GRC Report Staff

The European Data Protection Board and the European Data Protection Supervisor responded to the European Commission’s proposed “Digital Omnibus on AI,” a package designed to simplify aspects of the implementation of the AI Act. The goal, according to the Commission, is to make the rules easier to apply in practice. The message from Europe’s privacy watchdogs is that simplification is welcome but only up to a point.

The Supreme Administrative Court of Finland has drawn a firm line under a long-running merger dispute, leaving intact a €600,000 penalty imposed on Valio for breaching conditions attached to its acquisition of foodservice wholesaler Heinon Tukku.

The European Commission has unveiled a new package of measures aimed at strengthening the European Union’s cybersecurity resilience, as cyber and hybrid threats increasingly target essential services, businesses, and democratic institutions across the bloc.

The President of the Polish Office of Competition and Consumer Protection (UOKiK) recently announced formal charges against Samsung Electronics Polska, alleging that the company’s approach to publishing and labeling online reviews may mislead consumers. If the allegations are confirmed, the company could face a fine of up to 10 percent of its turnover.

Texas Attorney General Ken Paxton has issued a legal opinion declaring Diversity, Equity, and Inclusion (DEI) policies unconstitutional across Texas state and local government, a move that significantly alters the compliance landscape for public institutions and potentially for private organizations operating in the state.

The European Central Bank (ECB) says climate change and environmental degradation are no longer side considerations in its work, but factors that now sit firmly inside the institution’s day-to-day decision-making.

The Cyprus Securities and Exchange Commission has issued guidance to regulated entities so that Europe’s new digital resilience regime is no longer an abstract compliance exercise. In a circular published on 19 January 2026, the regulator signaled growing concern that some firms are still struggling with the basics of the Digital Operational Resilience Act (DORA), particularly when it comes to incident reporting, ICT governance, and regulatory submissions.