Security Roundup February 2026

The RSA conference remains a barometer for emerging cybersecurity thought leadership, and Dr Valerie Lyons’ invitation underscores the growing relevance of human‑rights perspectives in security design. "Dignity by Design" extends the well‑known Privacy by Design framework, urging organizations to embed ethical considerations from the outset. This shift signals to vendors and enterprises that compliance will increasingly intersect with broader societal values, prompting a reevaluation of risk assessments and product roadmaps.

In Brussels, the updated Cybersecurity Act reflects the EU’s urgency to protect critical infrastructure against sophisticated supply‑chain attacks. By granting the Commission authority to blacklist high‑risk third‑country providers, the legislation aims to streamline incident reporting while easing the administrative load on SMEs. Coupled with targeted amendments to the NIS2 Directive, the package promises a more coordinated defensive posture, but also raises questions about market access for non‑EU tech firms and the operational readiness of ENISA to enforce new standards.

Parallel regulatory moves in data protection and AI governance illustrate a broader trend toward tighter digital oversight. The Digital Omnibus proposal, despite its intent to simplify compliance, risks eroding GDPR safeguards by narrowing the definition of personal data. Ireland’s AI Bill, establishing a dedicated AI Office, positions the country as a potential EU hub for responsible AI, yet firms must adapt to new accountability regimes. Finally, the staggering €32 billion loss from scam advertising highlights the economic stakes of cyber fraud, urging platforms and regulators to intensify detection and consumer‑education efforts.