Articles, by our experts

Unpacking compliance, security and AI.

Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.

Type: All Expertise News
Topics: luxembourg 14 expertise 13 reglementaire 13 rgpd 11 nis-2 8 cybersecurite 7 cnpd 5 ilr 5 solution 5 conformite 4 veille 4 actualite 4 dora 4 ransomware 3 edpb 3

7 articles found · #luxembourg · Expertise Luxgap

consultant 13/05/2026

CNPD — Workplace video surveillance: proportionality, DPIA and employee rights

Workplace cameras are allowed in Luxembourg, but under strict rules: legal basis, proportionality, frequent DPIA, L.261‑1 information duties and employee rights. Document everything, camera by camera.

expertisereglementairergpd
consultant 11/05/2026

NIS 2 in Luxembourg: executives, mandatory training and personal risk

Under NIS 2, management bodies must approve and supervise cybersecurity measures (Art. 20), undergo regular training, and may be held personally liable for failures. The ILR has issued concrete guidance.

expertisereglementairenis2
consultant 10/05/2026

NIS 2 and ICT supply chain: concrete obligations and certification

Securing the ICT supply chain is a first-order control under NIS 2. This guide outlines your obligations (Art. 21(2)(d)), the ILR’s role in Luxembourg, and when to use EU cybersecurity certification (Art. 24).

expertisereglementairenis2
consultant 09/05/2026

AI Act – Annex III: move to high-risk without getting it wrong

High-risk AI systems: how to decide if Annex III applies and build a compliant file (risk management, Annex IV, CE marking) in Luxembourg, as of May 2026.

expertisereglementaireai-act
consultant 07/05/2026

NIS 2 – Article 21 in Luxembourg: what does the ILR actually check?

Article 21 of NIS 2 sets 10 families of minimum measures. The ILR announces ex ante/ex post supervision focused on these measures and management accountability. Here is how to comply efficiently.

expertisereglementairenis2
consultant 07/05/2026

NIS 2 in Luxembourg: Law of 5 May 2026 published—what to do before 10 May

Luxembourg’s law transposing NIS 2 was published on 5 May 2026 and enters into force on 10 May. Broader scope, stronger governance, incident reporting within 24 h/72 h to ILR via SERIMA. Priority actions and official sources.

expertisereglementairenis-2
consultant 03/05/2026

NIS 2 in Luxembourg: how to notify ILR within 24h/72h/1 month

NIS 2 requires an early warning within 24h, a formal notification at 72h, and a final report within 1 month. In Luxembourg, ILR and the national CSIRT (CIRCL) are your key contacts.

expertisereglementairenis-2