GRC Report Staff

The California Air Resources Board (CARB) has published a detailed FAQ to guide companies preparing for two new climate disclosure laws: the Climate Corporate Data Accountability Act (Health and Safety Code section 38532) and the Climate-Related Financial Risk Disclosure Program (section 38533). The document outlines early steps for compliance, reporting timelines, and public engagement opportunities, ahead of formal regulations expected later this year.

After more than two decades of steady service, the EU’s core antitrust enforcement framework is due for a refresh, and this time, the European Commission isn’t going it alone. It wants feedback from businesses, legal experts, competition authorities, and anyone else who has a stake in how the EU tackles anti-competitive behavior in an increasingly digital economy.

TikTok is once again in the crosshairs of Ireland’s privacy watchdog after it admitted to storing some European user data on servers in China, contradicting what it had previously told regulators.

The European Banking Authority (EBA) has recently announced that it is launching a public consultation to revise its long-standing Guidelines on Product Oversight and Governance (POG). The revisions would, for the first time, formally incorporate ESG-related risks into how financial products are designed, marketed, and reviewed without, the EBA insists, adding unnecessary red tape.

A federal judge has ordered CVS Health to pay nearly $950 million in penalties and damages after its Omnicare unit was found to have illegally billed government healthcare programs for prescription drugs that weren’t properly authorized. The massive award stems from a whistleblower case that uncovered years of fraudulent dispensing practices tied to more than 3.3 million false claims.

Harman International Industries, the U.S.-based electronics company behind well-known audio brands, has agreed to pay $1.45 million to settle apparent violations of U.S. sanctions on Iran—violations that, according to regulators, were knowingly enabled by the company’s overseas staff and overlooked due to a lack of internal controls.

Qantas is investigating a cyber incident that exposed the personal information of customers stored on a third-party platform used by one of its contact centres. The breach, first detected earlier this week, has affected records tied to up to 6 million customers.