GRC Report Staff

Brussels has taken a noticeable step back from some of its most far-reaching sustainability ambitions. After a marathon round of negotiations, EU lawmakers reached a provisional deal to trim down the scope of the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD), a course correction shaped by delays, industry pressure, and a shifting political mood.

Norway’s financial system remains resilient heading into 2026, but beneath the strength sit familiar and growing fault lines. That’s what Finanstilsynet’s latest Risk Outlook is telling us, which shows that high household debt, stretched property values, and global instability are still Norway’s biggest vulnerabilities.

‍The European Commission said it has formally acknowledged Meta’s commitment to introduce a clearer, more meaningful decision point for Facebook and Instagram users across the EU. Beginning in January 2026, people will be offered two distinct paths—continue sharing their full data footprint for highly tailored advertising, or opt for a version of the apps that relies on less personal information and delivers more limited ad personalization.

After months of pressure on website operators, the Information Commissioner’s Office says more than 95% of the UK’s top 1,000 most-visited websites now meet legal requirements when asking users to consent to advertising cookies. It’s a shift the regulator estimates has given roughly 40 million people, about 80% of the population over 14, much more meaningful say over how companies can track their browsing for targeted ads.

Europe’s top privacy regulator wants online shopping to come with fewer strings attached, specifically unnecessary user accounts. At its latest plenary session on Thursday, the European Data Protection Board (EDPB) adopted new recommendations urging e-commerce companies to let people shop without being pushed into creating accounts that vacuum up personal data.

The Bank of England’s Prudential Regulation Authority has issued a refreshed set of expectations for how banks and insurers manage climate-related risks, a big shift from early awareness-building to full integration in risk processes.

A U.S. audit firm has been hit with regulatory sanctions after federal oversight officials found it leaned on an unregistered China-based firm to handle major portions of its audit work and failed to properly supervise or disclose that involvement.