On 20 January 2026, the European Commission published a proposal to amend the Directive (EU) 2022/2555 (NIS2) as part of a broader package to streamline the EU’s cybersecurity framework. The Commission also issued a proposal to revise the EU Cybersecurity Act (CSA2), which we cover in a separate blog post.

The proposed amendments build on earlier streamlining efforts in the Commission’s Digital Omnibus Package—published on 19 November 2025—which introduced the first wave of technical adjustments to NIS2. Those earlier amendments focused on creating a single framework for reporting cyber incidents and clarifying how NIS2 interacts with sectoral regimes such as the CER Directive and DORA.

With this proposal, the Commission now aims to clarify the scope of the law, harmonize technical measures, introduce certification‑based compliance pathways, and strengthen cross‑border supervision through an expanded role for ENISA.

Below, we summarize the main elements of the proposal and what they could mean for entities in scope of NIS2.Continue Reading European Commission Proposes Targeted Amendments to NIS2 to Simplify Compliance and Align With Proposed Cybersecurity Act 2

On 21 January 2026, the European Commission (“Commission”) unveiled its landmark proposal for the Digital Networks Act (“DNA Proposal”), an ambitious attempt to overhaul the framework for the regulation and development of electronic communications networks and services across the EU. The Commission’s stated aim with the DNA Proposal is to establish a “modern and simplified legal framework that incentivises the transition from legacy networks to fibre, high quality 5G and 6G networks, and cloud-based infrastructures, as well as increased scale through service provision and cross-border operation.” To do this, the DNA Proposal would replace and consolidate several existing EU laws, including the European Electronic Communications Code (“EECC”), the BEREC Regulation, and parts of the Open Internet Regulation and e-Privacy Directive.

A key theme of the proposal is harmonization of rules—arising first and foremost from the fact that this is a directly-applicable Regulation rather than a Directive like the current European Electronic Communications Code. Several of the substantive provisions in the DNA Proposal may take a significant amount of influence over the communications networks and services away from Member State governments and up to EU level. In turn, the Commission clearly hopes to promote larger-scale communications network and service providers that can operate across the EU, and that have the funds to invest in modern communications infrastructure. The DNA Proposal could, therefore, have a substantial and long-lasting impact on the connectivity and communications markets in the EU, although we anticipate significant debate about many of the provisions of the DNA Proposal throughout the legislative process.

Below, we summarize seven of the most eye-catching changes to the regulatory framework for communications providers in the DNA Proposal.Continue Reading Seven Major Changes in the European Commission’s Proposal for an EU Digital Networks Act

When the UK Modern Slavery Act (“MSA”) came into force in 2015, it was hailed as a landmark for supply chain transparency on a key human rights risk. Today, there is widespread recognition among stakeholders that the UK may have fallen behind in its approach to corporate human

Continue Reading UK Business and Human Rights Landscape: 2026 Outlook

On January 13, 2026, the U.S. Commerce Department, Bureau of Industry and Security (“BIS”) issued a final rule, titled Revision to License Review Policy for Advanced Computing Commodities (the “BIS Rule”), that implements a more favorable license application review policy for exports from the United States of certain advanced computing

Continue Reading U.S. Commerce Department Revises License Review Policy for Exports of Certain Advanced Computing Commodities to China and Macau

On December 19, 2025, New York Governor Kathy Hochul signed into law the “Trapped at Work Act” (the “Act”) (N.Y. Lab. Law §§ 1050–55) to prohibit certain types of so-called “stay-or-pay” agreements that require an employee to repay an employer for certain expenses or compensation if the employee terminates employment within a certain period of time after their start date.  These obligations often include repayment for expenses such as training, education, quit fees, damages clauses, sign-on-bonuses, and other types of cash payments tied to a mandatory stay period.  The Act, which took effect on December 19, 2025, is similar to a new California law that took effect on January 1, 2026.

The New York Act and the new California statute follow on the heels of the National Labor Relations Board’s (“NLRB”) February 2025 recission of a 2024 NLRB General Counsel memorandum, which proposed that the NLRB adopt a framework to presume that any stay-or-pay provision is unlawful even if entered into voluntarily.  The NLRB’s recission of this memo paved the way for New York and California (and potentially other states) to regulate stay-or-pay agreements at the state level.Continue Reading New York Bans Certain “Stay-or-Pay” Agreements

More than one billion dollars were spent in 2024 elections supporting or opposing state and local ballot measures. With high-profile and contentious issues expected to be on the ballot, such as congressional redistricting, AI regulation, minimum wage increases, and more, that number promises to be even larger in 2026. As

Continue Reading Covington’s Guide to Ballot Measures

            On January 6, 2026, the Federal Communications Commission’s Public Safety and Homeland Security Bureau (the “Bureau”) announced the application window for a new Lead Administrator for the U.S. Cyber Trust Mark Program (the “Program”).  The window will be open from January 7, 2026, through January 28, 2026.  The previous

Continue Reading FCC Opens Application Window for New Cyber Trust Mark Program Lead Administrator

On November 12, 2025, UNESCO’S General Conference adopted its Recommendation on the Ethics of Neurotechnology (“the Recommendation”)–the first attempt at establishing a global legal framework for the ethical development and use of neurotechnology. The Recommendation aims to set out a comprehensive rights-based framework for the entire life cycle of neurotechnology, from the design of neurotechnology products and services to their disposal.

While not legally-binding, the Recommendation states that its provisions should be considered by, among others, UNESCO Member States, research organizations, and private companies involved in neurotechnology, and that they establish how best to honor fundamental human rights in the development, deployment and disposal of this technology. It is therefore possible that in the future, they may be a starting point for binding legislation, or could be used as persuasive authority to support enforcement actions arising under existing legislation protecting fundamental human rights, e.g., the GDPR and other privacy laws around the world. In that regard, it is notable that the EU AI Act was inspired, at least in part, on UNESCO’s November 2021 Recommendation on the Ethics of Artificial Intelligence. There is, therefore, a real possibility that private sector companies developing neurotechnologies will be subject to rules specifically regulating such technologies in the future.Continue Reading UNESCO Adopts First Global Framework on Neurotechnology Ethics

On 5 December 2025, the Act Transposing the NIS 2 Directive and Regulating Key Aspects of Information Security Management in the Federal Administration (Gesetz zur Umsetzung der NIS-2-Richtlinie und zur Regelung wesentlicher Grundzüge des Informationssicherheitsmanagements in der Bundesverwaltung (“NIS2UmsG”) (see here, in German only) became binding in Germany. According to the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik (“BSI”) (see here, in German only), roughly 29,500 companies will have to comply with the increased cybersecurity requirements adopted by the NIS2UmsG.Continue Reading Germany Transposes NIS 2 Directive – Increased Cybersecurity Requirements for Businesses

Shortly before adjourning for 2025, the Senate passed two bills to broaden disclosure and registration requirements related to the regulation of foreign agents under the Foreign Agents Registration Act (“FARA”) and the Lobbying Disclosure Act (“LDA”): the Disclosing Foreign Influence in Lobbying Act (S. 856 / H.R. 1883)

Continue Reading Senate Advances Bills To Broaden Foreign Agent Disclosures in Lobbying Reports