Activity Tracker

The DPA Activity Tracker provides our latest information on developments in legislatures, judiciaries and the executive branches of G20, EU member states and Switzerland.

75 events advancing 68 policy or regulatory changes:

Most active jurisdictions Number of policy changes

Graph

Table

Most active policy areas Number of policy changes
Targeted economic activity Number of policy changes
Reset filters
75 events advancing 68 policy or regulatory changes:
under deliberation

Cybersecurity regulation in Act amending Kentucky Revised Statutes on data privacy (HB 692)

Latest event Date: 2027-07-01 law implementation

Act amending Kentucky Revised Statutes on data privacy including cybersecurity regulation enters into force

On 1 July 2027, the Act amending Kentucky Revised Statutes on data privacy (HB 692) enters into force. The Act amends KRS 367.3617 to require controllers to establish, implement, and maintain reasonable administrative, technical, and physical data s…

Implementer
United States of America
Policy area Data governance
Policy or regulatory element Cybersecurity regulation
Economic activity technological consumer goods
under deliberation

Data protection regulation in Act amending Kentucky Revised Statutes on data privacy (HB 692)

Latest event Date: 2027-07-01 law implementation

Act amending Kentucky Revised Statutes on data privacy including data protection regulation enters into force

On 1 July 2027, the Act amending Kentucky Revised Statutes on data privacy (HB 692) enters into force. The Act amends KRS 367.3611 to introduce definitions of "automatic content recognition data" and "smart monitor." "Automatic content recognition d…

Implementer
United States of America
Policy area Data governance
Policy or regulatory element Data protection regulation
Economic activity technological consumer goods
adopted

Bill amending Personal Information Protection Act (Bill No. 2216765/Act No. 21445)

Latest event Date: 2027-07-01 law implementation

Mandatory personal information protection certification provisions of Personal Information Protection Act (Act No. 21445) entered into force

On 1 July 2027, the amended Article 32-2(1) proviso and Article 75(2) item 15 of Act No. 21445, amending the Personal Information Protection Act, entered into force. Under the amended Article 32-2(1) proviso, personal information processors meeting …

Implementer
Republic of Korea
Policy area Data governance
Policy or regulatory element Cybersecurity regulation
Economic activity cross-cutting
in grace period

EU Regulation laying down additional procedural rules relating to the enforcement of GDPR in cross-border cases

Latest event Date: 2027-04-02 law implementation

Regulation laying down additional procedural rules relating to the enforcement of GDPR enters into force

On 2 April 2027, the Regulation of the European Parliament and of the Council laying down additional procedural rules relating to the enforcement of Regulation (EU) 2016/679 enters into force. The regulation aims to harmonise the criteria for assess…

Implementer
European Union
Policy area Data governance
Policy or regulatory element Data protection authority governance
Economic activity cross-cutting
adopted

Bill amending Network Act including incident response obligations and enforcement measures (Bill No. 2214896/Law No. 21500)

Latest event Date: 2027-04-01 law implementation

Information Security Level Evaluation obligations in Act on Promotion of Information and Communications Network Utilization and Information Protection (Law No. 21500) enter into force

On 1 April 2027, the Information Security Level Evaluation obligations in the Act on Promotion of Information and Communications Network Utilization and Information Protection (Law No. 21500) enter into force. The Korea Ministry of Science and ICT m…

Implementer
Republic of Korea
Policy area Data governance
Policy or regulatory element Cybersecurity regulation
Economic activity infrastructure provider: internet and telecom services
in force

Consumer Financial Protection Bureau Personal Financial Data Rights Rule

Latest event Date: 2027-04-01 order implementation

Implemented obligations for depository institutions that hold at least USD 10 billion in total assets outlined in Rule on Personal Financial Data Rights

On 1 April 2027, the final rule on personal financial data rights came into force for depository institutions that hold at least USD 10 billion in total assets but less than USD 250 billion or non-depository institutions that did not generate USD 10…

Implementer
United States of America
Policy area Data governance
Policy or regulatory element Data protection regulation
Economic activity digital payment provider (incl. cryptocurrencies), other service provider
adopted

Data protection regulation in Government Regulation Number 17 of 2025 concerning Governance of Electronic System Implementation in Child Protection

Latest event Date: 2027-03-27 order implementation

Government Regulation Number 17 of 2025 concerning Governance of Electronic System Implementation in Child Protection including data protection regulation enters into force

On 27 March 2027, Regulation Number 17 of 2025 concerning Governance of Electronic System Implementation in Child Protection enters into force following the conclusion of the two-year transition period that began on 27 March 2025. Under this regulat…

Implementer
Indonesia
Policy area Data governance
Policy or regulatory element Data protection regulation
Economic activity cross-cutting
in grace period

Regulation (EU) 2025/327 establishing a European Health Data Space (EHDS) including rules for portability and sharing of health data

Latest event Date: 2027-03-26 law implementation

European Health Data Space Regulation (2025/327) enters into force

On 26 March 2027, specific provisions of the European Health Data Space (EHDS) Regulation (2025/327) come into force. These include the adoption of common specifications for EHR systems, which will set requirements for interoperability, security and…

Implementer
European Union
Policy area Data governance
Policy or regulatory element Data protection regulation
Economic activity cross-cutting
adopted

Guidance on operational incident reporting (FG26/3)

Latest event Date: 2027-03-18 order implementation

Guidance on operational incident reporting enters into force

On 18 March 2027, the guidance on operational incident reporting for firms with Part 4A permission, payment service providers (PSPs), credit rating agencies, and other financial firms enters into force. The guidelines establish a standardised proces…

Implementer
United Kingdom
Policy area Data governance
Policy or regulatory element Cybersecurity regulation
Economic activity other service provider
adopted

Guidance on material third party arrangements (FG26/4)

Latest event Date: 2027-03-18 order implementation

Guidance on material third party arrangements enters into force

On 18 March 2027, the guidance on material third-party arrangements (FG26/4) comes into force. It applies to designated investment firms, authorised electronic money or payment institutions, and other financial institutions. The guidance requires fi…

Implementer
United Kingdom
Policy area Data governance
Policy or regulatory element Cybersecurity regulation
Economic activity digital payment provider (incl. cryptocurrencies), other service provider
Page
1
2
3
4
5
6
7