EDPB Guidelines on Transfer Impact Assessments
European Data Protection Board updates TIA methodology post Schrems II/DPF.
Add the live ICS feed to your calendar app. We update it whenever a regulator publishes a new milestone — no app to install, no email required.
Prefer email? Get deadline reminders in the Regulatory Roundup.
No spam. Unsubscribe in one click. Privacy Policy.
European Data Protection Board updates TIA methodology post Schrems II/DPF.
Member States required to transpose NIS2 into national law - essential/important entity registration obligations apply.
Delaware joins the patchwork of US state privacy laws.
Iowa privacy law in force - opt-out for sale, plain DSAR procedure.
New Hampshire comprehensive privacy law in force.
CNIL announces priority on cookie compliance and dark-pattern enforcement.
Operative rules under the DPDP Act 2023: consent, notice, security, breach notification, Data Protection Board procedures.
New Jersey state privacy law applies - universal opt-out, sensitive data protections.
Digital Operational Resilience Act applies to financial entities and their critical ICT third-party providers.
Article 5 prohibitions (manipulative, social scoring, real-time biometric ID in public spaces) become enforceable.
Digital Markets, Competition and Consumers Act 2024 takes substantive effect.
Data (Use and Access) Act receives Royal Assent - reforms to UK data protection including DPDI provisions.
California Privacy Protection Agency's expanded regulations on automated decision-making, risk assessments, and cybersecurity audits.
Tennessee comprehensive privacy law in force.
Minnesota becomes the next US state with comprehensive privacy law in force.
Rules for general-purpose AI models (GPAI), governance, and penalties take effect.
ANPD opens its regulatory sandbox for AI + privacy use cases.
Statutory review of APPI begins (every 3 years per Article 6).
Annex III high-risk AI systems must comply with conformity assessment, FRIA, post-market monitoring.
Federal Council reviews revised FADP after 2 years of operation.
Manufacturers' obligations to report actively exploited vulnerabilities and severe incidents to ENISA/CSIRTs become applicable (Article 14).
Providers of data processing services may no longer impose switching charges for moving between cloud/edge services (Article 29).
Final application milestone: obligations for high-risk AI systems that are safety components of products under Annex I sectoral legislation take effect (Article 113).
Full essential cybersecurity requirements and CE-marking conformity obligations for products with digital elements become applicable.
RegulatoryBridge runs the readiness, documentation, and authority liaison for every framework on this calendar — so your team focuses on the product, not the paperwork.