Ireland Monday open 27 Apr 2026: DPC post-EDPB enforcement sprint — EDPB binding decisions on AI-training-data cluster now gazetted, DPC issuing implementation orders to two large-platform controllers this week; Ireland NIS2 Transposition Bill resumes Committee Stage this week — EC infringement timer at day 287, formal reasoned opinion now projected Q2 2026; NCSC-IE healthcare advisory upgraded from AMBER to RED after third confirmed Akira double-extortion incident over weekend in hospital-adjacent sector; Central Bank of Ireland confirms 86 DORA third-party validation letters dispatched — entities have 6 weeks to respond; CCPC/DPC joint AI consumer-protection workshop confirmed 7 May (DPC/DECC/NCSC-IE/CBI/CCPC, 27 Apr 2026) Ireland close 24 Apr 2026: DPC publishes annual report — €645M in inquiries opened 2025, 18 cross-border cases referred to EDPB Art.65; DECC confirms NIS2 Transposition Bill 2026 scheduled for Dáil Second Stage before summer recess; Central Bank of Ireland DORA third-party register validation letters issued to 86 in-scope entities (DPC/DECC/CBI, 24 Apr 2026) Ireland Thursday 23 Apr 2026 — DPC Article 60 binding decisions from yesterday's EDPB plenary published overnight — twin AI-training-data decision set establishes EU-wide precedent on training-corpus lawfulness and data-subject rights in pretraining pipelines; NCSC-IE PSIRT escalated Akira ransomware advisory to RED after overnight critical-supplier notification (RDP/VPN vector); Ireland NIS2 Bill committee stage resumed today — EC reasoned-opinion infringement timer at day 283; CCPC/DPC joint AI-consumer-protection workshop confirmed 7 May (DPC/NCSC-IE/CCPC/EC, 23 Apr 2026) Ireland 22 Apr 2026: DPC Art. 60 draft decisions from the AI-training-data cluster tabled at EDPB plenary today for binding dispute resolution vote — precedent crystallises this afternoon; NCSC-IE PSIRT escalates Akira advisory to AMBER after 2 healthcare-adjacent incidents overnight; NIS2 Bill committee stage resumes 23 Apr — EC infringement day 282 (DPC/NCSC-IE/EC, 22 Apr 2026) Ireland DPC 21 Apr 2026: First lead-authority draft decision in AI-training-data cluster issued to concerned authorities for Article 60 review; NCSC-IE PSIRT issues overnight Akira advisory targeting Irish manufacturing SMEs (DPC/NCSC-IE, 21 Apr 2026) Ireland DPC 20 Apr 2026: 98 open lead-authority cross-border investigations; 17 in draft-decision stage; 2 concern large-platform AI-training data practices NCSC-IE 20 Apr 2026: three weekend essential-service operator incident notifications, including one healthcare-adjacent provider Ireland NIS2 Bill 20 Apr 2026: still stalled at Committee Stage — EC infringement timer at day 280; reasoned opinion expected Q2 2026 CCPC/DPC 20 Apr 2026: joint statement on AI-consumer protection overlap ahead of EU AI Act August deadline DORA: In force 17 Jan 2025 — Active enforcement: on-site ICT risk inspections and third-party oversight reviews underway (ESAs, 2026) NIS2: First audits due 30 Jun 2026 — Q1 2026 penalties issued in EU; 14 of 27 EU states now transposed; EU Digital Omnibus trilogue scheduled 28 Apr 2026 — proposes deadline extensions and compliance simplifications for 28,700 companies; Ireland NIS2 Bill H1 2026 amid EC infringement proceedings (Skadden/EC, Apr 2026) EU AI Act: High-risk AI obligations deadline 2 Aug 2026 — EU Digital Omnibus proposes delay to Dec 2027; CRA vulnerability reporting starts 11 Sep 2026 (EC/Hogan Lovells, Apr 2026) Global Breach Cost: $4.44M average — 241 days to detect & contain; AI-augmented attack surface expanding (IBM/Ponemon, 2026) CISO Personal Liability: NIS2 Art.20 + SEC/DOJ precedent — Director