Cybersecurity

US EPA Announces SDWA Section 1433 Webinars on Risk and Resilience Assessments and Emergency Response Plans

US EPA has scheduled compliance webinars to support community water systems facing mandatory five-year recertification deadlines for risk assessments and emergency plans throughout 2026. Regulated entities must prioritize cybersecurity and infrastructure resilience in their updates to meet evolving federal standards for critical water infrastructure protection.

6 Apr 2026, 16:35epa.govUnited States

Netherlands Parliament Motion Seeks Research Into Statutory Aftercare Duty for Large-Scale Personal Data Breaches Under NIS2 Implementation

The Dutch Parliament has requested research into a statutory aftercare duty for large-scale data breaches, with findings due by Q3 2026. This signals a potential expansion of corporate liability and victim support obligations beyond existing NIS2 and GDPR notification requirements.

4 Apr 2026, 10:57zoek.officielebekendmakingen.nlNetherlandsEuropean Union

IMO Facilitation Committee Approves Maritime Digitalization Strategy and Draft FAL Convention Cybersecurity Amendments

The IMO has approved a new Maritime Digitalization Strategy and draft FAL Convention amendments mandating cybersecurity for maritime single window systems, effective from 2028-2029. These developments signal a transition toward mandatory, secure digital reporting and standardized data exchange, requiring maritime operators to upgrade digital infrastructure and compliance protocols.

3 Apr 2026, 09:54imo.orgGlobal

EU Council Presidency Publishes Compromise Text for EU Space Act Regulation on Space Activities

The EU Council has released a compromise text for the EU Space Act, establishing a harmonized framework for the safety, cybersecurity, and environmental sustainability of space operations. To maintain EU market access, operators must prepare for mandatory certification and life-cycle environmental reporting, with non-compliance risking fines of up to 2% of global turnover.

1 Apr 2026, 19:12data.consilium.europa.euEuropean Union

Switzerland Publishes NCSC Semi-Annual Cybersecurity Report Including First Mandatory Critical-Infrastructure Incidents

Switzerland's NCSC released its 2025/II report, confirming the operational status of mandatory 24-hour cyber-incident reporting for critical infrastructure since April 2025. Operators must ensure rapid detection and reporting protocols are integrated into risk management to address increasingly targeted AI-driven and supply-chain threats.

1 Apr 2026, 19:06cms.news.admin.chSwitzerland

US House Introduces AI-Ready Bio-Data Standards Act (H.R. 7907)

The US House introduced the AI-Ready Bio-Data Standards Act to establish NIST-led standards for biological datasets used in artificial intelligence. Organizations in biotechnology and biomanufacturing should anticipate new data management and cybersecurity obligations that will likely become prerequisites for federal research funding and procurement.

1 Apr 2026, 14:15govinfo.govUnited States

UK Government Consults on New Core Product Safety Framework

The UK government has launched a consultation on a modernized, risk-based product safety framework to replace the 2005 regulations by mid-2026. Businesses should prepare for expanded supply chain duties—including for online marketplaces—and a shift toward digital labeling and AI-specific safety assessments.

1 Apr 2026, 08:08gov.ukUnited Kingdom

EU Coreper II Provisional Agenda for 1 April 2026 Includes Omnibus IX Automotive, Critical Minerals and Cybersecurity Package

The EU Council is advancing key legislative files on April 1, 2026, including the Omnibus IX automotive package, critical minerals supply chain resilience, and a new cybersecurity framework. These developments signal a strategic push for streamlined vehicle technical standards and enhanced supply chain security, requiring cross-functional alignment on product compliance and sourcing.

29 Mar 2026, 19:06data.consilium.europa.euEuropean Union

Poland Amends National Cybersecurity System Act To Implement NIS2 Across Critical Sectors

Poland has enacted the NIS2-aligned National Cybersecurity System Act, effective 3 April 2026, imposing strict security and reporting mandates on critical sectors. Impacted businesses, including chemical and medical manufacturers, must implement risk management systems by April 2027 to avoid significant turnover-based fines and operational suspensions.

29 Mar 2026, 17:49isap.sejm.gov.plPoland

US NRC Finalises Risk-Informed, Technology-Inclusive Regulatory Framework for Advanced Reactors

The US NRC has finalized 10 CFR Part 53, establishing a risk-informed, technology-inclusive regulatory framework for advanced nuclear reactors, effective April 29, 2026. This optional licensing pathway allows developers to tailor safety and security requirements to specific reactor designs, potentially reducing regulatory hurdles for next-generation nuclear deployment.

