Unpacking compliance, security and AI.
Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.
53 articles found · #nis-2
NIS 2 in Luxembourg: how to notify ILR within 24h/72h/1 month
NIS 2 requires an early warning within 24h, a formal notification at 72h, and a final report within 1 month. In Luxembourg, ILR and the national CSIRT (CIRCL) are your key contacts.
Qilin claims cyberattack on Exclusive Networks
The Qilin ransomware group claims it compromised Exclusive Networks, a major European cybersecurity distributor. Claimed in late April 2026; supply-chain risk for customers in Luxembourg.
Ransomware at ChipSoft: alert for cross‑border care
Dutch EHR vendor ChipSoft said on April 29 that data stolen in an early‑April cyberattack had been “destroyed.” Cross‑border hospitals and insurers should take action this week.
Luxembourg referred to the CJEU for delay in transposing CER
The European Commission is referring Luxembourg to the Court of Justice for failing to transpose the Critical Entities Resilience (CER) Directive. Immediate implications for essential operators, linked to NIS2.
NIS2 Directive in Luxembourg: a new era of cyber accountability
Luxembourg has transposed the NIS2 Directive, fundamentally reshaping corporate cybersecurity obligations. Broader scope, strengthened governance, tougher sanctions: an overview of the key challenges and the first steps to take.