News

Derisk Advisory regularly shares thought leadership and insights on ICT, cybersecurity risk management, and regulatory developments to support organizations across industries in enhancing resilience and compliance.

Article 1 through 6 of 15 total articles

  • Luxembourg Transposes NIS2: A Pragmatic Approach and Key Local Stakeholders

    On 6 May 2026, the Luxembourgish government published the law officially transposing the EU's NIS2 Directive into national legislation. As a direct implementation of the European framework, the new law integrates the EU-wide cybersecurity baselines into our national context, establishing clear regulatory oversight for essential and important entities operating in the Grand Duchy.

    May 8, 2026

  • DORA: From Project Mode to Day-to-Day Management

    This interview with our principal consultant, Laurent de la Vaissière, first appeared in the 39th edition of Andy à Luxembourg. We are grateful to Sylvain Aubry and the Association of Luxembourg Compliance Officers (ALCO) for this exchange, which we have translated below for our international readers.

    Jan 29, 2026

  • Navigating AI in Finance: Key Takeaways from BaFin's DORA Guidance

    Shortly before the holiday season, BaFin published new Guidance on the ICT risks associated with the use of Artificial Intelligence (AI). While explicitly non-binding, this document provides essential practical orientation for financial institutions and insurance companies on how to integrate AI technologies into the Digital Operational Resilience Act (DORA) framework.

    Jan 5, 2026

  • CSSF 25/900: Reporting update and DORA alignment

    The CSSF has published Circular CSSF 25/900, updating the annual reporting framework for UCI administrators (UCIAs) under Circular CSSF 22/811. The changes apply from 31 December 2025 and aim to simplify reporting while reflecting the EU framework on digital operational resilience.

    Dec 17, 2025