GRC Report Staff

There’s a quiet recalibration happening inside Europe’s data protection regime. It’s not a rollback of rules, and it’s not a loosening of standards. But in its 2025 annual report, Denmark's Data Protection Authority (Datatilsynet) offers a window into something more subtle. Regulators are starting to acknowledge what many organizations have been grappling with for years. Compliance, as written, doesn’t always translate cleanly into practice.

China has moved to anchor its environmental ambitions in law, passing a sweeping Ecological and Environmental Code that pulls together years of policy, regulation, and climate commitments into a single legal framework.

Italy’s antitrust regulator has taken aim at one of the country’s best-known jewellery brands, handing Morellato a €25,895,043 fine for a long-running set of distribution practices that, in the authority’s view, crossed the line from brand control into outright restriction of competition.

AI isn’t waiting for governance to catch up and that gap is quickly turning into one of the most serious risk challenges organizations face today. As companies push ahead with more advanced, increasingly autonomous AI systems, many are doing so without the controls needed to manage them effectively. What was once a manageable oversight issue is becoming something more structural. Agentic AI is beginning to operate beyond traditional human decision loops, and the longer governance lags behind, the harder it becomes to rein it back in.

Poland has moved to bring the EU’s data governance ambitions closer to day-to-day reality, with lawmakers approving a national law designed to operationalize the bloc’s Data Governance Act. The Sejm of the Republic of Poland adopted amendments put forward by the Senate, clearing the way for the legislation to take effect once it is signed by the President and formally promulgated. The law will enter into force three months after that final step.

South Korea’s Financial Services Commission is tightening oversight of the crypto sector, proposing a set of rule changes that read less like a wholesale rewrite and more like a deliberate effort to close the gaps regulators believe have been quietly undermining the system.

The Federal Trade Commission has issued a warning to some of the world’s largest payment platforms, signaling that access to the financial system is now firmly on the regulator’s radar as a consumer protection issue.