#regulation
- Analysis · Jun 24, 2026Biometric authentication just became a regulatory frontier
Biometrics are now in nearly every national ID and a growing share of logins, and the law has caught up. BIPA, the EU AI Act, and a wave of US state rules treat biometric identifiers as a special category. Here is what changed and what to do.
- News · Jun 18, 2026India's DPDP regime advances, with consent-manager rules due by November 2026
India's Digital Personal Data Protection Rules, notified in late 2025, are rolling out in phases. The Consent Manager framework becomes operational by 13 November 2026, with the remaining substantive obligations following by 13 May 2027. Penalties reach up to 250 crore rupees for failing to take reasonable security safeguards.
- News · Jan 17, 2025DORA takes effect for EU financial entities
The Digital Operational Resilience Act began to apply, raising the bar for access controls, identity governance, and third-party risk in EU finance.
- News · Jan 16, 2025US executive order mandates phishing-resistant authentication for agencies
A US cybersecurity executive order directed federal agencies toward phishing-resistant authentication such as passkeys and PIV, reinforcing the move off passwords.
- News · Dec 3, 2024CISA urges organizations to adopt phishing-resistant MFA
CISA reiterated guidance to move from SMS and push-based MFA to phishing-resistant methods like FIDO2 and passkeys.
- News · Oct 17, 2024NIS2 transposition deadline raises identity and access requirements
The NIS2 directive deadline pushed many EU organizations to strengthen MFA, access control, and identity governance as baseline obligations.
- News · May 20, 2024EU adopts eIDAS 2.0, mandating the European Digital Identity Wallet
The EU adopted eIDAS 2.0, requiring member states to offer digital identity wallets and accelerating verifiable-credential adoption across Europe.