Cybersecurity

Germany: VCI Launches NIS2 Cybersecurity Webinar Series and Member Guidance

Germany’s NIS2 implementation law is being operationalised through a VCI-led cybersecurity webinar series and member guidance tailored to chemical companies. This provides a practical roadmap for medium-sized operators to meet new governance, reporting, risk-management and lawful AI-use obligations ahead of upcoming compliance deadlines.

11 May 2026, 11:33recht.bund.deGermanyEuropean Union

EU Commission Delegated Regulation 2026/339 Sets 2027 Repeal Of Radio Equipment Cybersecurity Delegated Regulation 2022/30

In April 2026 the EU published Delegated Regulation (EU) 2026/339 setting 11 December 2027 as the repeal date for Delegated Regulation (EU) 2022/30 on radio-equipment cybersecurity. This moves cybersecurity obligations for affected radio equipment onto the horizontal Cyber Resilience Act, giving manufacturers and importers a clear transition window to consolidate compliance under a single EU framework.

3 May 2026, 14:31eur-lex.europa.euEuropean Union

Japan METI Issues Second Edition of Technology Leakage Countermeasures Guidance

Japan’s Ministry of Economy, Trade and Industry has issued a significantly expanded second edition of its non-binding Guidance on Countermeasures Against Technology Leakage, adding detailed chapters on joint research, overseas production, and supplier coordination in line with new economic security expectations. For manufacturers and research-intensive firms in Japan, this guidance effectively raises the bar for governance, partner due diligence, contract design, and cyber and research security around sensitive technologies, signalling closer regulatory scrutiny of export control and technology-management practices over the coming years.

30 Apr 2026, 09:00meti.go.jpJapan

Netherlands RIVM Publishes Inventory of External Threats for Companies Working With Hazardous Substances

The Dutch public health institute RIVM has published a 2026 inventory for the Netherlands Labour Authority identifying six categories of external threats that could trigger major accidents at companies handling hazardous substances. While it does not create new legal obligations, the report offers structured input for incorporating pandemics, natural disasters, infrastructure and cyber failures, violence, and geopolitical shocks into existing safety and major-accident risk management.

28 Apr 2026, 11:50rivm.nlNetherlands

Slovenia Government Committee To Review Draft Regulation Implementing EU Cyber Resilience Act

In April 2026 Slovenia’s government scheduled discussion of a draft national regulation to implement the EU Cyber Resilience Act for products with digital elements, signalling the start of its domestic rulemaking process. This means detailed Slovenian rules on authorities, enforcement and practical CRA compliance for digital products are imminent, so technology and electronics suppliers should closely track this process and prepare for additional national obligations.

25 Apr 2026, 10:49gov.siSlovenia

Swiss Federal Council Moves Toward Stronger Critical Infrastructure Resilience and Data Security

The Swiss Federal Council has instructed the defence ministry and other departments to prepare, by the end of 2026, the key parameters and impact assessment for two federal laws to strengthen the resilience and data security of critical infrastructures. Operators of essential services and public authorities should anticipate future binding requirements on outage resilience and protection of security-relevant digital data, signalling tighter expectations for cyber and infrastructure risk management.

24 Apr 2026, 08:04admin.chSwitzerland

EU Publishes Delegated Regulation 2026/881 on Cybersecurity Grounds to Delay CRA Notifications

The EU has published Delegated Regulation (EU) 2026/881 under the Cyber Resilience Act, setting binding rules on when CSIRTs may delay sharing vulnerability and incident notifications for products with digital elements on cybersecurity grounds. This clarifies how highly sensitive cyber disclosures are handled, giving manufacturers and CSIRTs clearer expectations on confidentiality, timing, and coordination while preserving core notification duties from May 2026 onward.

23 Apr 2026, 14:32eur-lex.europa.euEuropean Union

Minnesota HF 4532 Proposes AI Safety and Disclosure Requirements for AI Developers

Minnesota has introduced HF 4532, the Responsible Artificial Intelligence Safety and Education Act, which would require AI developers to implement documented safety protocols, publish redacted versions, report safety incidents within 72 hours, and face substantial civil penalties and private lawsuits for non-compliance. If enacted, this would create a stringent state-level AI governance regime that technology and data-intensive companies must factor into product design, risk management, and governance of high-risk AI models operating in or from Minnesota.

16 Apr 2026, 15:46revisor.mn.govUnited States

Netherlands Lower House Approves NIS2 and CER Implementation Bills

The Dutch lower house has approved national laws implementing the EU NIS2 and CER directives, creating new cybersecurity and critical-entities resilience regimes that are planned to take effect around the second quarter of 2026. Essential and critical entities in the Netherlands will face duty-of-care, incident reporting and registration obligations and should begin strengthening governance and operational resilience now ahead of final Senate approval and detailed sector designations.

