Live feed
What's changing worldwide
The latest regulatory decisions, laws, enforcement and incidents across all 8 domains - newest first, sourced from official channels. How this data is collected →
Ireland must transpose EU AMLD6 provisions requiring the RBO to grant beneficial-ownership access to persons with a legitimate interest and to interconnect with EU systems, partially reopening data that was restricted after the 2022 CJEU ruling. It re-shapes the transparency obligations attached to forming and owning an Irish company.
eucrim (EU) ↗The grandfathering period under MiCA (EU 2023/1114) ends on 1 July 2026; Croatian virtual-asset service providers that have not secured a full CASP authorisation from HANFA must suspend crypto-asset services or face enforcement. This completes Croatia's transition from a national VASP-notification regime to the EU-harmonised licensing framework.
HANFA ↗The Digital Code consolidates the Law on Informatization, the Law on Electronic Documents, and the Law on Electronic Digital Signature into a single unified instrument, mandating cybersecurity audits for critical infrastructure and high-risk AI systems, reinforcing data-localization rules, and establishing a 'Digital Sovereignty' principle ensuring state control over critical digital infrastructure. It is the most comprehensive digital regulatory overhaul in Kazakhstan's history.
Interfax Kazakhstan ↗Vietnam's consolidated Cybersecurity Law 2025, passed on 10 December 2025 with 434/443 votes in the National Assembly, takes full effect, replacing both the 2015 and 2018 laws. It mandates data localisation for all domestic and foreign platform operators, sets 24-hour (and 6-hour in urgent cases) content-removal windows, and reaffirms the Ministry of Public Security as the principal cybersecurity authority.
Ministry of Public Security of Vietnam (bocongan.gov.vn) ↗Norway's amendment to the Security Act to transpose the EU NIS2 Directive (2022/2555) enters its registration phase, bringing roughly 5,000 organisations into scope across expanded critical sectors; NSM will act as central CSIRT coordinator, with first audits scheduled from 1 October 2026.
DLA Piper Norway ↗Liechtenstein-based providers operating under the TVTG must hold full MiCAR authorisation as crypto-asset service providers by this date; passporting across the EEA requires authorisation. This marks the cutover from the national Blockchain Act regime to the EU-wide MiCA framework.
FMA Liechtenstein ↗The BCEAO pushed back the mandatory deadline for all banks, electronic money institutions, and payment institutions across UEMOA to connect to the PI-SPI interoperable instant payment system to September 30, 2026. As of late June 2026, 80 participants were connected and 74 more were still in the testing phase, reflecting the operational complexity of integrating Côte d'Ivoire's diverse financial actors into a single real-time rail.
Ecofin Agency ↗A June 2026 amendment narrowed conditions for persons holding temporary protection status to remain in Finland, continuing the Orpo government's legislative tightening across all immigration categories. Remote workers on other permit types are unaffected but the change signals ongoing restrictive momentum in the broader framework.
Finnish Immigration Service (Migri) ↗Brunei launched Digital Brunei 2030, a five-year national digital transformation plan that, for the first time, embeds a dedicated Data and AI Strategy alongside digital government, society, and business strategies. Flagship AI commitments include a National Sovereign Cloud with AI computing capabilities and development of a Brunei-context National Large Language Model.
The Bruneian ↗Minister Andrew Wheatley announced in the House of Representatives that Jamaica will draft a new standalone cybersecurity law after recording over 49 million attempted attacks in 2025. The planned legislation will codify a National Cybersecurity Directorate, mandate minimum sector standards, require incident reporting, regulate cybersecurity service providers, and formally designate critical information infrastructure, obligations not currently in statute.
Jamaica Observer ↗President Aliyev signed a decree creating the National Cybersecurity Agency under the Ministry of Digital Development and Transport with an expanded remit covering AI-system security, critical-infrastructure resilience, personal-data protection, and enforcement against prohibited online content, directly relevant to overseeing AI deployments.
Ministry of Digital Development and Transport, Azerbaijan ↗The Portfolio Committee on the Economic and Development Cluster issued its report recommending passage of the Payment Systems Bill 2025, which had passed second reading on 5 May 2026. The bill is designed to repeal the 2014 Act, create a level playing field for fintech entrants, and align the CBL's supervisory mandate with international standards — it would require all payment service providers to hold a single CBL licence renewed every five years.
National Assembly of Lesotho ↗General Rule No. 569 amended NCG 514 and incorporated Technical Annex 3, covering API specifications, participant registry, digital certificates, and security protocols, completing the Open Finance System regulatory architecture under the Fintech Act. The operational go-live was extended from July 2026 to July 2027 to allow sufficient industry preparation.
Carey Abogados (citing CMF Chile) ↗Work-permit applicants must earn at least 90% of the national median wage (SEK 33,390/month), up from 80%, and must hold full sickness insurance. Two new criminal offences, exploitation of foreign labour and trafficking in work permits, are also introduced; certain highly skilled and self-employed applicants gain a slightly expanded right to apply from within Sweden.
Sveriges riksdag ↗