This website uses cookies

Read our Privacy policy and Terms of use for more information.

Today's Focus: Cybersecurity, Data Security & Cloud Security — Monday, 6 July 2026

Two red-flag deadlines land this week on opposite sides of the Pacific: Korea's platform-content law switches on tomorrow, and FedRAMP opens its 20x Marketplace door today. A quiet post-holiday Monday otherwise, but the clock is loud.

Today's Top Story

Korea's platform-content law takes effect tomorrow

South Korea's amended Network Act (Law No. 21305, promulgated 6 January 2026) takes legal effect 7 July 2026 per Korea's national law portal — some sources cite 6 July; either way it is live now. Large-scale information and communications service providers must manage illegal or manipulated information, publish semi-annual transparency reports, and honour user objection rights. The Korea Communications Commission gains supervisory authority and may stand up an Information and Communications Service Transparency Center. The teeth: courts can award punitive damages up to 5× actual harm, and the KCC can impose fines up to KRW 1 billion on platforms that repeatedly distribute illegal or manipulated information after a final court ruling. A US State Department official has warned the revision could strain technology cooperation.

Also Today

FedRAMP opens 20x Marketplace enrollment today. With the Consolidated Rules for 2026 (CR26) in effect since 4 July, the FedRAMP PMO opens Marketplace listings for the 20x Initial Implementation stage today — the first live intake path against the new machine-readable ruleset. Providers must list before applying for Certification. File any "FedRAMP Ready" submission before 28 July, when Ready goes Legacy; the 20x Class A pipeline opens 3 August, and CR26 is mandatory for all offerings on 1 January 2027. Map your Rev5 artifacts to CR26 now. Source

FAR Council eases CUI reporting to 72 hours — comment window open. The revised government-wide CUI proposed rule (91 FR 37550, published 23 June) relaxes the earlier 8-hour incident-reporting requirement to 72 hours, aligning with DFARS 252.204-7012 and CIRCIA, and drops the separate CUI-identification clause. Federal civilian contractors handling CUI should assess 72-hour readiness and file comments by 23 July. Source

EU Cyber Resilience Act reporting clock ticks toward September. Under Regulation (EU) 2024/2847, manufacturers' duties to report actively exploited vulnerabilities and severe incidents apply from 11 September 2026, when ENISA's Single Reporting Platform goes live — a 24-hour early warning, 72-hour notification, 14-day final report. Penalties reach €15 million or 2.5% of global turnover. Build your reporting workflow now. Source

NIS2 enforcement is ramping across the EU. 22 of 27 Member States have now transposed Directive (EU) 2022/2555; Germany has opened incident-notification proceedings, France issued warnings, and Italy launched sectoral inspections. Essential-entity fines reach €10M or 2% of turnover; important entities €7M or 1.4%. Source

Deadline Alert

Tomorrow (7 July): Korea Network Act platform amendment takes effect. 17 days (23 July): FAR CUI rule comments close. 22 days (28 July): FedRAMP "Ready" becomes Legacy.

One Thing to Do Today

If you sell cloud services to the US government, submit your FedRAMP 20x Initial Implementation Marketplace listing today and lock in any "FedRAMP Ready" submission before the 28 July Legacy cutoff.

Tomorrow's Focus: Privacy & personal data protection — global enforcement, cross-border transfers, and state-law deadlines.

CyberEyeQ — Actionable Regulatory Intelligence. Questions or tips: [email protected]

Keep Reading