AI Fraud, GDPR Fine, & SEC Priorities – 11/26/2025

Secure Your Business Now

Today’s compliance intelligence digest highlights the surge in digital fraud driven by AI, the integration of LLMs in malware, and the lack of confidence in securing non-human identities. Regulatory updates include the SEC’s focus on AI disclosures and examination priorities, while policy changes cover Germany’s NIS2 law and Quebec’s health and safety regime overhaul. Stay informed to fortify your compliance posture against emerging threats.

Top 5 Critical Compliance Alerts

  • Digital Fraud at Industrial Scale: 2025 Wasn’t Great: Advanced fraud attacks surged 180% in 2025 due to cyber-scammers using generative AI to create flawless IDs and autonomous bots. Read more
  • How Malware Authors Are Incorporating LLMs to Evade Detection: Cyberattackers are integrating large language models (LLMs) into malware to evade detection and augment code on demand. Read more
  • Enterprises Aren’t Confident They Can Secure Non-Human Identities (NHIs): More than half of organizations are unsure about securing non-human identities (NHIs), highlighting a gap between NHI rollout and security measures. Read more
  • Cheap Hardware Module Bypasses AMD, Intel Memory Encryption: Researchers created an inexpensive device that circumvents chipmakers’ confidential computing protections, revealing weaknesses in scalable memory encryption. Read more
  • Staying compliant when your data crosses borders: Lessons from Croatia’s €4.5M GDPR fine: Croatia’s data protection authority (AZOP) fined a telecom operator €4.5M for transferring customer data to Serbia without valid safeguards. Read more

Compliance Frameworks

  • What training does The HIPAA Journal provide?: The HIPAA Journal offers comprehensive online HIPAA and cybersecurity training programs tailored for various roles and needs. Read more
  • Does the HIPAA Training from The HIPAA Journal satisfy the regulatory requirements for training?: HIPAA training from The HIPAA Journal is specifically designed to meet mandatory regulatory training requirements. Read more
  • Who develops and maintains The HIPAA Journal’s HIPAA training content?: The HIPAA Journal’s editorial team creates and maintains its HIPAA training content. Read more
  • Why is The HIPAA Journal training the best on the market?: The HIPAA Journal’s employee training is considered the best due to its comprehensive and up-to-date content. Read more

Regulatory Updates

  • State Enforcement Outlook 2026: Key Trends from NASAA’s 2025 Enforcement Report: An overview of how regulators are preparing for a more complex and technology-driven enforcement landscape in 2026. Read more
  • Call for More Corporate Disclosure on AI: An advisory committee to the SEC will consider requiring publicly traded companies to disclose more about their AI practices and risks. Read more
  • SEC Division of Examinations Releases Its 2026 Examination Priorities – A Return to Core Principles, with a Cooperative Tone: The SEC’s Division of Examinations released its fiscal year 2026 examination priorities, focusing on investment advisers, broker-dealers, and other financial market participants. Read more
  • SEC Division of Examinations Releases its 2026 Examination Priorities: The SEC Division of Examinations released its 2026 priorities, emphasizing compliance programs, governance, fiduciary duties, and accurate disclosures. Read more

Third-Party Risk & Due Diligence

  • Treasury Department Announces Audit of Preference-Based Contracts and Task Orders: The U.S. Treasury Department announced an audit of contracts and task orders awarded under preference-based contracting, totaling approximately $9 billion. Read more

Policy & Governance Updates

  • Germany’s NIS2 Law: One step away from taking effect: Germany’s Network and Information Systems 2 (NIS2) Implementation Act is nearing its final legislative stage. Read more
  • NIS2 Directive Explained: Part 2 – Management Bodies Rules: The NIS2 Directive marks a significant evolution in the EU’s cybersecurity approach, expanding the scope of regulated entities and compliance obligations. Read more
  • Québec Employers Face Significant New Obligations With Overhaul Of Provincial Health and Safety Regime: Québec implements permanent provisions of Bill 59, modernizing the occupational health and safety regime. Read more
  • Pennsylvania’s New CROWN Act Impacting Race and Religious Creed Discrimination Takes Effect in 2026: Pennsylvania adopts the CROWN Act, impacting race and religious creed discrimination by including hair texture and protective hairstyles. Read more
Contact Us for a FREE Security Consultation!
Picture of Chris Armour

Chris Armour

Director of Software Engineering at Grab The Axe, leads the development of secure, scalable software solutions that drive growth and innovation. With expertise in network security, coding, and AI, he aligns technology strategies with business goals while mentoring high-performing teams. He holds a Bachelor of Science degree in Network Security from the University of Advancing Technology and is dedicated to advancing digital security and software innovation.

YOU MIGHT ALSO LIKE

Financial Services Security

Enhancing Financial Services Security: A Comprehensive Case Study

HOA Security Solutions

Comprehensive HOA Security Solutions: A Case Study on Enhanced Safety Measures

E-commerce Security

Enhancing E-commerce Security: A Comprehensive Case Study