Unpacking compliance, security and AI.
Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.
65 articles found · #cybersecurite
French Council of State — Beaucaire (Apr 30, 2024): the CNIL bar for IAM
France’s Council of State confirms CNIL’s password guidance as state of the art to assess GDPR Article 32. Robust IAM governance enables compliance by design.
CNIL vs Free/Free Mobile (€42M): a 24/7 SOC is now essential under NIS 2
Following the €42M fine against Free/Free Mobile, weak VPN auth and failed detection show why a 24/7 SOC is critical for GDPR and NIS 2 (24-hour alert).
Luxgap and LuxApps at Nexus Luxembourg 2026: compliant and secure AI business applications
On 10-11 June 2026 at Luxexpo The Box, Luxgap and LuxApps are at Nexus Luxembourg. Joint booth with demos of DPO Assist, KYC AML, Third Party Register, LuxApps HRIS. Conference talk on developing AI-boosted business applications, compliant and secure.
Foxconn hit by Nitrogen: 8 TB stolen, plants slowed — SOC/NIS 2 in 24h
Ransomware group “Nitrogen” claims 8 TB and 11M+ files stolen at Foxconn, disrupting North American plants. In Europe, a managed SOC/SIEM is key to detect fast and notify the ILR within 24h (NIS 2, Art. 23).
CNIL 2025 report: EUR 487M in fines, 1 breach in 2 = hacking, key takeaways
CNIL 2025 annual report: 20,150 complaints (record), EUR 487M in fines (including Google EUR 325M and Shein EUR 150M), 1 breach in 2 results from hacking. The real signal for 2026 and 4 concrete actions for DPO and CISO.
FICOBA: 1.2M accounts exposed — IAM and least privilege
A compromised high-privilege account enabled access to ~1.2M FICOBA records. What happened and how least-privilege IAM addresses GDPR Art. 25 and NIS 2 Art. 21 requirements.
CNIL vs Free: €42M — why a 24/7 SOC is vital to meet NIS 2 Art. 23
After the €42M fine against Free/Free Mobile, slow detection proves costly. Under NIS 2 Art. 23, detecting and notifying within 24 hours is now an operational obligation in Luxembourg.
Google Groups abused: Lumma Stealer/Ninja Browser campaign
CTM360 warns of a campaign abusing Google Groups to deliver Lumma (Windows) and “Ninja Browser” (Linux). NIS 2-aligned controls, DMARC/SPF/DKIM, and an email security gateway are advised.
OVG NRW (20 Feb 2025): no general obligation for end-to-end encryption
OVG North Rhine-Westphalia confirms that “appropriate” encryption under GDPR Art. 32 may be limited to robust transport encryption (TLS), depending on risk. How to align legally and technically.
EDR/XDR: Continuous detection aligned with NIS 2 (Art. 21) and DORA (Art. 10)
Executives must demonstrate continuous and effective incident detection. A well‑deployed EDR/XDR stack meets NIS 2 Art. 21 and DORA Art. 10 requirements with auditable technical evidence.
Automated patching: the answer to NIS 2, Article 21
Executives must prove vulnerabilities are remediated in a timely manner. Well-configured automated patching is the safest, most auditable way to meet NIS 2 Art. 21.
Cloud CSPM: the answer to CSSF Circular 22/806 on outsourcing
To remain compliant with CSSF in 2026, moving to the cloud is not enough. A CSPM continuously proves correct configuration, monitoring, and auditability as required.