CIO – Page 138 – CIO.works

Spain’s NIS2 Cybersecurity Overhaul: Prepare for the New Cybersecurity Framework

Spain is implementing a draft cybersecurity law to align with the EU NIS2 Directive, expanding regulations to more “essential” and “important” entities, particularly in critical sectors like energy and finance. Companies must assess their regulatory status and enhance cybersecurity practices, covering incident detection, data protection, and supply chain security. Mandatory registration with the National Cybersecurity Centre is required within three months of designation, with transitional deadlines for service providers. The law emphasizes board-level governance, requiring appointed security officers and regular training. Non-compliance could result in significant financial penalties and reputational harm. Proactive measures are advised for compliance and risk mitigation.

https://www.osborneclarke.com/insights/spains-nis2-cybersecurity-overhaul-prepare-new-cybersecurity-framework

Data Sovereignty in Focus as Europe Scrutinizes US Cloud Influence

By CIO / Blog / business objectives, data privacy, EU

Europe increasingly scrutinizes US cloud influence amid data sovereignty concerns, particularly after Trump’s election. Stricter EU regulations like GDPR, NIS2, and DORA aim to protect data, yet US laws such as FISA 702 and the CLOUD Act pose risks. US cloud providers have launched EU-compliant operations, but doubts remain about their ability to protect EU data from US access. EU organizations are advised to use local storage options to ensure data sovereignty.

https://blocksandfiles.com/2025/03/27/eu-data-sovereignty-and-trumps-usa/

The Clock Is Ticking: Are You Ready for PCI DSS 4.0?

By CIO / Blog / PCI DSS

PCI DSS 4.0 compliance deadline is March 31, 2025. Organizations must meet new requirements, including expanded multi-factor authentication (MFA), longer passwords, automated application protection, and enhanced training programs. Thales and Imperva can assist with compliance through data security, application protection, and identity management solutions. Compliance is critical to avoid significant financial penalties and to build consumer trust in data handling.

https://securityboulevard.com/2025/03/the-clock-is-ticking-are-you-ready-for-pci-dss-4-0/

Responsible Data Use In An Age Of AI

By CIO / Blog / AI, EU, regulation

EU AI Act sets regulations for AI systems, emphasizing ethical data use and transparency. Businesses must comply with evolving guidelines to safeguard privacy while avoiding stifled innovation. Key steps include clear data governance, regular risk assessments, human oversight, and employee training to balance compliance with ongoing AI development.

https://www.forbes.com/councils/forbestechcouncil/2025/03/27/responsible-data-use-in-an-age-of-ai/

AI Act and the Automotive Industry

By CIO / Blog / AI, EU, industries, regulation

TLDR: The EU AI Act, effective August 2024, introduces sector-neutral regulations for AI in the automotive industry, aimed at addressing safety risks. It classifies AI systems into high-risk and low-risk categories, imposing compliance requirements especially on systems related to autonomous vehicles. These regulations aim to ensure safety and accountability while requiring automotive stakeholders to adapt to new standards, challenging both EU and non-EU companies entering the market.

https://www.taylorwessing.com/en/insights-and-events/insights/2025/03/ai-act-and-the-automotive-industry

The Data Act: Six Months to Go — But What To Do?

By CIO / Blog / data protection, EU, GDPR, regulation

The Data Act, effective September 12, 2025, mandates greater data access and sharing for IoT products in the EU, including medical devices. It requires manufacturers to design products for easy, secure data access, impacting how they handle both personal and non-personal data under GDPR. With six months until implementation, businesses should prepare technically and organizationally, updating contracts to comply with new data-sharing requirements.

https://www.ropesgray.com/en/insights/viewpoints/102k6pq/the-data-act-six-months-to-go-but-what-to-do

Balancing GDPR Data Access Rights Against the Rights of Others

By CIO / Blog / GDPR

Balancing GDPR access rights has become challenging for controllers, particularly regarding the right of access versus competing rights, such as third-party privacy. Article 15(3) GDPR grants individuals access to their personal data, but Article 15(4) allows limitations if it affects others' rights. The EDPB provides guidelines emphasizing a case-by-case assessment to weigh rights and justify access limitations. The DPC recently highlighted that restrictions should be evidence-based, particularly in sensitive situations. Controllers must document decisions effectively and seek legal advice to navigate potential risks while adhering to GDPR.

https://www.arthurcox.com/knowledge/balancing-gdpr-data-access-rights-against-the-rights-of-others/

Zapier MCP—Connect Your AI to Any App Instantly

By CIO / Blog / AI, automation, integration

Zapier MCP: Connect AI to 7,000+ apps instantly without complex integrations. Enable AI to perform tasks (send messages, manage data) quickly and securely. Ideal for developers, AI enthusiasts, and business teams. Start building with easy setup steps and customizable actions. Free usage up to specified limits; integrates with any AI platform.

https://zapier.com/mcp

Legal Impact on Cybersecurity in 2025: New Developments and Challenges in the EU

By CIO / Blog / cybersecurity, EU, regulation, trends

2025 is pivotal for EU cybersecurity, with new regulations like NIS2 and DORA enhancing digital resilience. These laws require stricter compliance from businesses, including improved risk management, incident reporting, and telecom security. The eIDAS2 regulation aims to bolster digital identity trust, while the National 5G Scheme mandates security for critical elements. Compliance will enhance competitiveness, necessitating budget awareness and proactive governance amid rising cyber threats.

https://www.csoonline.com/article/3853199/legal-impact-on-cybersecurity-in-2025-new-developments-and-challenges-in-the-eu.html

2024 EU AI Act: a Detailed Analysis

By CIO / Blog / AI, EU, regulation

2024 EU AI Act Overview:
The EU AI Act, effective from August 1, 2024, regulates AI development and use in the EU, ensuring safety, fundamental rights protection, and innovation promotion while avoiding market fragmentation. It covers various sectors, mandates AI literacy, and a risk-based framework. Certain AI practices deemed harmful are prohibited (e.g., manipulative techniques, social scoring). High-risk AI systems face stringent rules, while general-purpose AI models must meet specific criteria and inform authorities of risks. Compliance involves transparency and ethical guidelines, with penalties for violations reaching EUR 35 million or 7% of global turnover. The Act aims for a trustworthy, human-centric AI ecosystem.

https://cms-lawnow.com/en/ealerts/2025/03/2024-eu-ai-act-a-detailed-analysis

Author name: CIO