Activity Tracker

On 2 April 2027, the Regulation of the European Parliament and of the Council laying down additional procedural rules relating to the enforcement of Regulation (EU) 2016/679 enters into force. The regulation aims to harmonise the criteria for assess…

On 1 April 2027, the Information Security Level Evaluation obligations in the Act on Promotion of Information and Communications Network Utilization and Information Protection (Law No. 21500) enter into force. The Korea Ministry of Science and ICT m…

On 1 April 2027, the final rule on personal financial data rights came into force for depository institutions that hold at least USD 10 billion in total assets but less than USD 250 billion or non-depository institutions that did not generate USD 10…

On 27 March 2027, Regulation Number 17 of 2025 concerning Governance of Electronic System Implementation in Child Protection enters into force following the conclusion of the two-year transition period that began on 27 March 2025. Under this regulat…

On 26 March 2027, specific provisions of the European Health Data Space (EHDS) Regulation (2025/327) come into force. These include the adoption of common specifications for EHR systems, which will set requirements for interoperability, security and…

On 18 March 2027, the guidance on operational incident reporting for firms with Part 4A permission, payment service providers (PSPs), credit rating agencies, and other financial firms enters into force. The guidelines establish a standardised proces…

On 18 March 2027, the guidance on material third-party arrangements (FG26/4) comes into force. It applies to designated investment firms, authorised electronic money or payment institutions, and other financial institutions. The guidance requires fi…

On 1 February 2027, Section 6 of the Privacy Protection Act (A6309) enters into force, regulating the collection and sharing of personal information by health care facilities. The provisions prohibit health care facilities from requesting or collect…

On 1 January 2027, the Age-Appropriate Design Code Act (S. 69) enters into force. The Act stipulates that violations of its provisions will be treated as unfair and deceptive acts in commerce, with enforcement overseen by the Attorney General. Speci…

On 1 January 2027, the California Opt Me Out Act enters into force, amending the California Consumer Privacy Act of 2018 to mandate that internet browsers include a consumer-configurable function to send an opt-out preference signal to businesses wi…