regulation – CIO.works

Navigating Compliance and Insurance as a Competitive Edge

By CIO / Blog / strategy, compliance, regulation

In 2026, compliance with regulations like GDPR and NIS2, alongside stringent cyber insurance requirements, has become a key driver for cybersecurity investments, shifting security from a cost center to a strategic business asset. Partners who deliver solutions aligned with these frameworks, supported by platforms like Symantec CBX for continuous compliance monitoring, help organizations reduce risk, lower insurance premiums, and gain a competitive edge through digital trust and operational resilience.

https://www.security.com/blog-post/resilient-channel-series-part-5

GDPR Fines Hit $1.4B as Customer Support Becomes Compliance Risk

By CIO / Blog / data protection, GDPR, compliance, EU, regulation, customer service

In 2025, GDPR fines reached $1.4 billion in Europe and $2.8 billion globally, highlighting significant risks in customer support operations due to data handling by outsourced teams. Experts emphasize that compliance depends on strict data access controls, comprehensive audit trails, thorough agent training, and ongoing monitoring to prevent breaches and ensure accountability throughout support workflows.

https://news.designrush.com/gdpr-compliance-customer-support-risks-explained

How the EU’s NIS2 Directive Is Changing How CIOs Think About Digital Infrastructure

By CIO / Blog / EU, risk management, cybersecurity, compliance, NIS2, regulation

The EU’s NIS2 directive is prompting CIOs to rethink digital infrastructure by extending risk accountability beyond individual organizations to encompass the entire ecosystem of interconnected providers, including cloud platforms and network operators. This shift emphasizes designing resilient systems that can continue operating despite failures in any part of the network, moving resilience from a compliance exercise to a strategic priority focused on infrastructure architecture and connectivity.

https://www.cio.com/article/4162091/how-the-eus-nis2-directive-is-changing-how-cios-think-about-digital-infrastructure.html

EU AI Act Shock: Emotion Recognition Is Now Illegal at Work. So Why Is Your Vendor Still Selling It?

By CIO / Blog / technology, AI, compliance, EU, privacy, regulation

The EU AI Act, effective since February 2025, has made emotion recognition AI in the workplace illegal across the European Union, imposing fines up to €35 million or 7% of global turnover for violations. Despite this, many vendors continue to sell and deploy such technology unlawfully, risking significant penalties, while the law strictly prohibits AI systems that infer employee emotions from biometric data but allows text-only sentiment analysis. Organizations using UC, CX, or employee experience software in Europe are urged to urgently verify vendor compliance and disable prohibited features to avoid imminent enforcement actions.

https://www.uctoday.com/workplace-management/eu-ai-act-shock-emotion-recognition-is-now-illegal-at-work-so-why-is-your-vendor-still-selling-it/

Time for Government, Business Leaders to Figure Out AI Cybersecurity Regulation

By CIO / Blog / AI, regulation, cybersecurity

Cybersecurity experts warn that the rising capabilities of agentic AI, while useful for combating cybercrime, also pose significant risks as bad actors use AI to exploit vulnerabilities, threatening personal data, the economy, and national security. They emphasize the urgent need for government and business leaders to establish clear AI cybersecurity regulations, balancing innovation with liability and prevention, to better protect against increasingly sophisticated AI-enabled cyberattacks such as phishing and software breaches.

https://news.harvard.edu/gazette/story/2026/04/time-for-government-business-leaders-to-figure-out-ai-cybersecurity-regulation/

The EU’s AI Act: Do You Have the Knowledge to Comply?

By CIO / Blog / regulation, EU, AI, compliance

The article highlights a critical compliance challenge posed by the EU AI Act, effective from August 2, 2026, for enterprises using AI-driven marketing automation workflows. It warns that while strategic AI governance often exists at the leadership level, many operational AI systems—like customer scoring models and data enrichment flows—are undocumented and lack clear ownership, putting organizations at risk of non-compliance under the Act’s transparency, documentation, and human oversight requirements.

https://www.business-reporter.co.uk/ai–automation/the-eus-ai-act-do-you-have-the-knowledge-to-comply

EU AI Act Compliance: a Technical Audit Guide for the 2026 Deadline

By CIO / Blog / AI, compliance, EU, regulation

With the August 2026 deadline for the EU AI Act approaching, IT leaders must shift from policy to practical compliance by mapping AI tools across APIs, legacy systems, and model integrations to ensure auditable governance. Organisations need to build comprehensive API inventories, implement continuous monitoring systems, categorise AI endpoints by risk, and rigorously audit high-risk legacy systems for transparency, human oversight, and bias mitigation to meet the stringent regulatory requirements and avoid significant fines and reputational damage.

https://www.raconteur.net/global-business/eu-ai-act-compliance-a-technical-audit-guide-for-the-2026-deadline

EUDR in Practice: How to Correctly Set Up Due Diligence in the Supply Chain

By CIO / Blog / regulation, risk management, cybersecurity, EUDR

The EU Deforestation Regulation (EUDR) establishes new due diligence requirements for companies dealing with certain commodities, mandating proof that products comply with EUDR and are deforestation-free before entering or leaving the EU market. Companies must collect detailed supply chain information, assess risks, implement mitigation measures if necessary, submit a Due Diligence Statement, maintain an internal due diligence system, and retain documentation for inspections.

https://www.grantthornton.cz/en/news/eudr-in-practice-how-to-correctly-set-up-due-diligence-in-the-supply-chain/

Focus Areas When Implementing Data Protection by Design and by Default in 2026

By CIO / Blog / data protection, GDPR, compliance, privacy, regulation

Data protection by design and by default, a key principle of the EU GDPR, remains inconsistently implemented nearly a decade after its adoption, requiring organizations to consider four main factors—state of the art, cost of implementation, processing context, and risks to individuals—for effective compliance. In 2026, evolving technologies and regulations, especially concerning AI, demand a dynamic, risk-based approach that integrates ongoing assessment and adaptation of technical and organizational measures from the system design stage through deployment to safeguard personal data and uphold individuals' rights.

https://iapp.org/news/a/focus-areas-when-implementing-data-protection-by-design-and-by-default-in-2026

We Are All AI Philosophers Now

By CIO / Blog / AI, regulation, threats

The article emphasizes that AI systems inherently carry the biases and values of their creators through design choices, data, and policy decisions, meaning AI is never truly neutral. It calls on IT leaders to recognize that adopting AI is a governance decision that requires disciplined oversight, transparency, and accountability to manage risks and ensure AI-driven decisions align with organizational and societal values.

https://www.cio.com/article/4145026/we-are-all-ai-philosophers-now.html