Articles, by our experts

Unpacking compliance, security and AI.

Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.

Type: All Expertise News
Topics: luxembourg 14 expertise 13 reglementaire 13 rgpd 11 nis-2 8 cybersecurite 7 cnpd 5 ilr 5 solution 5 conformite 4 veille 4 actualite 4 dora 4 ransomware 3 edpb 3

4 articles found · #dora

consultant 12/05/2026

Cloud CSPM: the answer to CSSF Circular 22/806 on outsourcing

To remain compliant with CSSF in 2026, moving to the cloud is not enough. A CSPM continuously proves correct configuration, monitoring, and auditability as required.

cybersecuritesolutioncssf-22-806
consultant 11/05/2026

TLPT (threat‑led red team): meeting DORA Articles 26‑27

DORA requires selected financial entities to run threat‑led penetration tests on production systems. This is how a structured TLPT implementation fulfils Articles 26‑27, step by step.

cybersecuritesolutiondora
consultant 10/05/2026

Immutable, isolated backups: meeting DORA on ransomware resilience

DORA requires restorable, isolated backups. Immutable backups and network isolation meet these obligations while reducing ransomware risk.

cybersecuritesolutiondora
consultant 02/05/2026

DORA Article 28: the 'ICT dependencies register' expected by the CSSF

Since 17 January 2025, all financial entities subject to DORA must keep a structured register of their ICT contracts. The CSSF has specified the timeline and submission modalities in Luxembourg.

expertisereglementairedora