Articles, by our experts

Unpacking compliance, security and AI.

Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.

Type: All Expertise News
Topics: luxembourg 14 expertise 13 reglementaire 13 rgpd 11 nis-2 8 cybersecurite 7 cnpd 5 ilr 5 solution 5 conformite 4 veille 4 actualite 4 dora 4 ransomware 3 edpb 3

8 articles found · #nis-2

consultant 13/05/2026

Automated patching: the answer to NIS 2, Article 21

Executives must prove vulnerabilities are remediated in a timely manner. Well-configured automated patching is the safest, most auditable way to meet NIS 2 Art. 21.

cybersecuritesolutionnis-2
consultant 10/05/2026

Phishing‑resistant MFA (FIDO2/WebAuthn): answering GDPR Article 32

GDPR Article 32 requires state‑of‑the‑art security. Phishing‑resistant MFA with FIDO2/WebAuthn is the most robust and pragmatic way to comply without unnecessary complexity.

cybersecuritesolutionmfa
consultant 07/05/2026

NIS 2 in Luxembourg: Law of 5 May 2026 published—what to do before 10 May

Luxembourg’s law transposing NIS 2 was published on 5 May 2026 and enters into force on 10 May. Broader scope, stronger governance, incident reporting within 24 h/72 h to ILR via SERIMA. Priority actions and official sources.

expertisereglementairenis-2
consultant 03/05/2026

NIS 2 in Luxembourg: how to notify ILR within 24h/72h/1 month

NIS 2 requires an early warning within 24h, a formal notification at 72h, and a final report within 1 month. In Luxembourg, ILR and the national CSIRT (CIRCL) are your key contacts.

expertisereglementairenis-2
redaction 02/05/2026

Qilin claims cyberattack on Exclusive Networks

The Qilin ransomware group claims it compromised Exclusive Networks, a major European cybersecurity distributor. Claimed in late April 2026; supply-chain risk for customers in Luxembourg.

veilleactualiteransomware
redaction 02/05/2026

Ransomware at ChipSoft: alert for cross‑border care

Dutch EHR vendor ChipSoft said on April 29 that data stolen in an early‑April cyberattack had been “destroyed.” Cross‑border hospitals and insurers should take action this week.

veilleactualiteransomware
redaction 02/05/2026

Luxembourg referred to the CJEU for delay in transposing CER

The European Commission is referring Luxembourg to the Court of Justice for failing to transpose the Critical Entities Resilience (CER) Directive. Immediate implications for essential operators, linked to NIS2.

veilleactualiteluxembourg
CEO 30/04/2026

NIS2 Directive in Luxembourg: a new era of cyber accountability

Luxembourg has transposed the NIS2 Directive, fundamentally reshaping corporate cybersecurity obligations. Broader scope, strengthened governance, tougher sanctions: an overview of the key challenges and the first steps to take.

nis-2cybersecuritegouvernance