Articles, by our experts

Unpacking compliance, security and AI.

Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.

53 articles found · #nis-2

French Council of State — Beaucaire (Apr 30, 2024): the CNIL bar for IAM

France’s Council of State confirms CNIL’s password guidance as state of the art to assess GDPR Article 32. Robust IAM governance enables compliance by design.

CNIL vs Free/Free Mobile (€42M): a 24/7 SOC is now essential under NIS 2

Following the €42M fine against Free/Free Mobile, weak VPN auth and failed detection show why a 24/7 SOC is critical for GDPR and NIS 2 (24-hour alert).

Foxconn hit by Nitrogen: 8 TB stolen, plants slowed — SOC/NIS 2 in 24h

Ransomware group “Nitrogen” claims 8 TB and 11M+ files stolen at Foxconn, disrupting North American plants. In Europe, a managed SOC/SIEM is key to detect fast and notify the ILR within 24h (NIS 2, Art. 23).

FICOBA: 1.2M accounts exposed — IAM and least privilege

A compromised high-privilege account enabled access to ~1.2M FICOBA records. What happened and how least-privilege IAM addresses GDPR Art. 25 and NIS 2 Art. 21 requirements.

CNIL vs Free: €42M — why a 24/7 SOC is vital to meet NIS 2 Art. 23

After the €42M fine against Free/Free Mobile, slow detection proves costly. Under NIS 2 Art. 23, detecting and notifying within 24 hours is now an operational obligation in Luxembourg.

NIS 2 audit: method, pitfalls and quality criteria for measures

7-phase NIS 2 audit method, the 5 most common pitfalls, and the 6-criteria grid to distinguish a real SOC from a marketing product. For the 1,200+ Luxembourg entities concerned.

Google Groups abused: Lumma Stealer/Ninja Browser campaign

CTM360 warns of a campaign abusing Google Groups to deliver Lumma (Windows) and “Ninja Browser” (Linux). NIS 2-aligned controls, DMARC/SPF/DKIM, and an email security gateway are advised.

NIS 2 Luxembourg: 5 May 2026 law published, ILR self-registration window until 10 July 2026

Luxembourg's 5 May 2026 law transposing the NIS 2 directive entered into force on 10 May. Essential and Important Entities must self-register with the ILR by 10 July 2026.

EDR/XDR: Continuous detection aligned with NIS 2 (Art. 21) and DORA (Art. 10)

Executives must demonstrate continuous and effective incident detection. A well‑deployed EDR/XDR stack meets NIS 2 Art. 21 and DORA Art. 10 requirements with auditable technical evidence.

Automated patching: the answer to NIS 2, Article 21

Executives must prove vulnerabilities are remediated in a timely manner. Well-configured automated patching is the safest, most auditable way to meet NIS 2 Art. 21.

Phishing‑resistant MFA (FIDO2/WebAuthn): answering GDPR Article 32

GDPR Article 32 requires state‑of‑the‑art security. Phishing‑resistant MFA with FIDO2/WebAuthn is the most robust and pragmatic way to comply without unnecessary complexity.

NIS 2 in Luxembourg: Law of 5 May 2026 published—what to do before 10 May

Luxembourg’s law transposing NIS 2 was published on 5 May 2026 and enters into force on 10 May. Broader scope, stronger governance, incident reporting within 24 h/72 h to ILR via SERIMA. Priority actions and official sources.

← Newer Page 4 / 5 Older →