The EU and Sweden are strengthening digital governance through clearer GDPR enforcement, enhanced cyber resilience, and more detailed compliance requirements for critical infrastructure.

This week's regulatory update highlights several important developments across privacy, cybersecurity and digital regulation. Among the latest updates: • The EDPB has introduced new initiatives to strengthen GDPR consistency across Europe. • New guidance provides practical insight into how the right to object and the right to erasure are being applied in One-Stop-Shop cases. • The European Commission continues to strengthen Europe's critical digital infrastructure through new investments in submarine cable resilience. • In Sweden, new NIS2 security regulations have been published, setting out more detailed requirements for organisations covered by the Swedish Cybersecurity Act.

EU

GDPR

EDPB launched a dedicated form for stakeholders to report inconsistencies in GDPR interpretation across national DPAs or between a DPA and the EDPB. Submissions feed into Board-level discussions but receive no individual response. Part of the Helsinki Statement commitments on enhanced consistency.

Read More

EDPB published an updated One-Stop-Shop case digest on the right to object and right to erasure, covering hundreds of new OSS decisions since the original publication. It maps the most frequent infringements and corrective measures, covering cases such as objections to direct marketing and account/profile deletion requests.

Read More

NIS2

The European Commission awarded €5.8 million to establish two Regional Cable Hubs — one in the Baltic Sea (coordinated by Finland, including Sweden) and one in the Mediterranean — and launched a separate €40 million CEF Digital call for submarine cable repair capacity. The move operationalises the EU Cable Security Action Plan under the NIS2 infrastructure resilience framework. Proposals accepted until 8 October 2026.

Read More

Sweden

NIS2

FRA/NCSC published new security-measure regulations under the Swedish Cybersecurity Act (NIS2 transposition), effective 1 October 2026. The prescriptions define concrete requirements for: management training, incident and continuity handling, security in development and outsourcing, personnel and physical security, and systematic governance. From 1 July 2026, all NIS2 regulatory responsibilities transfer from MCF to NCSC at FRA.

Read More

Continue reading
Need help?
Contact Us