accountability now statutory in EU (2025–2026) Ransomware: Q1 2026: 2,165 victims (+18.5% annualised); March 2026: 808 victims; week 11–17 Apr: 185 incidents — Apr 13 saw 46 new victims in 24 hours; Qilin/DragonForce drive 21% of weekly volume; 7,500+ on leak sites 2025 (+58% YoY); attacks 4× faster; 80% AI-enabled; 87.6% double extortion (BlackFog/BreachSense/Unit42/Emsisoft/Ransom-DB, Apr 2026) Geopolitical CNI: CISA AA26-097a (7 Apr 2026) — Iranian-affiliated APT targeting internet-exposed PLCs in US water/wastewater and CNI sectors; 75+ Unitronics HMI devices compromised. Iran-linked Handala claimed attack on Stryker Corp (11 Mar 2026) disrupting manufacturing and shipping. Volt Typhoon maintains 5+ yr persistence across US energy/water/transport CNI (CISA/FBI/Palo Alto, Apr 2026) Supply Chain: 1,700+ malicious packages across npm/PyPI/Go/Rust (North Korea); kube-health-tools Kubernetes tunnel implant campaign active Apr 2026; Axios/TeamPCP hit 60+ packages — CISA KEV Fortinet CVE-2026-35616 (Datadog/Zscaler/CISA, Apr 2026) UK Online Safety Act: full enforcement 2026 — UK CS&R Bill expanding NIS Regulations to digital supply chains; PSTI Act fines up to £10M or 4% turnover for non-compliant IoT (Ofcom/DSIT, Apr 2026) Patch Tuesday Apr 2026: 167 vulns patched — CVE-2026-32201 SharePoint zero-day actively exploited; Cisco 4 critical flaws in Identity Services & Webex enabling code execution (Microsoft/Cisco, 19 Apr 2026) Data Breaches Apr 2026: ShinyHunters leak 78.6M Rockstar Games records via Snowflake auth tokens; 13.5M McGraw Hill accounts stolen via Salesforce breach (Integrity360/SharkStriker, Apr 2026) Insider & NHI Risk: $19.5M avg per org (+123% since 2018); Thales 2026: 61% cite AI as #1 data risk; 47% sensitive cloud data unencrypted; SpyCloud 2026: 65.7B identity records recaptured (+23% YoY), 18.1M exposed API keys; IBM X-Force: 300,000+ ChatGPT credentials exposed (Proofpoint/IBM/Thales/SpyCloud, Apr 2026) NCSC UK (7 Apr 2026): APT28 / Russian GRU exploiting compromised internet routers for DNS hijacking — intercepting credentials, tokens, and email traffic across UK personal networks; immediate router patching and credential rotation advised (NCSC, Apr 2026) Belgium NIS2 Audit Window OPEN (18 Apr 2026) — first EU member state to hit hard NIS2 conformity assessment deadline; essential entities now require BELAC-accredited Conformity Assessment Body sign-off (CCB Belgium, Apr 2026) GDPR Enforcement: CNIL fines Free Mobile €27M for failing to protect 24M subscriber contracts (Oct 2024 breach); UK ICO fines Reddit £14M for child safety/age-check failures — regulators applying upper Article 83 range to systemic failings (CNIL/ICO, Apr 2026) Live Breaches Wk of 14–19 Apr: Basic-Fit (200K NL members + 1M bank details exposed); Booking.com customer reservation data breach notified 12 Apr; Zerion crypto wallet device compromise — ~$100K stolen 16 Apr (BreachSense/SharkStriker, Apr 2026) ENISA 2026 Risk Landscape Report (Apr 2026): availability/DDoS and ransomware top operational threat categories; threat-actor convergence accelerating — same vulnerability chains active across financially and ideologically motivated campaigns (ENISA, Apr 2026) Ireland: NIS2 Bill expected H1 2026 against backdrop of ongoing EC infringement proceedings; DPC continues to lead EU GDPR enforcement (€530M TikTok decision Apr 2025 still landmark); Belgium opens hard NIS2 audit window 18 Apr 2026 — first benchmark for what the Irish Authority for Cyber Security will need to operationalise (DPC/CCB Belgium/EC, Apr 2026) 900 Peer-reviewed governance frameworks · Retained across Tier-1 boards · Contract-winning evidence chains

