Regulation

Regulatory landscape and business impact

27 analyses

SEC and Cybersecurity: The New Disclosure Obligations that have Transformed the Role of the CISO

The SEC's rules on the disclosure of cyber incidents, effective from December 2023, require reporting of material incidents within four business days via Form 8-K. In May 2025, American banking associations petitioned the SEC to revoke the rule. The practical outcome: the CISO has become a direct interlocutor for the board and legal department in materiality decisions.

April 5, 2026

Read analysis →

Regulation7 min

PL 2338: Brazil Advances in AI Regulation and What Changes for Technology Companies

In December 2024, the Brazilian Senate approved PL 2338/2023, which establishes the regulatory framework for AI in the country. In March 2025, the text was forwarded to the Chamber of Deputies. The law adopts a risk-based approach, with three categories: excessive risk (prohibited), high risk (with stringent requirements), and other systems (general obligations). For developers and operators, the impacts are immediate and structural.

March 18, 2026

Read analysis →

Regulation8 min

DORA in Force: What Changes for 22,000 European Banks and Fintechs Starting January 2025

The Digital Operational Resilience Act came into effect on 17 January 2025, imposing uniform digital resilience requirements on approximately 22,000 financial entities in the European Union. In November 2025, AWS, Microsoft Azure, and Google Cloud were designated critical ICT providers, subject to direct audit by European regulators.

March 5, 2026

Read analysis →