Data Protection

Netherlands Sets Multi-Year Labour and Social Security Enforcement Strategy 2026–2029

The Netherlands has established a multi-year enforcement strategy (2026–2029) that increases and indexes fines for health, safety, and labour law violations. Businesses must prepare for heightened financial risk and stricter oversight of labour providers, with mandatory authorization requirements taking full effect by 2028.

5 Apr 2026, 05:49open.overheid.nlNetherlands

Netherlands Parliament Motion Seeks Research Into Statutory Aftercare Duty for Large-Scale Personal Data Breaches Under NIS2 Implementation

The Dutch Parliament has requested research into a statutory aftercare duty for large-scale data breaches, with findings due by Q3 2026. This signals a potential expansion of corporate liability and victim support obligations beyond existing NIS2 and GDPR notification requirements.

4 Apr 2026, 10:57zoek.officielebekendmakingen.nlNetherlandsEuropean Union

France National Assembly Tables Bill No. 2600 On Screening Of Foreign Investments In Strategic Sectors

France introduced Bill No. 2600 in March 2026 to significantly broaden the screening of foreign investments in strategic sectors, including energy, health, and critical raw materials. This proposal signals a shift toward stricter oversight of cross-border M&A, with potential mandates for R&D localization and patent protection to safeguard national economic sovereignty.

29 Mar 2026, 17:52assemblee-nationale.frFrance

Netherlands Adopts Law Introducing Reporting and Verification Duties for Workplace Accidents for Lending Employers

The Netherlands has enacted legislation (March 2026) introducing mandatory accident reporting and safety verification duties for employers using or providing temporary labor. Businesses must formalize safety data-sharing processes and documentation standards between host and lending entities to mitigate liability and ensure compliance with the new oversight requirements.

28 Mar 2026, 20:33officielebekendmakingen.nlNetherlands

EU Parliament Adopts Position Proposing Delayed Artificial Intelligence Act Application and Ban on Nudifier Apps

The European Parliament has adopted its position on the Digital Omnibus on AI, proposing a ban on "nudifier" systems and staggered compliance deadlines through 2028. Manufacturers must prepare for a phased regulatory rollout that aligns AI Act obligations with existing sectoral product safety laws for high-risk systems and consumer goods.

28 Mar 2026, 16:02europarl.europa.euEuropean Union

Lower Saxony Publishes Eckpunkte Guidance On Video Surveillance In Slaughterhouses

Lower Saxony has published key principles for video surveillance in slaughterhouses to enhance animal welfare transparency, ahead of expected federal mandates. Operators should align current voluntary systems with these technical and procedural benchmarks to anticipate future compliance requirements and inspection standards.

28 Mar 2026, 09:35ml.niedersachsen.deGermany

MedTech Europe Response To EU Digital Omnibus Consultation On AI And Data Rules

MedTech Europe has called for the EU Digital Omnibus to better align AI and data rules with existing medical device regulations (MDR/IVDR). This advocacy highlights a critical industry push for streamlined conformity assessments and enhanced protections for patient safety and trade secrets in digital health.

27 Mar 2026, 17:14eur-lex.europa.euEuropean Union

European Parliament Amendments 103–107 To Digital Omnibus On AI

Proposed European Parliament amendments to the Digital Omnibus on AI seek to accelerate high-risk compliance timelines and remove simplified real-world testing for AI-embedded products. If adopted, these changes would force a hard 2027 application date for high-risk obligations and require all legacy AI systems to meet full regulatory standards by 2030.

26 Mar 2026, 19:14europarl.europa.euEuropean Union

Minnesota Legislature Proposes Age-Appropriate Design Code Act (HF 4511)

Minnesota introduced the Age-Appropriate Design Code Act (HF 4511) in March 2026, proposing strict data privacy and safety-by-design standards for online products accessed by minors. Impacted firms must prepare for mandatory data protection assessments and default high-privacy settings by August 2027 or face substantial per-child civil penalties.

26 Mar 2026, 19:06revisor.mn.govUnited States

New York Assembly Proposes Consumer Camera Privacy Act for Networked Camera Devices (Bill A10687)

New York has introduced the Consumer Camera Privacy Act (A10687) to strictly regulate networked camera devices, mandating affirmative opt-ins for surveillance features and restricting data retention. Manufacturers must prepare for significant product design changes, including mandatory point-of-sale disclosures and enhanced user data rights, or face substantial civil penalties and private litigation risk.

