Real-time EU regulatory monitoring with AI-powered impact analysis
This week's bulletin from CERT-SE highlights a critical vulnerability in Fortinet FortiClient EMS and warns that security services in Europe and the USA have observed the threat actor APT28 exploiting vulnerable routers to steal sensitive information.
The European Commission's AI Continent Action Plan has made significant progress over the past year, enhancing computational infrastructure with AI factories and improving data accessibility. This initiative aims to boost AI innovation and adoption across Europe by focusing on infrastructure, data, talent, adoption, and trustworthy AI.
The use of scan cars to monitor parked vehicles has resulted in approximately 500,000 unjustified fines, according to a new thematic study by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). This highlights significant issues with automated surveillance and data processing in enforcement practices.
The EDPB published its 2025 Annual Report highlighting the organization's work throughout 2025, including the adoption of the Helsinki Statement on Enhanced Clarity, Support, and Engagement. The report reflects important milestones in the evolving data protection landscape and demonstrates the EDPB's commitment to supporting stakeholders through guidance and dialogue. This publication serves as a reference document for understanding EDPB priorities and regulatory developments in data protection.
The EDPB Annual Report 2025 highlights the European Data Protection Board's activities and guidance provided throughout the year. It emphasizes the importance of clarity and dialogue with stakeholders to support compliance with data protection regulations. The report also outlines key achievements and ongoing initiatives to enhance data protection across the EU.
For the 2026 municipal elections, the CNIL received 739 reports, mostly regarding SMS prospecting (63%), and processed 81 complaints. So far, four audits have been initiated, along with a simplified sanction procedure.
This newsletter provides updates on the progress and upcoming developments within MISP-SE, a platform for sharing threat intelligence. It highlights current activities and future plans, aiming to keep stakeholders informed about the latest advancements and operational status.
The French data protection authority CNIL has released an open-source software tool called PIA to help organizations conduct and document Data Protection Impact Assessments (DPIAs) as required by the GDPR. This tool aims to simplify the process of ensuring compliance with data protection regulations.
In 2026, the CNIL continues to support public and private entities in complying with GDPR and certain provisions of the AI Act. Through regular dialogue with sector representatives, the CNIL outlines its planned publications and resources for consultation.
Fortinet has disclosed a critical vulnerability in FortiClient EMS that is being actively exploited. A security update has been released, and users are strongly advised to install it immediately to mitigate potential risks.
The EU AI Office has launched a targeted consultation to gather stakeholder input on measuring energy consumption and emissions of AI models and systems. This initiative is part of a broader study aimed at fostering energy efficiency and reducing emissions in AI technologies. The consultation is open from April 7, 2026, to May 15, 2026.
The CNIL regularly offers free webinars aimed at professionals. These webinars are open to everyone and cover various topics related to data protection and compliance.
The French data protection authority (CNIL) has announced its priority control themes for 2026, which include recruitment, the single electoral register, and sports federations. Additional announcements regarding cybersecurity will be made during the publication of CNIL's annual report in May.
Before designating your Data Protection Officer (DPO) online, ensure they have the necessary status, skills, and resources to perform their duties effectively. This update from CNIL emphasizes the importance of proper qualifications and support for DPOs.
The French data protection authority (CNIL) has published a reference guide to help organizations determine appropriate retention periods for HR-related personal data. This guide aims to assist data controllers in managing employee data in compliance with GDPR requirements.
The French data protection authority, CNIL, held a plenary session on April 2, 2026, to discuss various agenda items. The specific topics discussed were not detailed in the summary, but such sessions typically involve updates on regulatory guidance, enforcement actions, or policy changes related to data protection.
The CNIL has released a webinar focused on the development of AI systems and web scraping, specifically addressing the legal basis of legitimate interest. This resource aims to clarify data protection aspects related to these technologies.
Recent supply chain attacks have been observed, notably through the Axios JavaScript library. Australia's cybersecurity center has compiled a summary of recent events, highlighting the importance of vigilance in software supply chains.
In 2025, the Dutch Data Protection Authority (AP) focused on resolving clear-cut violation cases more swiftly, concluding agreements with various organizations to clarify compliance expectations without lengthy procedures. The AP also used interventions like explanatory conversations and warnings to prompt organizations to adjust their practices.
Dutch regulatory authorities, police, and public prosecution services are advocating for a European ban on AI-powered 'nudify tools' that generate non-consensual explicit images. They argue against any exceptions, even with consent, as it would hinder effective enforcement. This push aims to strengthen protections against misuse of AI in creating harmful content.
The European Union is proposing the Digital Fairness Act to ensure safe and positive online experiences for children and teenagers. The EU is seeking input from young people aged 12 to 17 about their online experiences to shape this new law. This initiative aims to address how apps, websites, and social media platforms treat young consumers.
StepSecurity has reported a malicious version of the Axios JavaScript library available for download via NPM. The harmful package, which was available for approximately three hours before removal, installs a trojan that contacts a command-and-control server upon installation.
The French data protection authority CNIL has published its air2025 notebook on the ethics of digital traces post-mortem. This follows a conference held on October 15, 2025, in partnership with the National Library of France, addressing the ethical implications of handling digital data after death.
The Swedish Authority for Privacy Protection (IMY) is hosting a webinar on April 24 to discuss current activities of the European Data Protection Board (EDPB) and their impact on Sweden. This update highlights ongoing European cooperation on data protection and provides insights into how it affects national practices.
Euregas analyzes regulatory updates and provides personalized action recommendations, deadlines, and compliance scores specific to your organization.