%20(A2%20(Landscape))%20(3).png)
EU Level
AI security gets a baseline: ETSI EN 304223 sets baseline cybersecurity requirements for AI models and systems acrossthe full lifecycle. It addresses risks such as data poisoning and promptinjection and is likely to become a reference point for procurement, audits,and security-by-design expectations.
GDPR enforcement reminder: €42m fine forsecurity failings CNIL fined FREE MOBILE (€27m) and FREE (€15m) forcybersecurity shortcomings impacting customer data. Message is simple:regulators are still punishing fundamentals, not just cutting-edge AI edgecases.
DORA oversight goes cross-border: EUsupervisors and UK regulators signed an MoU on oversight of critical ICTthird-party providers, increasing scrutiny on concentration risk, incidentcoordination, and supplier control.
Council paves the way for AI gigafactories:The Council approved reforms to the EuroHPC Joint Undertaking, enabling AIgigafactories and a quantum pillar, unlocking public-private funding forlarge-scale AI compute across Europe.
Sweden Level
Digital Services Act strengthens userrights online: Sweden’s Digital Services Coordinator is PTS, working withKonsumentverket and Mediemyndigheten. Platforms must enable illegal contentreporting, explain moderation decisions, label ads, and meet stricterobligations if designated as very large.
NIS2 is now active in Sweden : Sweden’sCybersecurity Act and Ordinance entered into force, replacing the prior NISframework. This is the start of stricter requirements on governance, riskcontrols, and incident reporting for many operators across critical sectors.
%20(A2%20(Landscape))%20(4).png)
%20(A2%20(Landscape))%20(5).png)
%20(A2%20(Landscape))%20(6).png)
%20(A2%20(Landscape))%20(7).png)
