France jeudi 30 avr. 2026 : Banque de France — fenêtre attestation DORA close aujourd'hui ; AMF analyse les réponses à la consultation priorités supervision (close 25 avr.). CNIL formation restreinte 24 avr. : sanction adtech €9M publiée + sanction santé €3M confirmée — premières décisions françaises articulant RGPD Art. 25 et principes préparatoires AI Act. ANSSI CERT-FR : note d'information OIV/OSE attendue sur Apache Tomcat CVE-2026-34141 (CVSS 9.8, directive américaine ED-26-05 du 29 avr.) — patch à déployer sans délai. Trilogue AI Act Digital Omnibus en relecture juridique — publication JOUE cible juin 2026, délai Annex III confirmé 2 déc. 2027. ANSSI : 11 400 entités NIS2 désignées — délai de réponse 6 semaines, soit échéance ~11 juin 2026 (CNIL/ANSSI/BdF/AMF/EC, 30 avr. 2026) France lundi 27 avr. 2026 : CNIL — délibération adtech €9M et santé €3M attendues cette semaine (formation restreinte terminée vendredi) ; ANSSI publie le référentiel NIS2 sectoriel mis à jour — 11 400 entités essentielles/importantes notifiées, délai de désignation 6 semaines ; trilogue AI Act Digital Omnibus 2e séance politique DEMAIN (28 avr.) — alignement Annex III 2 déc. 2027 confirmé, interdiction nudifier en discussion ; AMF-ACPR : clôture de la consultation DORA T-2 vendredi 25 avr., dépouillement en cours ; ANSSI CERT-FR : weekend — 2 nouveaux incidents Akira sur ETI françaises signalés (CNIL/ANSSI/AMF/EC, 27 avr. 2026) Clôture France 24 avr. 2026 : la CNIL ouvre une enquête formelle contre 3 EdTech pour traitement biométrique de mineurs au titre de l'art. 9 ; l'ANSSI publie la mise à jour du Décret d'application sectoriel NIS2 — avis de désignation pour 11 400 entités essentielles/importantes françaises expédiés cette semaine ; fenêtre d'attestation DORA Banque de France close le 30 avril (CNIL/ANSSI/BdF, 24 avr. 2026) France jeudi 23 avr. 2026 — Formation restreinte de la CNIL : délibérations en cours sur les dossiers adtech (€9M, articulation RGPD Art. 25 / AI Act) et santé (€3M) — décisions attendues 24 avr. ; ANSSI CERT-FR a escaladé la note Akira vers RED après un 5e cas de double extorsion sur ETI industrielle française ; AMF : clôture de la consultation DORA T-2 (vendredi 25 avr.) ; la trilogue Digital Omnibus AI Act est à T-5 jours avec le calage des dates Annex III (2 déc. 2027) confirmé en scrub légal ; Sénat — audition suite REC/LPM demain (CNIL/ANSSI/AMF/EC/Sénat, 23 avr. 2026) France 22 avr. 2026 : CNIL séance de formation restreinte ouverte ce matin — dossier adtech €9M + dossier santé €3M en audition, délibérations 23–24 avr.; ANSSI CERT-FR publie note Akira — 4e cas de double extorsion industrielle signalé; AMF clôture vendredi 25 avr. la consultation priorités de supervision; Sénat REC/LPM audition rapporteur 22 avr. (CNIL/ANSSI/AMF/Sénat, 22 avr. 2026) CNIL 21 avr. 2026 — délibération adtech €9M attendue 24 avril, première sanction française tissant RGPD art. 25 et principes préparatoires AI Act ; ANSSI CERT-FR escalade Akira après un troisième cas double-extorsion (industriel mid-market) (CNIL/ANSSI, 21 avr. 2026) France CNIL 20 Apr 2026: sanctions committee mid-week readout — reasoned decision on ~€9M adtech fine, first enforcement citing GDPR Art. 25 + AI Act preparatory principles ANSSI CERT-FR 20 Apr 2026: Akira ransomware wave against French mid-market industrials; two confirmed double-extortion cases in 18–19 Apr window France AMF 20 Apr 2026: reminder that DORA TLPT scoping submissions are past due for late filers — supervisory follow-up initiated France LPM/REC 20 Apr 2026: Assemblée Nationale rapporteur tables cyber-provisions report this week — sectoral-scope expansion expected DORA: In force 17 Jan 2025 — Active enforcement: on-site ICT risk inspections and third-party oversight reviews underway (ESAs, 2026) NIS2: First audits due 30 Jun 2026 — Q1 2026 penalties issued in EU; 14 of 27 EU states now transposed; EU Digital Omnibus trilogue scheduled 28 Apr 2026 — proposes deadline extensions and compliance simplifications for 28,700 companies; Ireland NIS2 Bill H1 2026 amid EC infringement proceedings (Skadden/EC, Apr 2026) EU AI Act: High-risk AI obligations deadline 2 Aug 2026 — EU Digital Omnibus proposes delay to Dec 2027; CRA vulnerability reporting starts 11 Sep 2026 (EC/Hogan Lovells, Apr 2026) Global Breach Cost: $4.44M average — 241 days to detect & contain; AI-augmented attack surface expanding (IBM/Ponemon, 2026) CISO Personal Liability: NIS2 Art.20 + SEC/DOJ precedent — Director accountability now statutory in EU (2025–2026) Ransomware: Q1 2026: 2,165 victims (+18.5% annualised); March 2026: 808 victims; week 11–17 Apr: 185 incidents — Apr 13 saw 46 new victims in 24 hours; Qilin/DragonForce drive 21% of weekly volume; 7,500+ on leak sites 2025 (+58% YoY); attacks 4× faster; 80% AI-enabled; 87.6% double extortion (BlackFog/BreachSense/Unit42/Emsisoft/Ransom-DB, Apr 2026) Geopolitical CNI: CISA AA26-097a (7 Apr 2026) — Iranian-affiliated APT targeting internet-exposed PLCs in US water/wastewater and CNI sectors; 75+ Unitronics HMI devices compromised. Iran-linked Handala claimed attack on Stryker Corp (11 Mar 2026) disrupting manufacturing and shipping. Volt Typhoon maintains 5+ yr persistence across US energy/water/transport CNI (CISA/FBI/Palo Alto, Apr 2026) Supply Chain: 1,700+ malicious packages across npm/PyPI/Go/Rust (North Korea); kube-health-tools Kubernetes tunnel implant campaign active Apr 2026; Axios/TeamPCP hit 60+ packages — CISA KEV Fortinet CVE-2026-35616 (Datadog/Zscaler/CISA, Apr 2026) UK Online Safety Act: full enforcement 2026 — UK CS&R Bill expanding NIS Regulations to digital supply chains; PSTI Act fines up to £10M or 4% turnover for non-compliant IoT (Ofcom/DSIT, Apr 2026) Patch Tuesday Apr 2026: 167 vulns patched — CVE-2026-32201 SharePoint zero-day actively exploited; Cisco 4 critical flaws in Identity Services & Webex enabling code execution (Microsoft/Cisco, 19 Apr 2026) Data Breaches Apr 2026: ShinyHunters leak 78.6M Rockstar Games records via Snowflake auth tokens; 13.5M McGraw Hill accounts stolen via Salesforce breach (Integrity360/SharkStriker, Apr 2026) Insider & NHI Risk: $19.5M avg per org (+123% since 2018); Thales 2026: 61% cite AI as #1 data risk; 47% sensitive cloud data unencrypted; SpyCloud 2026: 65.7B identity records recaptured (+23% YoY), 18.1M exposed API keys; IBM X-Force: 300,000+ ChatGPT credentials exposed (Proofpoint/IBM/Thales/SpyCloud, Apr 2026) NCSC UK (7 Apr 2026): APT28 / Russian GRU exploiting compromised internet routers for DNS hijacking — intercepting credentials, tokens, and email traffic across UK personal networks; immediate router patching and credential rotation advised (NCSC, Apr 2026) Belgium NIS2 Audit Window OPEN (18 Apr 2026) — first EU member state to hit hard NIS2 conformity assessment deadline; essential entities now require BELAC-accredited Conformity Assessment Body sign-off (CCB Belgium, Apr 2026) GDPR Enforcement: CNIL fines Free Mobile €27M for failing to protect 24M subscriber contracts (Oct 2024 breach); UK ICO fines Reddit £14M for child safety/age-check failures — regulators applying upper Article 83 range to systemic failings (CNIL/ICO, Apr 2026) Live Breaches Wk of 14–19 Apr: Basic-Fit (200K NL members + 1M bank details exposed); Booking.com customer reservation data breach notified 12 Apr; Zerion crypto wallet device compromise — ~$100K stolen 16 Apr (BreachSense/SharkStriker, Apr 2026) ENISA 2026 Risk Landscape Report (Apr 2026): availability/DDoS and ransomware top operational threat categories; threat-actor convergence accelerating — same vulnerability chains active across financially and ideologically motivated campaigns (ENISA, Apr 2026) France: CNIL maintient une cadence de sanctions élevée — €27M Free Mobile + €15M Free (Jan 2026), €5M France Travail (Jan 2026), €325M Google (Sep 2025); ANSSI accélère la transposition NIS2 française et la préparation des entités essentielles aux audits 2026 — fenêtre belge ouverte le 18 avril 2026 sert de référence opérationnelle (CNIL / ANSSI / CCB Belgique, avr. 2026) 900 Peer-reviewed governance frameworks · Retained across Tier-1 boards · Contract-winning evidence chains

