Today's Focus: Cybersecurity, Data Security & Cloud Security
Today's Top Story: EU critical-entity designations due Friday
Under the Critical Entities Resilience Directive (Directive (EU) 2022/2557), Member States must formally identify and designate critical entities across 11 sectors — energy, transport, health, banking, digital and cloud infrastructure, water, food, and public administration among them — by 17 July 2026, four days from now. Designated entities are notified within one month, and resilience obligations (four-yearly risk assessments, 24-hour incident notification) apply ten months after notification, putting the latest compliance wave around May 2027. If you operate in one of the 11 sectors, the designation letter may already be moving. Source
On the Calendar This Week
15 Jul — UK FCA Buy-Now-Pay-Later regulation takes effect; providers must be authorized.
15 Jul — China's Interim Measures on anthropomorphic-AI disclosure take effect.
17 Jul — EU CER Directive: Member States must designate critical entities.
18 Jul — US GENIUS Act one-year implementing-rulemaking deadline.
Also Today
FedRAMP Ready retires 28 July — no new Ready submissions accepted after that date; the 20x Class A pipeline opens 3 August and a temporary Rev5 pipeline for Class B/C opens 10 August. Submit or convert your package before the cut-off. Source
Korea's revised Network Act now enforced — since 7 July, platforms with over 1M daily users (Naver, Kakao, Google, Meta, TikTok, X are named) must run reporting systems for false or manipulated information and publish semi-annual transparency reports; repeat distributors of confirmed false content face fines up to KRW 1 billion and courts may award up to 5× punitive damages. Confirm your content-reporting and transparency workflows are live. Source
EU Cyber Resilience Act reporting starts 11 September — manufacturers of products with digital elements must report actively exploited vulnerabilities within 24h/72h/14 days to ENISA and national CSIRTs, including for legacy products already on the market. Stand up the reporting workflow now. Source
⏰ Deadline Alert
17 July (4 days): EU Member States must complete critical-entity designation under the CER Directive.
One Thing to Do Today
If you operate in energy, transport, health, banking, digital infrastructure, water, or food in the EU: contact your national competent authority today and confirm whether your organization is on the CER designation list — notification arrives within one month of designation, and the ten-month compliance clock starts then.
Related briefings: Cyber & cloud: NIS2 audits and FedRAMP CR26 (6 Jul) · Cybersecurity daily (29 Jun)
Tomorrow's Focus: Privacy & personal data protection.
CyberEyeQ — Actionable Regulatory Intelligence · [email protected]
