Unpacking compliance, security and AI.
Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.
7 articles found · #cybersecurite
Automated patching: the answer to NIS 2, Article 21
Executives must prove vulnerabilities are remediated in a timely manner. Well-configured automated patching is the safest, most auditable way to meet NIS 2 Art. 21.
Cloud CSPM: the answer to CSSF Circular 22/806 on outsourcing
To remain compliant with CSSF in 2026, moving to the cloud is not enough. A CSPM continuously proves correct configuration, monitoring, and auditability as required.
TLPT (threat‑led red team): meeting DORA Articles 26‑27
DORA requires selected financial entities to run threat‑led penetration tests on production systems. This is how a structured TLPT implementation fulfils Articles 26‑27, step by step.
NIS 2 in Luxembourg: executives, mandatory training and personal risk
Under NIS 2, management bodies must approve and supervise cybersecurity measures (Art. 20), undergo regular training, and may be held personally liable for failures. The ILR has issued concrete guidance.
Phishing‑resistant MFA (FIDO2/WebAuthn): answering GDPR Article 32
GDPR Article 32 requires state‑of‑the‑art security. Phishing‑resistant MFA with FIDO2/WebAuthn is the most robust and pragmatic way to comply without unnecessary complexity.
Immutable, isolated backups: meeting DORA on ransomware resilience
DORA requires restorable, isolated backups. Immutable backups and network isolation meet these obligations while reducing ransomware risk.
NIS2 Directive in Luxembourg: a new era of cyber accountability
Luxembourg has transposed the NIS2 Directive, fundamentally reshaping corporate cybersecurity obligations. Broader scope, strengthened governance, tougher sanctions: an overview of the key challenges and the first steps to take.
