Framework & Regulatory News
Stay updated on the latest compliance updates, regulatory changes, and framework releases.
EU AI Act Enforcement Timeline Extended — What It Means for Your Controls
The enforcement date for high-risk AI systems has been pushed to Q4 2026. We break down the implications for AI governance frameworks and what compliance teams need to do now.
NIST CSF 2.0 Now Includes Governance Function — Framework Update
NIST released the final version of the Cybersecurity Framework 2.0 with a new 'Govern' function at the core. GRCEye now includes the updated controls and cross-walks.
GDPR Fines Hit €1.2B in Q1 2026 — Enforcement Accelerates
The first quarter of 2026 saw record GDPR penalties. Analysis shows DPA and consent management failures are the top reasons. Ensure your contracts are audit-ready.
NIS2 Directive: 90% of EU Financial Entities Now Comply
New compliance statistics show broad adoption of NIS2 controls across the EU financial sector. We've updated our NIS2 control templates with the latest requirement mappings.
ISO 27001:2022 Revision — New Annex A Controls Added
ISO released clarifications on 12 new Annex A controls in response to the 2022 revision. GRCEye's ISO 27001 framework now reflects these additions with evidence templates.
DORA Q2 2026: ICT Third-Party Monitoring Requirements
The Digital Operational Resilience Act now requires quarterly monitoring reports for all critical ICT service providers. We've added DORA-specific vendor assessment templates.
SOC 2 Type II Audit Report Timing — New Guidance Released
The AICPA clarified timing requirements for SOC 2 Type II reports. Reports must cover at least 6 months. See our updated SOC 2 framework guidance.
CIS Controls v9 Released — Major Update to Control Set
The Center for Internet Security released CIS Controls v9 with restructured controls and new cloud security focus. GRCEye's CIS framework is now updated.
Stay Updated
Get GRC insights and compliance updates delivered to your inbox every week.