GRC Report Staff

With the Digital Operational Resilience Act (DORA) shifting from concept to implementation, Europe’s financial watchdogs have laid out how they plan to keep a close eye on the tech providers underpinning the financial system. The European Supervisory Authorities recently published a guide on how they will oversee critical ICT third-party service providers (CTPPs) under DORA. While the guide doesn’t carry legal force, it offers much-needed clarity for financial entities, regulators, and ICT providers bracing for a new era of operational scrutiny.

Unveiling The Monetary Authority of Singapore's (MAS) Annual Report for Financial Year 2024/2025, Managing Director Chia Der Jiun struck a confident tone in the strength of Singapore’s financial system, but clear-eyed about the geopolitical, technological, and economic risks that could reshape the landscape in the years ahead.

Luxury fashion house Louis Vuitton is facing a cross-border cybersecurity incident after confirming a data breach that has affected customers in at least three countries and possibly more.

A Maryland-based IT contractor has agreed to pay at least $14.75 million to settle allegations it violated the False Claims Act by overcharging federal agencies and misrepresenting its qualifications under a government-wide procurement program, the U.S. Department of Justice announced Monday.

The European Commission has stepped in with a timely adjustment to ease pressure on companies already navigating the EU’s sustainability reporting rules. On July 11, the Commission adopted a “quick fix” to the first set of European Sustainability Reporting Standards (ESRS), giving a break to companies that began reporting for financial year 2024, commonly referred to as “wave one” reporters. These companies will now be able to skip certain additional disclosures for two more years, covering financial years 2025 and 2026.

The EU wants to make life a little easier for smaller businesses under the GDPR, but Europe's top data protection authorities are asking a few questions before they sign off.

The California Air Resources Board (CARB) has published a detailed FAQ to guide companies preparing for two new climate disclosure laws: the Climate Corporate Data Accountability Act (Health and Safety Code section 38532) and the Climate-Related Financial Risk Disclosure Program (section 38533). The document outlines early steps for compliance, reporting timelines, and public engagement opportunities, ahead of formal regulations expected later this year.