Blog – Page 113 – CIO.works

Supporting NIS2 Implementation Through Actionable Guidance

ENISA published technical guidance for NIS2 implementation, focusing on cybersecurity measures across 18 critical sectors such as digital infrastructure, energy, and health. The guidance supports organizations in aligning with the NIS2 Directive’s requirements, which aims to enhance cybersecurity in Europe. Key areas covered include risk management, incident handling, supply chain security, and skills development for cybersecurity roles. The guidance is non-binding and complements national regulations.

https://www.enisa.europa.eu/news/supporting-nis2-implementation-through-actionable-guidance

New Global CIO Survey Reveals 2025’s Defining IT Shifts

By CIO / Blog / trends, CIO, cybersecurity, AI

CIO Survey 2025 reveals AI's universal deployment in businesses, with cybersecurity as a top priority. Key findings include: 100% of CIOs use AI, efficiency pressures are rising, and talent acquisition is on top of concerns. Cloud strategies are stabilizing, with a split in workload placements. Major investments focus on AI/ML, cloud modernization, and formal AI governance.

https://futurumgroup.com/press-release/new-global-cio-survey-reveals-2025s-defining-it-shifts/

What the CIO Role Will Look Like in 2028

By CIO / Blog / trends, CIO

CIO roles in 2028 will evolve significantly due to AI, requiring strategic thinkers with strong technical knowledge. As organizations leverage AI, CIOs will need to enhance collaboration with business leaders and drive innovation. The future CIO will be seen as a business model architect rather than a back-office technologist, focusing on digital transformation, AI integration, and organizational agility. Responsibilities will expand to include governance and ethical considerations regarding AI use. Effective CIOs will need strong leadership, collaboration skills, and a data-first mindset to adapt to these changes.

https://www.cio.com/article/4022997/what-the-cio-role-will-look-like-in-2028.html

DMARC Compliance Guide for Bulk Email Senders

By CIO / Blog / email, cybersecurity

DMARC Compliance Guide: Email authentication via DMARC, SPF, DKIM essential to avoid financial, reputational risks. Major providers like Google and Microsoft mandate compliance. Organizations must implement a structured DMARC policy and monitor for threats to enhance security and ensure deliverability. Non-compliance leads to spoofing, fines, and poor reputation. Future trends include AI-driven phishing tactics and evolving authentication standards. DMARC is crucial for cyber resilience and trust.

https://www.darkreading.com/cyber-risk/dmarc-compliance-guide-bulk-email-senders

AI Laws Across U.S. and Global Practice Areas

By CIO / Blog / AI, regulation, EU, business objectives

AI laws are evolving globally and in the U.S., addressing risks and ensuring public safety as AI adoption increases. The EU AI Act categorizes AI systems into four risk levels, imposing stricter compliance for high-risk applications and banning those with unacceptable risks. In the U.S., federal agencies provide regulatory guidance, but comprehensive federal law is lacking. Notable state laws, like Colorado's and Utah's, are emerging to govern AI use and protect consumer rights. As AI reshapes legal practice, attorneys must balance innovation with ethical considerations and regulatory compliance.

https://legal.thomsonreuters.com/blog/navigating-ai-laws-and-regulations-across-practice-areas/

The Books Shaping Today’s Cybersecurity Leaders

By CIO / Blog / cybersecurity

CISOs recommend influential books for cybersecurity leadership, focusing on risk management, decision-making, and human behavior. Key titles include “How to Measure Anything in Cybersecurity Risk,” “Thinking, Fast and Slow,” and “Dare to Lead.” The books aim to enhance leadership skills and address the complexities of human factors in security. They encourage reflection and balance in both professional and personal life.

https://www.csoonline.com/article/4027000/the-books-shaping-todays-cybersecurity-leaders.html

European Parliament Committee Recommends Commission to Propose EU Directive on Algorithmic Management

By CIO / Blog / AI, EU, workforce

EU Parliament's Employment Committee recommends a directive on algorithmic management, defining it as automated systems affecting workers' performance and conditions. A Commission study highlights concerns about existing protections and outlines proposed requirements for transparency and human oversight. The draft directive, not yet endorsed, will undergo legislative procedures with potential implications for employers across the EU, including prohibitions on certain data processing related to workers. If approved, formal proposals could emerge in 2026 or 2027.

https://www.insideprivacy.com/european-union-2/european-parliament-committee-recommends-commission-to-propose-eu-directive-on-algorithmic-management/

Visa and Mastercard: The Global Payment Duopoly

By CIO / Blog / payments

Visa and Mastercard dominate global payment processing, holding 90% market share outside China and a combined value of $850 billion. Their dominance stems from historical foundations, strategic advantages, and network effects, despite facing challenges from companies like Amazon and national processors like India's RuPay. The duo's strong position results from restrictive practices and significant investments, which hinder competition. However, rising fintech and regulatory pressures may disrupt their duopoly, impacting future payment processing dynamics.

https://quartr.com/insights/edge/visa-and-mastercard-the-global-payment-duopoly

Microsoft Exec Admits It ‘cannot Guarantee’ Data Sovereignty

By CIO / Blog / business objectives, GDPR, EU, privacy

Microsoft cannot guarantee data sovereignty for its French customers, admitting it must comply with U.S. government data requests under the Cloud Act. During a Senate hearing, company executives acknowledged they would need to share information if compelled, despite safeguards in place to resist unfounded requests. This raises concerns about privacy and security for EU users, prompting discussions on increasing European digital sovereignty.

https://www.theregister.com/2025/07/25/microsoft_admits_it_cannot_guarantee/

Workday Ruling: How Europe’s Top Courts Raised the Bar for Employee Data Protection

By CIO / Blog / GDPR

TLDR: The Workday case in Europe established stricter GDPR standards for employee data protection. Key outcomes include: minor data breaches can invoke compensation claims, collective agreements cannot weaken GDPR compliance, intra-group data transfers are heavily regulated, and loss of control over personal data is enough for non-material damage claims. Employers must ensure all data handling aligns with GDPR to mitigate legal risks.

https://www.fisherphillips.com/en/news-insights/workday-ruling-how-europes-top-courts-raised-the-bar-for-employee-data-protection.html