Ireland close 24 Apr 2026: DPC publishes annual report — €645M in inquiries opened 2025, 18 cross-border cases referred to EDPB Art.65; DECC confirms NIS2 Transposition Bill 2026 scheduled for Dáil Second Stage before summer recess; Central Bank of Ireland DORA third-party register validation letters issued to 86 in-scope entities (DPC/DECC/CBI, 24 Apr 2026) Ireland Thursday 23 Apr 2026 — DPC Article 60 binding decisions from yesterday's EDPB plenary published overnight — twin AI-training-data decision set establishes EU-wide precedent on training-corpus lawfulness and data-subject rights in pretraining pipelines; NCSC-IE PSIRT escalated Akira ransomware advisory to RED after overnight critical-supplier notification (RDP/VPN vector); Ireland NIS2 Bill committee stage resumed today — EC reasoned-opinion infringement timer at day 283; CCPC/DPC joint AI-consumer-protection workshop confirmed 7 May (DPC/NCSC-IE/CCPC/EC, 23 Apr 2026) Ireland 22 Apr 2026: DPC Art. 60 draft decisions from the AI-training-data cluster tabled at EDPB plenary today for binding dispute resolution vote — precedent crystallises this afternoon; NCSC-IE PSIRT escalates Akira advisory to AMBER after 2 healthcare-adjacent incidents overnight; NIS2 Bill committee stage resumes 23 Apr — EC infringement day 282 (DPC/NCSC-IE/EC, 22 Apr 2026) Ireland DPC 21 Apr 2026: First lead-authority draft decision in AI-training-data cluster issued to concerned authorities for Article 60 review; NCSC-IE PSIRT issues overnight Akira advisory targeting Irish manufacturing SMEs (DPC/NCSC-IE, 21 Apr 2026) DORA: In force 17 Jan 2025 — Active enforcement: on-site ICT risk inspections and third-party oversight reviews underway (ESAs, 2026) NIS2: First audits due 30 Jun 2026 — Q1 2026 penalties issued in EU; 14 of 27 EU states now transposed; EU Digital Omnibus trilogue scheduled 28 Apr 2026 — proposes deadline extensions and compliance simplifications for 28,700 companies; Ireland NIS2 Bill H1 2026 amid EC infringement proceedings (Skadden/EC, Apr 2026) EU AI Act: High-risk AI obligations deadline 2 Aug 2026 — EU Digital Omnibus proposes delay to Dec 2027; CRA vulnerability reporting starts 11 Sep 2026 (EC/Hogan Lovells, Apr 2026) Global Breach Cost: $4.44M average — 241 days to detect & contain; AI-augmented attack surface expanding (IBM/Ponemon, 2026) CISO Personal Liability: NIS2 Art.20 + SEC/DOJ precedent — Director accountability now statutory in EU (2025–2026) Ransomware: Q1 2026: 2,165 victims (+18.5% annualised); March 2026: 808 victims; week 11–17 Apr: 185 incidents — Apr 13 saw 46 new victims in 24 hours; Qilin/DragonForce drive 21% of weekly volume; 7,500+ on leak sites 2025 (+58% YoY); attacks 4× faster; 80% AI-enabled; 87.6% double extortion (BlackFog/BreachSense/Unit42/Emsisoft/Ransom-DB, Apr 2026) Geopolitical CNI: CISA AA26-097a (7 Apr 2026) — Iranian-affiliated APT targeting internet-exposed PLCs in US water/wastewater and CNI sectors; 75+ Unitronics HMI devices compromised. Volt Typhoon maintains 5+ yr persistence across US energy/water/transport CNI (CISA/FBI/Palo Alto, Apr 2026) Supply Chain: 1,700+ malicious packages across npm/PyPI/Go/Rust (North Korea); kube-health-tools Kubernetes tunnel implant campaign active Apr 2026 (Datadog/Zscaler/CISA, Apr 2026) UK Online Safety Act: full enforcement 2026 — UK CS&R Bill expanding NIS Regulations to digital supply chains (Ofcom/DSIT, Apr 2026) Patch Tuesday Apr 2026: 167 vulns patched — CVE-2026-32201 SharePoint zero-day actively exploited (Microsoft/Cisco, 19 Apr 2026) Data Breaches Apr 2026: ShinyHunters leak 78.6M Rockstar Games records; 13.5M McGraw Hill accounts stolen (Integrity360/SharkStriker, Apr 2026) Insider & NHI Risk: $19.5M avg per org (+123% since 2018); Thales 2026: 61% cite AI as #1 data risk (Proofpoint/IBM/Thales/SpyCloud, Apr 2026) NCSC UK (7 Apr 2026): APT28 / Russian GRU exploiting compromised internet routers for DNS hijacking — intercepting credentials, tokens, and email traffic across UK personal networks; immediate router patching and credential rotation advised (NCSC, Apr 2026) Belgium NIS2 Audit Window OPEN (18 Apr 2026) — first EU member state to hit hard NIS2 conformity assessment deadline; essential entities now require BELAC-accredited Conformity Assessment Body sign-off (CCB Belgium, Apr 2026) GDPR Enforcement: CNIL fines Free Mobile €27M for failing to protect 24M subscriber contracts (Oct 2024 breach); UK ICO fines Reddit £14M for child safety/age-check failures — regulators applying upper Article 83 range to systemic failings (CNIL/ICO, Apr 2026) Live Breaches Wk of 14–19 Apr: Basic-Fit (200K NL members + 1M bank details exposed); Booking.com customer reservation data breach notified 12 Apr; Zerion crypto wallet device compromise — ~$100K stolen 16 Apr (BreachSense/SharkStriker, Apr 2026) ENISA 2026 Risk Landscape Report (Apr 2026): availability/DDoS and ransomware top operational threat categories; threat-actor convergence accelerating — same vulnerability chains active across financially and ideologically motivated campaigns (ENISA, Apr 2026) Ireland: NIS2 Bill expected H1 2026 against backdrop of ongoing EC infringement proceedings; DPC continues to lead EU GDPR enforcement (€530M TikTok decision Apr 2025 still landmark); Belgium opens hard NIS2 audit window 18 Apr 2026 — first benchmark for what the Irish Authority for Cyber Security will need to operationalise (DPC/CCB Belgium/EC, Apr 2026) 900 Peer-reviewed governance frameworks · Retained across Tier-1 boards · Contract-winning evidence chains

