GRC Report Staff

Somewhere inside a government agency, a public institution, or a private company, an employee is almost certainly pasting information into an AI tool that nobody formally approved. The employee is probably not trying to circumvent policy. They are trying to get through their workday. A chatbot can summarize a report in seconds. A coding assistant can solve a technical problem faster than a colleague can respond to a message. An automated note-taking application can generate meeting minutes before participants have even left the call. The attraction is obvious. So is the speed with which these tools have spread through workplaces.

Australia's stock exchange operator has admitted it misled the market about the status of its long-running CHESS replacement project, setting the stage for a proposed $13.3 million (AUD $20.5 million) penalty and a further $1.95 million (AUD $3 million) contribution toward regulatory costs.

The past year offered no shortage of challenges for Europe's insurance and pensions sectors. Geopolitical tensions remained elevated, cyber threats continued to evolve, extreme weather events became more frequent, and advances in artificial intelligence forced regulators and financial institutions alike to confront new opportunities and new risks. The European insurance watchdog spent 2025 trying to balance two objectives that do not always sit comfortably together: strengthening oversight while reducing regulatory complexity.

Tönnies Unternehmensbeteiligungen has been fined €1.15 million by Austria's Cartel Court after completing an acquisition months before notifying competition authorities, despite the deal ultimately receiving regulatory approval. The penalty stems from Tönnies' acquisition of a shareholding in Ritzenhoff, a manufacturer and distributor of glass and ceramic products. According to the Austrian Federal Competition Authority (AFCA), the transaction was completed on September 6, 2023. The company did not notify Austrian regulators until April 16, 2024.

The Federal Court of Australia has imposed $193 million (AUD $300.2 million) in penalties against collapsed contracts-for-difference issuer Union Standard International Group and two former authorized representatives after finding they engaged in systemic unconscionable conduct that left customers with losses exceeding $53 million (AUD $83 million).

When European Commission President Ursula von der Leyen unveiled a new package of technology proposals this week, she did not frame it as an industrial policy announcement. She framed it as a matter of control.

The Cybersecurity and Infrastructure Security Agency on Wednesday issued Binding Operational Directive 26-04, requiring federal civilian agencies to prioritize security updates according to risk rather than treating vulnerabilities as a largely uniform backlog of technical debt.