26 Mar 2026, 12:18assembly.state.ny.usUnited States

EU Commission Delegated Regulation Amends Regulation (EU) 2018/858 on Secure Access to Vehicle OBD and Repair Information

The EU Commission adopted a Delegated Regulation on March 23, 2026, establishing new standards for secure, non-discriminatory access to vehicle diagnostic and repair information. OEMs must update data architectures and APIs to support third-party access to safety-critical systems like ADAS and batteries while maintaining compliance with rigorous vehicle cybersecurity mandates.

26 Mar 2026, 11:48eur-lex.europa.euEuropean Union

Netherlands District Court Reduces Article 15a Wav Fine and Confirms Work-Stoppage Warning

The Dutch District Court has confirmed that employers face significant fines and potential work stoppages for failing to independently verify and record the identities of agency workers. Businesses must ensure internal identity-verification protocols are strictly followed for all personnel, as reliance on third-party staffing agencies does not exempt them from legal liability or operational risk.

26 Mar 2026, 11:37uitspraken.rechtspraak.nlNetherlands

Global CBPR Forum Updates Cross-Border Privacy Program Requirements From April 2027

The Global CBPR Forum has expanded its certification criteria from 50 to 57 requirements, becoming mandatory for all new and renewing participants starting April 1, 2027. Organizations must strengthen data governance to meet stricter mandates on sensitive data handling and mandatory breach notifications to maintain compliant international data transfers.

26 Mar 2026, 11:33globalcbpr.orgJapanGlobal

Minnesota Senate Proposes Regulation of Electronic Monitoring Tools in Employment (SF 4686)

Minnesota introduced SF 4686 in March 2026 to strictly regulate workplace electronic monitoring, AI-driven decision-making, and worker data privacy. If enacted, businesses must overhaul data governance and vendor contracts to mitigate joint liability risks and substantial daily penalties for non-compliance.

25 Mar 2026, 21:36revisor.mn.govUnited States

Lithuania Environment Minister Adopts Order D1-219 Updating EIA Procedures And Public Participation

Lithuania has overhauled its Environmental Impact Assessment (EIA) procedures via Order D1-219, effective January 1, 2026. Project developers face stricter digital submission standards, formalized hybrid public consultation requirements, and updated cross-border notification protocols for industrial and infrastructure projects.

24 Mar 2026, 12:55e-tar.ltLithuania

US District Court (Colorado) Denies Preliminary Injunction Against Colorado 340B Contract Pharmacy Law

A US District Court has denied a preliminary injunction against Colorado’s 340B Contract Pharmacy Protection Act, allowing the state to enforce restrictions on drug manufacturers' ability to limit 340B drug shipments. This decision reinforces the trend of state-level oversight of federal drug pricing programs, requiring manufacturers to maintain 340B supply chains and data-sharing practices despite ongoing legal challenges.

23 Mar 2026, 14:14govinfo.govUnited States

Michigan Amends Public Health Code Section 333.2843b on Infectious-Agent Notification to Funeral Directors

Michigan has implemented updated death certification requirements mandating the disclosure of infectious agents to funeral service providers. Healthcare and funeral operators must ensure internal procedures comply with new notification, non-discrimination, and strict confidentiality mandates to avoid misdemeanor penalties.

21 Mar 2026, 16:27legislature.mi.govUnited States

Minnesota House Introduces Bill Regulating Electronic Monitoring Tools in Employment Settings

Minnesota introduced HF 4451 to regulate workplace electronic monitoring and AI-driven decision-making, proposing a compliance deadline of September 2026. Businesses must integrate human oversight into automated HR processes and enhance data transparency to manage new litigation risks and strict enforcement penalties.

21 Mar 2026, 15:48revisor.mn.govUnited States

EU Parliament Committees Back Digital Omnibus Amendments To AI Act

EU Parliament committees have backed a proposal to delay compliance deadlines for high-risk AI systems under the AI Act, with new application dates targeted for late 2027 and 2028. This postponement provides critical breathing room for manufacturers to align with pending technical standards, while new proposed bans on specific AI applications signal tightening ethical and safety requirements.

20 Mar 2026, 13:35europarl.europa.euEuropean Union

Netherlands State Commission Publishes Preadvies Bundle On Future Non-Discrimination Law Reforms

The Dutch State Commission against Discrimination and Racism has published a comprehensive reform proposal (March 2026) aimed at modernizing the Netherlands' non-discrimination legal framework. Businesses should prepare for potential new proactive duties regarding "transformative equality," including stricter requirements for algorithmic transparency, equality data management, and enhanced workplace accessibility adjustments.

20 Mar 2026, 06:41zoek.officielebekendmakingen.nlNetherlands