16 Apr 2026, 14:23rijksoverheid.nlNetherlands

UK Parliament Bill To Strengthen NIS Cyber Security Regime Reaches Commons Report Stage

The UK Government’s Cyber Security and Resilience (Network and Information Systems) Bill, now at Commons report stage, would create a new Act that significantly expands and strengthens the existing NIS Regulations 2018 for critical network and information systems. By bringing large data centres, managed and cloud service providers, energy load controllers and designated critical suppliers into a unified, high-penalty cyber resilience regime with national security direction powers, it signals far-reaching future obligations for organisations whose digital infrastructure underpins essential activities.

14 Apr 2026, 12:41publications.parliament.ukUnited Kingdom

US EPA Announces SDWA Section 1433 Webinars on Risk and Resilience Assessments and Emergency Response Plans

US EPA has launched compliance support for community water systems facing mandatory five-year recertification of risk assessments and emergency plans throughout 2026. Operators must integrate cybersecurity and power resilience into their updated filings to align with heightened federal standards for critical infrastructure protection.

6 Apr 2026, 16:35epa.govUnited States

Netherlands Parliament Motion Seeks Research Into Statutory Aftercare Duty for Large-Scale Personal Data Breaches Under NIS2 Implementation

The Dutch Parliament has commissioned research into a statutory aftercare duty for large-scale data breaches with findings expected by the third quarter of 2026. This initiative signals a potential shift toward expanded corporate liability and mandatory victim support frameworks that exceed current European cybersecurity and data protection standards.

4 Apr 2026, 10:57zoek.officielebekendmakingen.nlNetherlandsEuropean Union

IMO Facilitation Committee Approves Maritime Digitalization Strategy and Draft FAL Convention Cybersecurity Amendments

The International Maritime Organization has approved a global digitalization strategy and draft treaty amendments mandating cybersecurity for maritime reporting systems by 2029. Maritime operators must prioritize digital infrastructure upgrades and secure data exchange protocols to meet upcoming mandatory standards for port-to-ship communications and crew health reporting.

3 Apr 2026, 09:54imo.orgGlobal

EU Council Presidency Publishes Compromise Text for EU Space Act Regulation on Space Activities

The EU Council has advanced the EU Space Act with a new compromise text, establishing a harmonized framework for the safety, cybersecurity, and environmental sustainability of space operations. Operators must prepare for mandatory certification and life-cycle environmental reporting to maintain EU market access, with non-compliance risking fines of up to 2% of global turnover.

1 Apr 2026, 19:12data.consilium.europa.euEuropean Union

Switzerland Publishes NCSC Semi-Annual Cybersecurity Report Including First Mandatory Critical-Infrastructure Incidents

Switzerland has operationalized mandatory 24-hour cyber-incident reporting for critical infrastructure operators, marking a shift toward stricter national security oversight. Affected organizations must prioritize rapid detection and supply-chain risk management to comply with reporting timelines and address increasingly targeted AI-driven threats.

1 Apr 2026, 19:06cms.news.admin.chSwitzerland

US House Introduces AI-Ready Bio-Data Standards Act (H.R. 7907)

The US House introduced legislation to establish national NIST standards and cybersecurity frameworks for biological datasets used in artificial intelligence development. Biotechnology and biomanufacturing firms should anticipate these standards becoming mandatory prerequisites for federal research funding, procurement, and data-sharing agreements.

1 Apr 2026, 14:15govinfo.govUnited States

UK Government Consults on New Core Product Safety Framework

The UK has proposed a modernized, risk-based product safety framework to replace the 2005 regulations and address emerging digital and AI risks. Businesses must prepare for expanded supply chain accountability, stricter online marketplace obligations, and a transition toward digital-by-default product labeling.

1 Apr 2026, 08:08gov.ukUnited Kingdom

EU Coreper II Provisional Agenda for 1 April 2026 Includes Omnibus IX Automotive, Critical Minerals and Cybersecurity Package

The EU Council is advancing legislative files on automotive technical standards, critical mineral supply chains, and a revamped cybersecurity framework. These developments signal a push for streamlined vehicle compliance and enhanced digital security, requiring cross-functional alignment on product sourcing and technical certification.

29 Mar 2026, 19:06data.consilium.europa.euEuropean Union

Poland Amends National Cybersecurity System Act To Implement NIS2 Across Critical Sectors

Poland has enacted the NIS2-aligned National Cybersecurity System Act, effective April 2026, introducing stringent security and incident reporting mandates for critical sectors. Impacted manufacturers must implement comprehensive risk management and supply chain controls by April 2027 to mitigate significant financial penalties and operational suspension risks.

29 Mar 2026, 17:49isap.sejm.gov.plPoland

US NRC Finalises Risk-Informed, Technology-Inclusive Regulatory Framework for Advanced Reactors

The US NRC has finalized a risk-informed, technology-inclusive regulatory framework for advanced nuclear reactors, effective April 2026. This optional licensing pathway allows developers to tailor safety and security requirements to specific designs, streamlining the deployment of next-generation nuclear technologies.

29 Mar 2026, 06:37govinfo.govUnited States