Clôture France 24 avr. 2026 : la CNIL ouvre une enquête formelle contre 3 EdTech pour traitement biométrique de mineurs au titre de l'art. 9 ; l'ANSSI publie la mise à jour du Décret d'application sectoriel NIS2 — avis de désignation pour 11 400 entités essentielles/importantes françaises expédiés cette semaine ; fenêtre d'attestation DORA Banque de France close le 30 avril (CNIL/ANSSI/BdF, 24 avr. 2026) France jeudi 23 avr. 2026 — Formation restreinte de la CNIL : délibérations en cours sur les dossiers adtech (€9M, articulation RGPD Art. 25 / AI Act) et santé (€3M) — décisions attendues 24 avr. ; ANSSI CERT-FR a escaladé la note Akira vers RED après un 5e cas de double extorsion sur ETI industrielle française ; AMF : clôture de la consultation DORA T-2 (vendredi 25 avr.) ; la trilogue Digital Omnibus AI Act est à T-5 jours avec le calage des dates Annex III (2 déc. 2027) confirmé en scrub légal ; Sénat — audition suite REC/LPM demain (CNIL/ANSSI/AMF/EC/Sénat, 23 avr. 2026) France 22 avr. 2026 : CNIL séance de formation restreinte ouverte ce matin — dossier adtech €9M + dossier santé €3M en audition, délibérations 23–24 avr.; ANSSI CERT-FR publie note Akira — 4e cas de double extorsion industrielle signalé; AMF clôture vendredi 25 avr. la consultation priorités de supervision; Sénat REC/LPM audition rapporteur 22 avr. (CNIL/ANSSI/AMF/Sénat, 22 avr. 2026) CNIL 21 avr. 2026 — délibération adtech €9M attendue 24 avril, première sanction française tissant RGPD art. 25 et principes préparatoires AI Act ; ANSSI CERT-FR escalade Akira après un troisième cas double-extorsion (industriel mid-market) (CNIL/ANSSI, 21 avr. 2026) DORA: In force 17 Jan 2025 — Active enforcement: on-site ICT risk inspections and third-party oversight reviews underway (ESAs, 2026) NIS2: First audits due 30 Jun 2026 — Q1 2026 penalties issued in EU; 14 of 27 EU states now transposed; EU Digital Omnibus trilogue scheduled 28 Apr 2026 — proposes deadline extensions and compliance simplifications for 28,700 companies; Ireland NIS2 Bill H1 2026 amid EC infringement proceedings (Skadden/EC, Apr 2026) EU AI Act: High-risk AI obligations deadline 2 Aug 2026 — EU Digital Omnibus proposes delay to Dec 2027; CRA vulnerability reporting starts 11 Sep 2026 (EC/Hogan Lovells, Apr 2026) Global Breach Cost: $4.44M average — 241 days to detect & contain; AI-augmented attack surface expanding (IBM/Ponemon, 2026) CISO Personal Liability: NIS2 Art.20 + SEC/DOJ precedent — Director accountability now statutory in EU (2025–2026) Ransomware: Q1 2026: 2,165 victims (+18.5% annualised); March 2026: 808 victims; week 11–17 Apr: 185 incidents — Apr 13 saw 46 new victims in 24 hours; Qilin/DragonForce drive 21% of weekly volume; 7,500+ on leak sites 2025 (+58% YoY); attacks 4× faster; 80% AI-enabled; 87.6% double extortion (BlackFog/BreachSense/Unit42/Emsisoft/Ransom-DB, Apr 2026) Geopolitical CNI: CISA AA26-097a (7 Apr 2026) — Iranian-affiliated APT targeting internet-exposed PLCs in US water/wastewater and CNI sectors; 75+ Unitronics HMI devices compromised. Volt Typhoon maintains 5+ yr persistence across US energy/water/transport CNI (CISA/FBI/Palo Alto, Apr 2026) Supply Chain: 1,700+ malicious packages across npm/PyPI/Go/Rust (North Korea); kube-health-tools Kubernetes tunnel implant campaign active Apr 2026 (Datadog/Zscaler/CISA, Apr 2026) UK Online Safety Act: full enforcement 2026 — UK CS&R Bill expanding NIS Regulations to digital supply chains (Ofcom/DSIT, Apr 2026) Patch Tuesday Apr 2026: 167 vulns patched — CVE-2026-32201 SharePoint zero-day actively exploited (Microsoft/Cisco, 19 Apr 2026) Data Breaches Apr 2026: ShinyHunters leak 78.6M Rockstar Games records; 13.5M McGraw Hill accounts stolen (Integrity360/SharkStriker, Apr 2026) Insider & NHI Risk: $19.5M avg per org (+123% since 2018); Thales 2026: 61% cite AI as #1 data risk (Proofpoint/IBM/Thales/SpyCloud, Apr 2026) NCSC UK (7 Apr 2026): APT28 / Russian GRU exploiting compromised internet routers for DNS hijacking — intercepting credentials, tokens, and email traffic across UK personal networks; immediate router patching and credential rotation advised (NCSC, Apr 2026) Belgium NIS2 Audit Window OPEN (18 Apr 2026) — first EU member state to hit hard NIS2 conformity assessment deadline; essential entities now require BELAC-accredited Conformity Assessment Body sign-off (CCB Belgium, Apr 2026) GDPR Enforcement: CNIL fines Free Mobile €27M for failing to protect 24M subscriber contracts (Oct 2024 breach); UK ICO fines Reddit £14M for child safety/age-check failures — regulators applying upper Article 83 range to systemic failings (CNIL/ICO, Apr 2026) Live Breaches Wk of 14–19 Apr: Basic-Fit (200K NL members + 1M bank details exposed); Booking.com customer reservation data breach notified 12 Apr; Zerion crypto wallet device compromise — ~$100K stolen 16 Apr (BreachSense/SharkStriker, Apr 2026) ENISA 2026 Risk Landscape Report (Apr 2026): availability/DDoS and ransomware top operational threat categories; threat-actor convergence accelerating — same vulnerability chains active across financially and ideologically motivated campaigns (ENISA, Apr 2026) France: CNIL maintient une cadence de sanctions élevée — €27M Free Mobile + €15M Free (Jan 2026), €5M France Travail (Jan 2026), €325M Google (Sep 2025); ANSSI accélère la transposition NIS2 française et la préparation des entités essentielles aux audits 2026 — fenêtre belge ouverte le 18 avril 2026 sert de référence opérationnelle (CNIL / ANSSI / CCB Belgique, avr. 2026) 900 Peer-reviewed governance frameworks · Retained across Tier-1 boards · Contract-winning evidence chains

