NicFab Newsletter #16 is out.

This week: EDPB 2025 Annual Report and CEF 2026 on transparency, new eIDAS 2.0 rules for digital wallet onboarding, Adobe Reader zero-day exploited since December 2025, AI Act Art. 20 on corrective actions, and Legal Prompting on analyzing DPA decisions.

Read: https://www.nicfab.eu/en/newsletter-issues/2026-04-14-issue-16/
Subscribe: https://www.nicfab.eu/en/pages/newsletter/#subscribe-now

#Privacy #GDPR #AIAct #Cybersecurity #DataProtection #eIDAS #AI

We've joined a broad industry coalition calling for targeted improvements to the #AIomnibus. 🎯

⏱️ EU co-legislators should extend the grace period for #generativeAI labelling under #AIact Articles 50(2) and 50(4) to a more realistic 12 months.

➡️ https://ccianet.org/library/joint-industry-statement-digital-omnibus-on-ai/

Another talk announcement for BSides Luxembourg!

🧠🔍 𝗪𝗛𝗔𝗧 𝗗𝗢𝗘𝗦 𝗧𝗛𝗥𝗘𝗔𝗧 𝗠𝗢𝗗𝗘𝗟𝗜𝗡𝗚 𝗦𝗢𝗟𝗩𝗘 𝗙𝗢𝗥 𝗔𝗜 𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬? – Nathan Pembe 🛡️

AI doesn’t create entirely new risks—it amplifies the ones you already have. So how do you decide what actually matters?

This talk shows how threat modeling becomes a powerful decision-making tool—helping teams identify real attack paths, prioritize security efforts, and align technical controls with compliance requirements like ISO 27001, AI Act, and NIS2. It’s not about theory—it’s about making smarter security decisions from the start.

Nathan Pembe https://www.linkedin.com/in/nathanpembe/ is a Senior AppSec Consultant at NVISO, helping teams embed security into design and delivery through practical threat modeling and secure architecture practices.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/
👉 Browse sessions, track talks in real time, and plan your schedule on Hacker Tracker: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #AISecurity #ThreatModeling #AppSec #AIAct #NIS2 #CyberSecurity

Haken dran – das Social-Media-Update der c't: Hackt euch selbst! (mit Katrin Rönicke von @wochendaemmerung )

Hallo Katrin! 00:00:52 - Trauer um das alte Social Media 00:05:17 - #TikTok-Studie: Großteil der #MentalHealth-Videos falsch oder irreführend 00:14:47 - Drache Kokosnus vs. #ChatGPT 00:19:09 - Porträt Sam #Altman: Machtmensch, Soziopath oder Visionär? 00:24:27 - OpenAI vs. #Musk & #Meta 00:26:14 - Bixonymanie: Diagnose Slop 00:32:01 - Social-Media-Verbot in #Griechenland 00:42:47 - Wie Zollverhandlungen Regulierung aushebeln 00:47:01 - #AIAct wird verschoben 00:48:34 - LinkedIn BrowserGate 00:53:47 - Funktionen & Emotionen

Webseite der Episode:
https://hakendran.podigee.io/561-hackt-euch-selbst-mit-katrin-ronicke

Mediendatei:
https://audio.podigee-cdn.net/2444277-m-325c06957b894f752657bbf549025bd6.mp3?source=feed

@hakendran

@dieKadda

#Copyright & AI: "The last thing the EU needs right now is more complexity." ⚖️

Training #AI models on publicly available #content: "Europe just needs to enforce the rules it already has. Let the #CopyrightDirective and #AIact do their job."

👉 https://ccianet.org/news/2026/03/ai-copyright-european-parliament-report-sparks-uncertainty-for-innovators/

Video conferencing is not just a technical choice — it's a GDPR compliance decision. My new analysis examines Zoom, Teams, Google Meet, Jitsi, and Proton Meet through the lens of the CLOUD Act, end-to-end encryption, and Art. 48 GDPR. E2EE as a default — not an option — is both a technical and a legal safeguard.
Regulatory is not an academic luxury. It is a professional responsibility.
👉 https://www.nicfab.eu/en/posts/videocall-gdpr-compliance/

#Privacy #E2EE #DataProtection #AIAct #GDPR #AI #dataprotection
@protonprivacy

AI Act: Who is actually a deployer, and what must they do today?
Alarmist posts keep circulating — fabricated deadlines, non-existent penalties, overstated obligations.
My new analysis: what "deployer" means, real timelines, actual penalties, the Commission's position on AI agents, and 6 practical steps.
Regulatory precision is not an academic luxury. It is a professional responsibility.

👉 https://www.nicfab.eu/en/posts/deployer-ai-agents/

#AIAct #EUAIAct #AIGovernance #ArtificialIntelligence #Compliance #TechLaw #AI

EU AI Act: your website chatbot needs an AI disclosure by August 2026

https://jorijn.com/en/blog/eu-ai-act-website-chatbot-disclosure-august-2026/

#AIAct #AI #Chatbot