Poland’s financial sector is becoming more digital, more interconnected, and, as a result, more exposed. That’s what the 2025 cybersecurity report says, published by CSIRT KNF, which outlines a threat landscape that is not only growing, but shifting in ways that make it harder to contain.
There’s a quiet recalibration happening inside Europe’s data protection regime. It’s not a rollback of rules, and it’s not a loosening of standards. But in its 2025 annual report, Denmark's Data Protection Authority (Datatilsynet) offers a window into something more subtle. Regulators are starting to acknowledge what many organizations have been grappling with for years. Compliance, as written, doesn’t always translate cleanly into practice.
Poland has moved to bring the EU’s data governance ambitions closer to day-to-day reality, with lawmakers approving a national law designed to operationalize the bloc’s Data Governance Act. The Sejm of the Republic of Poland adopted amendments put forward by the Senate, clearing the way for the legislation to take effect once it is signed by the President and formally promulgated. The law will enter into force three months after that final step.
A cyberattack affecting the Europa.eu platform, the public-facing web presence of the European Commission, was identified on March 24, according to a statement released by the Commission. The incident impacted cloud infrastructure used to host the platform. The Commission said it took immediate steps to contain the attack and implement mitigation measures, adding that the availability of Europa websites was not disrupted.
Italy’s privacy regulator has fined Intesa Sanpaolo €31.8 million after concluding that a prolonged, undetected data breach exposed deep flaws in the bank’s internal controls and security oversight. The decision from the Italian Data Protection Authority follows an investigation triggered by the bank’s own breach notification in July 2024. What emerged was not a one-off lapse, but a pattern of unauthorized access stretching over more than two years.
A decade after regulators first put children’s online privacy under the microscope, a new global sweep suggests the landscape has shifted, but not necessarily in ways that reduce risk.
At a Brussels conference this week hosted by the European Data Protection Board, senior officials from across the EU made a clear case that the next phase of enforcement will hinge less on new rules and more on how well authorities work together to apply the ones already in place.