Dublin-based · EU-focused · EMEA Delivery · DORA · NIS2 · EU AI Act · ISO 42001

Contact

Please use the details below to reach out.

Ready to assess your governance posture?

Request a confidential executive briefing. Receive an initial assessment of your governance gaps and a roadmap to compliance.

Request Executive Briefing View All 900 Doctrines

ENGAGEMENT PATHS

Choose your entry point

Board & C-Suite

15-minute governance briefing. Board-level risk mapping. Regulatory compliance dashboard. Decision rights architecture.

CISO / CTO

Technical architecture assessment. Zero Trust alignment. AI governance framework. Operational controls review.

Procurement

Tender-ready. Artefact-based deliverables. Verified counterparty references. Full audit trails.

Engage

Secure a Mandate Slot

Direct contact

For professional enquiries, please email or connect on LinkedIn.

Email info@kie.ie

LinkedIn /in/kieranupadrasta

Email Now

Send your brief

I am a…

This is not a sales conversation. It is a strategic engagement that begins at board level.

If your organisation is facing regulatory examination, active threat, or governance failure — this is the line.

Contact Email Direct

Contact

Ready to assess your governance posture?

Choose your entry point

Board & C-Suite

CISO / CTO

Procurement

Secure a Mandate Slot

Direct contact

Send your brief

Privacy Policy

Terms of Service

Cookie Policy

Web Accessibility Statement

Human Rights & Modern Slavery Statement

Professional Code of Conduct

Help

Site Requirements

Search Tips

Browser & Mobile

Print & Save

Accessibility

Sitemap & Discovery

Contact & Feedback

Connect

Legal Disclaimer

Provision of Services — Regulatory Information