29 Mar 2026, 06:37govinfo.govUnited States

US President Continues National Emergency on Specified Harmful Foreign Activities of the Government of the Russian Federation (H. Doc. 119-143)

The US has extended the national emergency regarding Russian harmful foreign activities through April 15, 2027, preserving the legal basis for current sanctions. This continuation ensures the stability of the existing trade and financial restriction framework, requiring sustained vigilance in sanctions screening and supply chain compliance.

28 Mar 2026, 20:26govinfo.govUnited States

MedTech Europe Response To EU Digital Omnibus Consultation On AI And Data Rules

MedTech Europe has called for the EU Digital Omnibus to better align AI and data rules with existing medical device regulations (MDR/IVDR). This advocacy highlights a critical industry push for streamlined conformity assessments and enhanced protections for patient safety and trade secrets in digital health.

27 Mar 2026, 17:14eur-lex.europa.euEuropean Union

European Commission President Outlines EU–Australia Free Trade Agreement and Security Partnership in Sydney Speech

The EU and Australia have concluded negotiations on a comprehensive Free Trade Agreement and a new Security and Defence Partnership to eliminate tariffs and liberalise investment. Companies should anticipate deeper integration of critical raw material value chains and streamlined market access, underpinned by shared environmental and labour standards.

27 Mar 2026, 17:13ec.europa.euEuropean UnionAustralia

UK OPSS Publishes Study on Assessing Compliance With EV Smart Charge Point Regulations

The UK OPSS has published a study outlining five assessment strategies for market surveillance under the Electric Vehicles (Smart Charge Points) Regulations 2021. This signals a move toward more rigorous enforcement; manufacturers should review their compliance evidence and technical files against these proposed testing methodologies.

26 Mar 2026, 19:24gov.ukUnited Kingdom

EU Commission Answer Clarifies Chips Act 2 Scope for Printed Circuit Boards and Refers to Cybersecurity Act 2

The European Commission confirmed PCBs are in scope for the upcoming "Chips Act 2" proposal and highlighted new ICT supply chain security mandates under the proposed "Cybersecurity Act 2." Electronics manufacturers should anticipate expanded investment incentives alongside stricter vetting requirements for components and services sourced from high-risk third-country suppliers.

26 Mar 2026, 19:23europarl.europa.euEuropean Union

New York Assembly Proposes Consumer Camera Privacy Act for Networked Camera Devices (Bill A10687)

New York has introduced the Consumer Camera Privacy Act (A10687) to strictly regulate networked camera devices, mandating affirmative opt-ins for surveillance features and restricting data retention. Manufacturers must prepare for significant product design changes, including mandatory point-of-sale disclosures and enhanced user data rights, or face substantial civil penalties and private litigation risk.

26 Mar 2026, 12:18assembly.state.ny.usUnited States

US FERC Final Rule Approves NERC CIP-003-11 Cyber Security Standard

FERC has approved the NERC CIP-003-11 standard, mandating enhanced cybersecurity controls for low-impact Bulk Electric System assets effective May 26, 2026. Power generation and transmission entities must update authentication and monitoring protocols to mitigate risks from coordinated cyber-attacks on distributed infrastructure.

26 Mar 2026, 11:49federalregister.govUnited States

EU Commission Delegated Regulation Amends Regulation (EU) 2018/858 on Secure Access to Vehicle OBD and Repair Information

The EU Commission adopted a Delegated Regulation on March 23, 2026, establishing new standards for secure, non-discriminatory access to vehicle diagnostic and repair information. OEMs must update data architectures and APIs to support third-party access to safety-critical systems like ADAS and batteries while maintaining compliance with rigorous vehicle cybersecurity mandates.

26 Mar 2026, 11:48eur-lex.europa.euEuropean Union

Finland Adopts Decree 172/2026 on Documentation for Dual-Use Export Controls

Finland has finalized Decree 172/2026, mandating specific reporting, documentation, and internal compliance standards for dual-use item exporters effective April 15, 2026. Affected businesses must formalize Internal Compliance Programmes and prepare for annual transaction-level reporting to maintain access to global and general export authorizations.

26 Mar 2026, 11:33finlex.fiFinland

Global CBPR Forum Updates Cross-Border Privacy Program Requirements From April 2027

The Global CBPR Forum has expanded its certification criteria from 50 to 57 requirements, becoming mandatory for all new and renewing participants starting April 1, 2027. Organizations must strengthen data governance to meet stricter mandates on sensitive data handling and mandatory breach notifications to maintain compliant international data transfers.

26 Mar 2026, 11:33globalcbpr.orgJapanGlobal