This briefing summarizes major 2026 developments in cybersecurity and data governance, including ENISA’s new Technology and Innovation Radar methodology, EU–US biometric-sharing talks, multiple state and national AI and privacy laws, and updated guidance from national DPAs and the NCSC. It also highlights a tactical shift in China-linked cyber operations toward large covert networks of compromised devices exemplified by Raptor Train and noted campaigns like Volt Typhoon, raising detection and attribution challenges. #RaptorTrain #VoltTyphoon
Keypoints
- ENISA published a six-step methodology for its Technology and Innovation Radar to identify, score, and visualize emerging cybersecurity signals.
- EU–US negotiations on an Enhanced Border Security Partnership would allow US checks against some EU biometric databases, prompting legal and rights-based scrutiny.
- The UK mandated an AI Code of Practice and the NCSC issued updated cross-domain security guidance emphasizing end-to-end pipelines and threat-driven design.
- Regulators advanced AI and data governance rules, including Dutch guidance on explanations for automated decisions, AEPD transcription requirements, and new state laws in Maryland, Delaware, Louisiana, and Maine.
- A joint advisory warned that China-linked actors increasingly operate large covert networks of compromised SOHO and IoT devices (e.g., Raptor Train, Volt Typhoon), complicating detection and attribution.
Read More: https://keplernewsletter.substack.com/p/privacy-and-cybersecurity-68