Derisk Advisory regularly shares thought leadership and insights on ICT, cybersecurity risk management, and regulatory developments to support organizations across industries in enhancing resilience and compliance.
Article 1 through 6 of 16 total articles
The ESAs have published their first comprehensive report on major ICT-related incidents reported under DORA. Documenting 3,383 major incidents across the EU financial sector during 2025, this data establishes an empirical baseline for operational resilience.
Jun 3, 2026
On 6 May 2026, the Luxembourgish government published the law officially transposing the EU's NIS2 Directive into national legislation. As a direct implementation of the European framework, the new law integrates the EU-wide cybersecurity baselines into our national context, establishing clear regulatory oversight for essential and important entities operating in the Grand Duchy.
May 8, 2026
Anthropic’s April 7 technical post on the Claude Mythos Preview makes an extraordinary claim. The company states the model can autonomously identify and exploit both zero-day vulnerabilities and N-day vulnerabilities. They describe these capabilities as a watershed moment for cybersecurity.
Apr 9, 2026
This interview with our principal consultant, Laurent de la Vaissière, first appeared in the 39th edition of Andy à Luxembourg. We are grateful to Sylvain Aubry and the Association of Luxembourg Compliance Officers (ALCO) for this exchange, which we have translated below for our international readers.
Jan 29, 2026
Shortly before the holiday season, BaFin published new Guidance on the ICT risks associated with the use of Artificial Intelligence (AI). While explicitly non-binding, this document provides essential practical orientation for financial institutions and insurance companies on how to integrate AI technologies into the Digital Operational Resilience Act (DORA) framework.
Jan 5, 2026
The CSSF has published Circular CSSF 25/900, updating the annual reporting framework for UCI administrators (UCIAs) under Circular CSSF 22/811. The changes apply from 31 December 2025 and aim to simplify reporting while reflecting the EU framework on digital operational resilience.
Dec 17, 2025