โ† Back to Blog
Regulation Roundup 10 min read March 12, 2026

France Reports Ransomware Drop as NIS2 Bites, Google Closes $32B Wiz Deal, LLM Guardrails Broken Wide Open

France's ANSSI confirms ransomware attacks on French organizations dropped significantly in 2025 โ€” a signal that regulation-driven security investment is paying off. Meanwhile, Google completes its landmark $32 billion Wiz acquisition, reshaping cloud security compliance forever. Palo Alto's Unit 42 discovers that LLM safety guardrails can be trivially bypassed, raising urgent questions for EU AI Act compliance. And UK cyber-attacks are surging at four times the global rate.


๐Ÿ“‰ France's ANSSI Reports Ransomware Attacks Dropped in 2025

Regulation Impact: NIS2 ยท DORA ยท French National Cybersecurity Strategy

France's national cybersecurity agency ANSSI has released its annual threat report confirming that ransomware attacks on French organizations declined in 2025. Small and medium businesses remained the most targeted segment, but overall attack volumes dropped โ€” a departure from the relentless upward trend of previous years.

The timing is significant. France was among the first EU member states to begin enforcing NIS2 requirements in late 2024, with mandatory incident reporting and risk management obligations taking effect for essential and important entities. ANSSI's report suggests that the combination of regulatory pressure, increased security spending, and improved resilience postures is starting to show measurable results.

What This Means for NIS2 Compliance

โšก DACH Takeaway

Germany's BSI and Austria's NIS authority should expect similar trends as their NIS2 transposition matures. Organizations in the DACH region still working toward compliance should treat France's results as validation that security investment under regulatory frameworks delivers measurable ROI.


โ˜๏ธ Google Completes $32 Billion Wiz Acquisition โ€” Cloud Security Landscape Shifts

Regulation Impact: DORA ยท NIS2 Cloud Provider Requirements ยท EU Data Sovereignty

Google has officially closed its $32 billion acquisition of Wiz, the largest cybersecurity deal in history. Wiz will operate within Google Cloud while maintaining its brand identity and multi-cloud support โ€” a critical detail for European customers navigating DORA and NIS2 cloud provider requirements.

The deal fundamentally reshapes the cloud security compliance landscape. Wiz's Cloud Native Application Protection Platform (CNAPP) capabilities โ€” spanning vulnerability management, misconfigurations, identity risks, and runtime threats โ€” are now backed by Google's infrastructure and data sovereignty investments in Europe.

Regulatory Implications

Framework Impact
DORA Financial entities using Google Cloud gain integrated ICT risk management tooling. Third-party risk assessments for cloud providers become more complex with consolidated security stacks.
NIS2 Essential entities must assess whether Wiz's integration into Google Cloud changes their supply chain risk profile. Multi-cloud monitoring capabilities become a competitive differentiator.
EU Data Sovereignty Google's commitment to maintaining Wiz's multi-cloud support means organizations aren't locked into a single provider โ€” critical for sovereign cloud strategies across the EU.

๐Ÿค– Palo Alto Unit 42 Discovers Major Security Gaps in LLM Guardrails

โš ๏ธ EU AI ACT COMPLIANCE ALERT

Palo Alto Networks' Unit 42 research team has developed successful attacks that bypass safety guardrails in popular generative AI tools. Organizations deploying AI systems under the EU AI Act's risk classifications must urgently reassess their guardrail implementations.

Researchers at Palo Alto's Unit 42 have published findings demonstrating that safety guardrails in major LLM platforms can be systematically bypassed. The attacks are not theoretical โ€” they work against production systems and can force AI tools to generate harmful, biased, or non-compliant outputs.

This research lands at a critical moment. The EU AI Act's risk-based framework requires that high-risk AI systems implement robust safety measures, including output filtering, bias detection, and human oversight mechanisms. If the very guardrails designed to ensure compliance can be trivially circumvented, the entire regulatory framework's effectiveness comes into question.

What Organizations Must Do Now


๐Ÿ‡ฌ๐Ÿ‡ง UK Cyber-Attacks Surge at Four Times the Global Rate

Regulation Impact: Post-Brexit Cyber Strategy ยท UK GDPR ยท Critical Infrastructure Protection

Check Point's latest data reveals that cyber-attack volumes against UK organizations are growing at four times the global average. The surge affects all sectors, with financial services, healthcare, and critical infrastructure facing the heaviest targeting.

The UK's post-Brexit regulatory divergence from the EU creates a particularly interesting comparison point. While EU member states benefit from the coordinated NIS2 framework, the UK is pursuing its own Cyber Security and Resilience Bill and updated Network and Information Systems (NIS) regulations independently.

Cross-Border Compliance Challenges

For organizations operating across both the EU and UK, this divergence creates dual compliance obligations:


๐Ÿ”’ OpenAI Acquires Promptfoo โ€” AI Security Testing Goes Mainstream

Regulation Impact: EU AI Act ยท AI Security Standards ยท Conformity Assessments

OpenAI has announced its acquisition of Promptfoo, an AI security testing startup that helps developers identify vulnerabilities in LLM applications. The deal signals that even AI's biggest players recognize the critical gap between AI capabilities and AI security โ€” exactly the gap the EU AI Act is designed to address.

Promptfoo's platform enables automated red-teaming, safety evaluations, and security testing for AI agents โ€” capabilities that map directly to EU AI Act requirements for conformity assessments and ongoing monitoring of high-risk AI systems.

Why This Matters for EU Compliance


๐Ÿ›๏ธ Senate Confirms New NSA & Cyber Command Leader โ€” US Cyber Strategy Implications

Regulation Impact: US-EU Cyber Cooperation ยท Transatlantic Data Flows ยท Critical Infrastructure Defense

The US Senate has confirmed Joshua Rudd to lead both the National Security Agency and US Cyber Command under the controversial "dual-hat" arrangement. The confirmation comes as transatlantic cybersecurity cooperation faces scrutiny under shifting US administration priorities.

For European organizations, US cyber leadership changes matter because of the deep interconnection between US and EU critical infrastructure defense, intelligence sharing under the EU-US Data Privacy Framework, and coordinated responses to nation-state threats. Any shift in US cyber doctrine ripples through NATO's cooperative cyber defense posture and bilateral agreements with EU member states.


๐Ÿ“Š EU Regulation Status Tracker โ€” March 2026

Regulation Status Key Deadline Action Required
NIS2 โšก Enforcing Oct 2024 (transposed) Full compliance mandatory. Incident reporting active.
DORA โšก Enforcing Jan 17, 2025 Financial entities must have ICT risk frameworks operational.
EU AI Act ๐Ÿ”ถ Phasing In Aug 2025 (prohibited AI) / Aug 2026 (high-risk) Classify AI systems. Begin conformity assessments for high-risk.
GDPR โœ… Mature Ongoing 72-hour breach notification. DPO requirements. Cross-border transfers.
CRA ๐ŸŸก Transitioning Dec 2027 (full) Digital product manufacturers must plan for security-by-design obligations.

Is Your Organization Regulation-Ready?

KENSAI's automated security scanning maps directly to NIS2, DORA, and EU AI Act compliance requirements. Know where you stand in minutes, not months.

Run a Free Compliance Scan โ†’

Published by the KENSAI Security Research Team ยท March 12, 2026

Sources: ANSSI, Infosecurity Magazine, SecurityWeek, Check Point Research, Palo Alto Unit 42

๐Ÿ›ก๏ธ Is your website secure?

Discover vulnerabilities before attackers do.

Scan your website for free โ†’

๐Ÿ“š Related Articles