EU

The EU's Digital Operational Resilience Act (DORA) took effect January 17, 2025, imposing ICT risk management, incident reporting, resilience testing, and third-party oversight requirements on financial entities across the EU.

The EU Cyber Resilience Act establishes mandatory cybersecurity requirements for products with digital elements sold in the EU, including vulnerability handling, security updates, and SBOM generation.

The NIS2 Directive required EU member state transposition by October 2024, but most states missed the deadline. Germany enacted its law in December 2025. Full compliance landscape overview.

Understanding the key requirements for GDPR-compliant data processing agreements between controllers and processors.