Paris-based · EU-focused · EMEA Delivery · DORA · NIS2 · EU AI Act · ISO 42001

Contact

Please use the details below to reach out.

Ready to assess your governance posture?

Request a confidential executive briefing. Receive an initial assessment of your governance gaps and a roadmap to compliance.

Request Executive Briefing View All 900 Doctrines

ENGAGEMENT PATHS

Choose your entry point

Board & C-Suite

15-minute governance briefing. Board-level risk mapping. Regulatory compliance dashboard. Decision rights architecture.

CISO / CTO

Technical architecture assessment. Zero Trust alignment. AI governance framework. Operational controls review.

Procurement

Tender-ready. Artefact-based deliverables. Verified counterparty references. Full audit trails.

Engage

Secure a Mandate Slot

Direct contact

For professional enquiries, please email or connect on LinkedIn.

Email info@kieparis.fr

LinkedIn /in/kieranupadrasta

Email Now

Send your brief

I am a…

This is not a sales conversation. It is a strategic engagement that begins at board level.

If your organisation is facing regulatory examination, active threat, or governance failure — this is the line.

Contact Email Direct

Contact

Ready to assess your governance posture?

Choose your entry point

Board & C-Suite

CISO / CTO

Procurement

Secure a Mandate Slot

Direct contact

Send your brief

Privacy Policy

Terms of Service

Politique relative aux cookies

Déclaration d'accessibilité web

Droits humains & lutte contre l'esclavage moderne

Code de conduite professionnelle

Aide

Configuration requise

Recherche

Impression

Mobile

Accessibilité

Plan du site

Contact & retours

Réseaux

Mentions légales & clause de non-responsabilité

Fourniture de services — informations réglementaires