA supervision from January 2025
De Nederlandsche Bank DORA supervision active from January 2025 for financial institutions
MiFID II, UCITS, AIFMD — fund data retention and access control requirements
Luxembourg fund sector data retention and access control requirements under EU financial directives
NHS Data Security and Protection Toolkit 2026
Annual update to DSPT requirements with new assertions for AI systems and enhanced third-party assurance requirements.
NCSC-NL issues Microsoft 365 security baseline
Dutch National Cyber Security Centre publishes security configuration baseline for Microsoft 365
Safeonweb@Work — mandatory NIS2 registration platform
CCB-managed mandatory registration platform for NIS2 compliance in Belgium
ACPR banking and insurance prudential supervision updates
ACPR issues updated prudential supervision requirements for banking and insurance ICT risk management
ACM — digital markets and consumer data protection
Autoriteit Consument en Markt enforces digital markets and consumer data requirements
NBB DORA supervision for credit and payment institutions
National Bank of Belgium designated as DORA supervisory authority for credit institutions and payment institutions
FSMA DORA supervision for investment firms and insurers
FSMA designated as DORA supervisory authority for investment firms, fund managers and insurers
ANSSI OT/ICS security requirements for industrial systems
ANSSI publishes security requirements for operational technology and industrial control systems
Belgian cybersecurity framework update affects cloud deployments
CCB publishes updated national cybersecurity framework with cloud-specific requirements
CIRCL — national CSIRT incident reporting requirements
Luxembourg national CSIRT establishes incident reporting procedures for all sectors
LPM — critical infrastructure operators (OIV) cybersecurity obligations
Loi de Programmation Militaire mandates cybersecurity obligations for critical infrastructure operators
BIO — mandatory Dutch government information security baseline
Baseline Informatiebeveiliging Overheid mandates information security baseline for all Dutch government
FOD/SPF Federal Public Services data governance requirements
Belgian federal government data governance framework for public service organisations
CADA — government document access and transparency requirements
Commission d'acces aux documents administratifs establishes Freedom of Information equivalent for government
GOVCERT.LU — government cybersecurity requirements
Luxembourg government cybersecurity centre mandates security controls for government entities
MENJS Ministry of Education data protection requirements
French Ministry of Education mandates data protection requirements for educational institutions
CBw NIS2 Control Framework — published by NCSC for NIS2 preparation
Dutch NCSC publishes CBw NIS2 Control Framework for organisations preparing for NIS2 compliance
CNPD RE.M.I. initiative — AI regulatory dialogue framework
CNPD launches RE.M.I. initiative for regulatory dialogue on AI and data protection
CNIL AI guidance for schools — published 2025
CNIL publishes specific AI guidance for educational institutions on responsible AI use
AP enforcement on algorithmic decision-making in schools
Dutch DPA enforces restrictions on algorithmic decision-making in educational institutions